somestufflsimportant

Description

Can you find it? https://somestufflsimportant.challenges.bsidestlv.com/

Solution

We access the site and get the following response:

This was the only challenge with HTTPS, so we assumed it was related. However, we couldn't find any additional information or clues in the certificate, decrypted traffic or elsewhere.

The breakthrough came when trying to access the website via TLS1.1:

After isolating the behavior, it was revealed that each different cipher provides a different part of the flag.

The following script tries all the ciphers OpenSSL has to offer:

Running it in Kali with a recent OpenSSL version provided the following result:

It looks like many weak ciphers were removed from OpenSSL and in order to use them, there is need to recompile the program with a special flag.

Luckily, WSL defaults to an outdated OpenSSL version with all needed ciphers:

The challenge name is somestufflsimportant (with LS Important) as a hint for SomeStuffLs (SSL).