DEADSEC2024 - Windows Server
From this picture, please provide me with the following information:
https://drive.proton.me/urls/KSJY67NMH8#aknwBbWzNv32
- IP
- ISP
- ASN (autonomous system number) Flag format: all in lowercase DEAD{192.168.1.1_internet service provider_asn}
Author: onsra03
exiftool
[auteqia@arch deadsec]$ exiftool chall.png
ExifTool Version Number : 12.89
File Name : chall.png
Directory : .
File Size : 202 kB
File Modification Date/Time : 2024:07:27 11:43:24+02:00
File Access Date/Time : 2024:07:27 11:43:57+02:00
File Inode Change Date/Time : 2024:07:27 11:43:24+02:00
File Permissions : -rw-r--r--
File Type : PNG
File Type Extension : png
MIME Type : image/png
Image Width : 1588
Image Height : 1210
Bit Depth : 8
Color Type : RGB with Alpha
Compression : Deflate/Inflate
Filter : Adaptive
Interlace : Noninterlaced
SRGB Rendering : Perceptual
Gamma : 2.2
Pixels Per Unit X : 5669
Pixels Per Unit Y : 5669
Pixel Units : meters
Image Size : 1588x1210
Megapixels : 1.9But nothing !
dorking
On the image, we can see a name, maybe it will find something
leandro couto nunesI tried with something like this :
"leandro couto nunes" "ip" windows server 2008"leandro couto nunes" rdp windows server 2008 Enterprisebut nothing !
Shodan
Let’s recap, we have a Windows Server 2008 R2 Enterprise version with RDP, Spanish/Portugese names, but the keyboard layout is EN, so : QWERT*
Let’s check on Shodan in order to get something.
Spain, Mexico, Brasil, Portugal are good candidates to these prerequisites.
Here’s the filter :
os:"Windows Server 2008 R2 Enterprise" country:PT,ES,BR,MX port:3389But we have 1300+ results, would have been rude to explore it manually. Let’s check if Shodan do a OCR-like on the images that he renders.
os:"Windows Server 2008 R2 Enterprise" country:PT,ES,BR,MX port:3389 Leandro Couto Nunes
Yes ! Found it. Thanks to my team mate @0xkbd who helped me for this one.
The flag is :
DEAD{187.17.201.3_abcrede provedor de internet ltda_as28265}