Daemon Of Hacking
  • WELCOME!
    • πŸ‘‹/home/usr/KruKnight
  • METHODOLOGIES & RESOURCES
    • Passwords & Attacks
    • Post Exploitation
      • πŸ‘€Situational Awareness
      • πŸ–₯️Privilege Escalation
        • Linux Privilege Escalation
        • Windows Privilege Escalation
  • Writeups
    • CyCtf 2024
      • Vending Machine
      • Aerospace
      • OhMyCell
    • Portswigger Labs
      • Authentication
        • Username enumeration via different responses
        • 2FA simple bypass
        • Password reset broken logic
        • Username enumeration via subtly different responses
        • Username enumeration via response timing
        • Broken Brute-Force Protection, IP Block
        • Username enumeration via account lock
        • 2FA broken logic
        • Brute-forcing a stay-logged-in cookie
        • Offline password cracking
        • Password reset poisoning via middleware
        • Password brute-force via password change
        • Broken brute-force protection, multiple credentials per request
      • Os Command Injection
        • OS command injection, simple case
        • Blind OS command injection with time delays
        • Blind OS command injection with output redirection
        • Blind OS command injection with out-of-band interaction
        • Blind OS command injection with out-of-band data exfiltration
      • Cross-Origin Resource Sharing (CORS)
        • CORS vulnerability with basic origin reflection
        • CORS vulnerability with trusted null origin
        • CORS vulnerability with trusted insecure protocols
      • Server-side template injection
        • Basic server-side template injection
        • Basic server-side template injection (code context)
      • Server-Side Request Forgery (SSRF)
        • Basic SSRF against the local server
        • Basic SSRF against another back-end
        • Blind SSRF with out-of-band detection
        • SSRF with blacklist-based input filter
        • SSRF with filter bypass via open redirection vulnerability
      • Path Traversal
  • 🟩HTB Writeups
    • Heal
Powered by GitBook
On this page
  • Challenge description
  • Analyzing what we know
  • Looking for the satellite through public records
  • Steps I followed:

Was this helpful?

  1. Writeups
  2. CyCtf 2024

Aerospace

PreviousVending MachineNextOhMyCell

Last updated 6 months ago

Was this helpful?

Challenge description

Analyzing what we know

The challenge provided a data.txt file containing TLE (Two-Line Element) data, commonly used to track satellites. Here’s the TLE provided:

1 43728U 18096K 23081.21782463 .01925735 32332–2 20784–2 0 9995
2 43728 97.3099 175.2941 0008625 277.9511 82.0794 16.10744455241223

Through research, I discovered that 43728 is the satellite ID.

Looking for the satellite through public records

I used the SatNOGS Network, a public database for satellite observations. Since the challenge required finding the last observation with a "Good" status, I filtered the results accordingly.

Steps I followed:

  1. Navigate to the Observations tab.

  2. Search for satellite ID 43728 in SatNOGS.

  3. Filter for observations with a "Good" status.

  4. Scroll to the last successful observation.

The last station with a β€œGood” status was 766 β€” Dunchurch.

Therefore, we found the flag

CyCTF{766-Dunchurch}

SatNOGS Network