Hey all,
If you didn't already know, I was given the chance to write the CTF for CactusCon this year (thanks AltF4) and since no one was able to solve it at the conference I'm now making it publicly available for all to try their hands at. Whether you were at the conference or not you can down
download the pre-configured VM and take a crack at the challenge.
Setting Up the VM
The VM is in VirtualBox VDI format, you will need
VirtualBox installed to run it. Simply download and extract the folder and run the
SpookiLeaks-VM.vbox file to import it into VirtualBox.
At this point you may need to modify the VM networking settings before booting, to do this right click the SpookiLeaks-VM and select Settings, then the Networking tab and make sure the "Attached to" option is set to "Bridged Adapter" and your computers network adapter is selected in the "Name" field. Once configured press OK and double click the VM to run it. The VM should boot and give you an IP address. Now just connect to this IP address from your web browser and you're good to go.
NOTE: After running the VM and getting the IP address there is no need to interact with the VM directly via VirtualBox... SSH may be required ;-)
!!! WARNING: SPOILERS BELOW !!!
The full SpookiLeaks application
source code is now available on GitHub and I've also published a
full writeup detailing the
intended solution to the challenge.
Hope you all enjoy!