Cyberstart Intern Base — Part 4 Level 3 The Final Countdown
The Final Countdown
Below is a screenshot of the briefing for the Final Countdown challenge.
CHALLENGE FEATURES
Timer: 10 Seconds count down. Beneath the counter, there are 5 URLs that provide a unique string when you visit their corresponding site. The string in each URL resets every 10 seconds.
Validation: The URL under the validation section is what you need to get the flag. The link provided under the validation leads to a blank web page with a running counter. To get the flag, you need to replace the <clock pts> section of the URL with the correct string.
https://roambarcelona.com/get-flag?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D&string=<clock pts>
It is helpful, when starting out with this challenge, to visit the first URL. When you do, you’ll get to a blank page that contains a single string. Wait for 10 seconds and refresh the page, you’ll notice the string changes to a new value. Repeat this for each of the remaining URL links.
To solve this challenge, you will need to concatenate the strings generated in each of the 5 URLs, then replace the <clock pts> section of the validation URL with the concatenated value. There are a few ways to do this, but remember you only have 10 seconds on the clock.
The easiest way is to use curl.
STEPS
1. Open up terminal. On a MacOS, you can do this by clicking, cmd + space and then typing “terminal” in the spotlight search.
2. With terminal open type, curl + ‘url’ into your operating system’s shell. Curl will output the string value on the page in the shell. You can do this for all the urls one at a time, but you’re racing against the clock.
curl ‘https://roambarcelona.com/clock-pt1?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D’
3. Instead, copy all the urls from the challenge window, then return to terminal. Type, curl and paste the urls there. Doing this will allow you to run curl on all the urls at once and the output from this will be all the strings concatenated into one longer string.
curl https://roambarcelona.com/clock-pt1?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D https://roambarcelona.com/clock-pt2?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D https://roambarcelona.com/clock-pt3?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D https://roambarcelona.com/clock-pt4?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D https://roambarcelona.com/clock-pt5?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D
4. Recall, the string values change every 10 seconds, so every 10 seconds, curl will output a different value when you run it.
5. Copy the output from the above command and paste it in the <clock pts> section of the validation url.
6. If you do this within the 10 seconds window, you’ll get the flag. If you don’t, you’ll get the message similar to the one below.
7. You can also use echo to save the urls into a text file, like this:
echo “https://roambarcelona.com/clock-pt1?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D https://roambarcelona.com/clock-pt2?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D https://roambarcelona.com/clock-pt3?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D https://roambarcelona.com/clock-pt4?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D https://roambarcelona.com/clock-pt5?verify=Na2Q%2BeqhSP5hTRLDwpTNoA%3D%3D" > urls.txt
8. Then run curl on the file, like this:
curl $(cat urls.txt)
9. Copy the output from the above command and paste it in the <clock pts> section of the validation url.
10. If you do this within the 10 seconds window, you’ll get the flag. If you don’t, repeat steps 8 to 9.
Happy hacking.
