The weekend of 02-03 july 2016\u00a0is the WARGAME of the\u00a0Nuit du Hack 2016<\/a><\/strong>\u00a0as a Jeopardy CTF<\/strong>. Having had the opportunity and the time to participate with some colleagues and friends, here\u2019s a write-up resolution of the challenges which we could participate.<\/p>\n tl;dr : Login : jducul – Password rex2011 (the dog is 5 years old)<\/strong><\/p>\n For this challenge, a simple attempt to access “http:\/\/172.16.1.51” asked a login and password. According to the title of the challenge, we concluded that authentication is a “Basic Authentication”, generated via a simple “.htaccess” and “.htpasswd” for example.<\/p>\n The category of the challenge, type “guessing” also informs that its resolution will go through various tests and judicious assumptions.<\/p>\n Let’s analyze the statement:<\/p>\n Just do some tests with logins \/ password potential …<\/p>\n Series of logins:<\/p>\n <\/p>\n Series of passwords:<\/p>\n And the right combinaison :<\/p>\n From there, a “flag.txt” file is available, containing the flag.<\/p>\n guessing basic authN<\/p><\/div>\n Flag :\u00a0ndh2k16_68a3fhosqahxdxc<\/strong><\/p>\n Thank you to all the team of the NDH2K16 for this event and for the whole organization!<\/p>\n Greeting to\u00a0nj8<\/a>, St0rn<\/a>, Emiya<\/a>, Mido, downgrade,\u00a0Ryuk@n and\u00a0rikelm, ?\u00a0\/\/ Gr3etZ<\/p>","protected":false},"excerpt":{"rendered":" Write-up of the challenge \u201cGuessing\u00a0\u2013 So Basic\u201d of Nuit du\u00a0Hack 2016\u00a0Wargame The weekend of 02-03 july 2016\u00a0is the WARGAME of […]<\/p>\n","protected":false},"author":1337,"featured_media":2112,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[524,1,523,526,527,525],"tags":[498,499,459],"class_list":["post-2136","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ctf","category-misc","category-events","category-ndh","category-ndh2k16","category-wargame","tag-basic-authn","tag-guessing","tag-write-up"],"_links":{"self":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/2136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/users\/1337"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/comments?post=2136"}],"version-history":[{"count":5,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/2136\/revisions"}],"predecessor-version":[{"id":2142,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/2136\/revisions\/2142"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/media\/2112"}],"wp:attachment":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/media?parent=2136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/categories?post=2136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/tags?post=2136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
julien\r\nJulien\r\nducul\r\nDucul\r\njulien.ducul\r\nJulien.Ducul\r\njducul<\/pre>\n
Rex\r\nrex\r\n2011Rex\r\n2011rex\r\nRex2011\r\nrex2011<\/pre>\n
\n
![\"guessing](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/guessing_bais_cauthn-300x163.png\")
<\/a>