CTF write-up by limbernie

One of my favorite boxes. I really enjoyed writing scripts to tease out the valid LDAP attributes and the token string.


it was explained in the simplest way possible…nice writeup.

Thank you for reading. I strive to write as clear and simple as possible.

Another reason i always like your write up is because of those tiny bash scripts.They are too helpful to learn bash scripting in a practical way…

I used python script to get token string
and in my script I added sleep (1) in requests
because without delay my IP was blocked by CTF antiflood system.

Why does your deduction.sh send requests without any delay in between and is not blocked by CTF antiflood system?

I think as long as it’s a 200, fail2ban wouldn’t do anything.