KringleCon 4: Four Calling Birds WriteUp - Greppin' for Gold
Posted: Jan 13, 2022 | ~ 3 mins read time#ctf #kringlecon-2021
Side Quest: Greppin’ for Gold
With this puzzle, we have to grep the output of nmap -oG
. The typcial format of these types of files is can be found on the official Nmap website:
Question #1: What port does 34.76.1.22 have open?
Here it’s just a basic grep command for the string 34.76.1.22
. I used the -F
flag which searches for a fixed string and can make the search run slightly faster. The second line of the results clearly shows us port 62708 was open during the scan.
Question #2: What port does 34.77.207.226 have open?
This uses the same grep command as the first and gives us the answer 8080.
Question #3: How many hosts appear “Up” in the scan?
Now we’re going to pipe the grep results through wc -l
to get a line count - 26054.
Question #4: How many hosts have a web port open? (Let’s just use ) TCP ports 80, 443, and 8080)
In this question, we’re going to use egrep
(we could have also used grep -e
) to perform a regex search for all three ports. Then, the results will be piped to wc -l
to get the final line count - 14372.
Question #5: How many hosts with status Up have no (detected) open TCP ports?
This solution is a lot more involved so we’ll break it down step by step.
-
Use
cut -d " " -f2
to pull out the second column of a space-delimited table (i.e. save only the IP address from each line) -
Use
grep -v "Nmap"
to collect all lines except those containing the stringNmap
-
Use
sort | uniq -c
to sort IPs in numerical order and then get a unique count of each. -
Use
grep -F "1 "
to collect only the IPs that appear only once. -
Use
wc -l
to get a line count.
We get 402 as the answer.
Question #6: What’s the greatest number of TCP ports any one host has open?
Again, we’ll break this down step by step since this has several commands.
-
Use
grep -F "Ports"
to collect the lines that contain the keywordPorts
-
Use
awk -F "open" '{print NF-1}'
to count each instance of the wordopen
in a given line -
Use
sort | uniq
to find unique aggregates
We’re looking for the greatest number which is 12.
Hindsight being 20/20, I could have piped the output through sort -n -r | head -1
which would have sorted the numbers in descending order and then returned the top result.
To see my other writeups for this CTF, check out the tag #kringlecon-2021.