IP Address: 192.168.228.133

This is a bit of a longer run. In order to get this flag you will have to:

We are hit with a 301 redirect to web.phpbrute.beck.

The front page shows us that this website has PDF files archived with two links. The first example we see is this:

Untitled

Any time you are doing recon, consistent file formatting like this gives an attacker quite a bit to work with. In this case, we can assume that there are probably other pdf files on the site with filenames of 2021-01-01.pdf - 2021-12-31.pdf. We just need to write a script that checks for every possible file named like this for the year 2021 and downloads anything found.

There are probably 1000 ways to skin this cat (Python for sure!), but I’ll use the bash shell. Step one is to generate a wordlist containing all possible filenames we want to check for.

The date command is going to be able to provide us with YYYY-MM-DD formatting. For example, if I type the command below I can see yesterday’s date with .pdf appended:

date --date "1 day ago" +%Y-%m-%d.pdf

Untitled

So I here I am in 2023 and I want to roll back the clock to approximately Jan 1, 2021. A little math tells me I need to drop back 753 days to print 2021-01-01.pdf.

date --date "753 day ago" +%Y-%m-%d.pdf
#Greetings future student. Is this lab still relevant?

Untitled

December 31, 2021 for me as I sit here today would be 389 days ago.

date --date "389 day ago" +%Y-%m-%d.pdf

Untitled