๐ Whispers of the Moonbeam ๐บ
๐ Tales from Eldoria
๐ก๏ธ Synopsis
In the heart of Valeria’s capital, the Moonbeam Tavern ๐ฐ holds secrets beyond its lively exterior. Rumors whisper that this unassuming tavern is a covert meeting place for spies, thieves, and those loyal to the villainous Malakar. ๐ต๏ธโโ๏ธ Our brave fellowship must infiltrate the Moonbeam’s hidden backrooms to uncover the location of the elusive Shadow Veil Cartographer, an informant who possesses a long-lost map vital to breaching Malakar’s nefarious Obsidian Citadel. ๐บ๏ธ The fate of the realm hangs in the balance as we race against Malakar’s forces to secure this crucial intelligence. Let the tavern infiltration begin! ๐ป
๐ Description
This Terminal-based challenge transports us into the shady underbelly of the Moonbeam Tavern, where a covert transaction is set to occur. ๐ถ๏ธ By exploiting a command injection vulnerability, we must uncover the secret location of the Shadow Veil Cartographer and secure the map before Malakar’s minions beat us to it. โฐ The tavern’s terminal offers tantalizing tips, hinting that command history, tab completion, and command injection via “;” could be the keys to success. ๐ As we navigate this seedy establishment, we must keep our wits sharp and our typing fingers nimble. The future of Valeria depends on it! โ๏ธ
๐ก๏ธ Skills Required
- ๐ป Basic Linux command line skills
- ๐ Understanding of command injection vulnerabilities
- ๐ Keen eye for spotting clues and subtle hints
๐ Skills Learned
- ๐ Exploiting command injection in a themed terminal environment
- ๐ Enumerating files and directories through injection
- ๐ Extracting sensitive information via command chaining
- ๐ญ Roleplaying as a fantasy tavern infiltrator
โ๏ธ Solving The Challenge
๐ Enumeration
Upon entering the Moonbeam Tavern via the provided “Enter Tavern” button, we are greeted by what appears to be a fantasy-themed Linux terminal. ๐ฅ๏ธ
The terminal helpfully informs us:
“Tip: Use โโ for history, Tab for completion, ; for command injection” ๐ก
A little poking around with the “help” command reveals some suspiciously familiar commands under the guise of tavern actions: ๐บ
- gossip – ๐ Listen to tavern whispers & rumors
- observe – ๐ Survey the patrons & surroundings
- examine – ๐ช Reflect upon your identity
- help – ๐ Review the available commands
- clear – ๐งน Wipe the slate clean
- start – ๐ฒ Begin a game of chance or skill
With a knowing glint in our eye, we recognize gossip and examine as thinly-veiled aliases for the classic ls directory listing and whoami commands. The game is afoot! ๐ต๏ธโโ๏ธ
๐ฏ Attack
Recalling the terminal’s helpful tip about command injection via semicolon “;”, we attempt to chain the examine command with id to confirm our suspicions:
examine;id
Lo and behold, the terminal first displays the examine output of “root”, followed by the revealing id command output. We have command injection! ๐ฅ Grinning smugly, we realize gossip already hinted that a flag.txt file resides in the current directory. Time to plunder our hard-earned reward. ๐ฐ
๐ฅ Exploitation
With a triumphant flourish, we input our final command to cat out that tantalizing flag:
examine;cat flag.txt
Success! The flag spills across the screen, and we snatch it up with a victorious whoop. ๐ The secrets of the Moonbeam Tavern have been laid bare by our elite hacking skills. ๐ As we depart the tavern, flag in hand and ready to continue our valiant quest, we pause for a moment to salute the trusty semicolon. Punctuation has never tasted so sweet! ๐
๐ฒ Bonus Round: Hacking luck itself
But wait, there’s more! ๐ฎ The Moonbeam Tavern offers a tempting dice or drinking game, accessible via the start command. Let’s see what luck (or hacking skills) may bring! ๐
Specifying start dice presents us with a tantalizing opportunity:
๐ฒ The dice await your wager. Place your bet with “bet <amount>” to begin!
Feeling lucky, we bet 50 gold and roll the dice. But alas, after three rolls, our gold is gone! ๐ธ However, no foe matches our hacker prowess. ๐
Capturing the requests using BurpSuite as our proxy, we intercept a request sent to /api/wallet:
POST /api/wallet HTTP/1.1
Host: 94.237.50.198:31805
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0
Accept: */*
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: http://94.237.50.198:31805/
Content-Type: application/json
Content-Length: 31
Origin: http://94.237.50.198:31805
Connection: keep-alive
Cookie: sessionId=6zco7r7abb8
Priority: u=4
{"action":"deduct","amount":10}
Aha! If there’s a deduct action, could there be an increase as well? ๐ค Sending the request to Repeater, we modify the parameters:
deductโincreaseamount: 10 โ 100
Lo and behold, our wallet now boasts 169 coins! ๐ฐ Who needs luck when we can alter reality with a few keystrokes? ๐ช
So while this bonus round doesn’t directly contribute to capturing the flag, it showcases the thrill of discovering and exploiting unexpected vulnerabilities. In the world of hacking, every opportunity to sharpen our skills is a valuable one! ๐ป๐ฏ
๐ Triumph at the Moonbeam Tavern
Congratulations, brave adventurer! ๐ Your keen observation and command injection prowess have uncovered the secrets lurking within the Moonbeam Tavern’s walls. ๐ต๏ธโโ๏ธ The Shadow Veil Cartographer’s location is ours, and with it, the key to breaching Malakar’s defenses. ๐๏ธ
As you step out into the bustling streets of Valeria, map in hand, the weight of your achievement settles upon your shoulders. ๐ช The fellowship’s quest to save the realm from Malakar’s tyranny has gained a crucial advantage, thanks to your clever infiltration. ๐
But the journey is far from over, valiant hero. ๐ More challenges and mysteries await you in the lands of Eldoria. So steel your resolve, sharpen your skills, and prepare for the epic battles that lie ahead. โ๏ธ
๐บ๏ธ Ready for More Adventures?
Want to explore more Cyber Apocalypse 2025 writeups? Check out my other solutions here!