Customer Complain Analysis

Getting the hints

In order to get the hints we talk to Tinsel Upatree who ask to help him wih Strace Ltrace Retrace terminal.

When executed the make_the_candy binary asked about a configuration file that doesn’t exist. The goal is to debug the binary in order to get and idea about this conf file and create it.

Let’s start by a ltrace:

kotton_kandy_co@2cb88d57cec7:~$ ltrace ./make_the_candy
fopen("registration.json", "r")                           = 0
puts("Unable to open configuration fil"...Unable to open configuration file.
)               = 35
+++ exited (status 1) +++

It says that it cannot find registration.json. So let’s create a file we name it registration.json, fill it with some chars and make another ltrace:

kotton_kandy_co@636947d8d142:~$ echo "aaaaaaaaaaaaaaaa" > registration.json
kotton_kandy_co@636947d8d142:~$ ltrace ./make_the_candy
fopen("registration.json", "r")                           = 0x562e83f62260
getline(0x7ffddcf06980, 0x7ffddcf06988, 0x562e83f62260, 0x7ffddcf06988) = 29
strstr("aaaaaaaaaaaaaaaa\n", "Registration")  = nil
getline(0x7ffddcf06980, 0x7ffddcf06988, 0x562e83f62260, 0x7ffddcf06988) = -1
puts("Unregistered - Exiting."Unregistered - Exiting.
)                           = 24
+++ exited (status 1) +++

This time it fails when trying to find “Registration” in the content of the file we provided. So lets puts test with another file that contains only “Registration”.

kotton_kandy_co@636947d8d142:~$ echo "Registration" > registration.json
kotton_kandy_co@636947d8d142:~$ ltrace ./make_the_candy
fopen("registration.json", "r")                           = 0x5579312a1260
getline(0x7ffff9ef6310, 0x7ffff9ef6318, 0x5579312a1260, 0x7ffff9ef6318) = 13
strstr("Registration\n", "Registration")                  = "Registration\n"
strchr("Registration\n", ':')                             = nil
getline(0x7ffff9ef6310, 0x7ffff9ef6318, 0x5579312a1260, 0x7ffff9ef6318) = -1
puts("Unregistered - Exiting."Unregistered - Exiting.
)                           = 24
+++ exited (status 1) +++

So now it is looking for the character ‘:’ within the file. Let’s add it after Registration.

kotton_kandy_co@636947d8d142:~$ echo "Registration:" > registration.json
kotton_kandy_co@636947d8d142:~$ ltrace ./make_the_candy
fopen("registration.json", "r")                           = 0x55a824bf6260
getline(0x7ffdb1281550, 0x7ffdb1281558, 0x55a824bf6260, 0x7ffdb1281558) = 14
strstr("Registration:\n", "Registration")                 = "Registration:\n"
strchr("Registration:\n", ':')                            = ":\n"
strstr(":\n", "True")                                     = nil
getline(0x7ffdb1281550, 0x7ffdb1281558, 0x55a824bf6260, 0x7ffdb1281558) = -1
puts("Unregistered - Exiting."Unregistered - Exiting.
)                           = 24
+++ exited (status 1) +++

It now looks for the string “True” after “:” let’a add it.

It worked and we got the hints!

The Challenge

Thanks to the hints, we now that we can filter by ip.flags.rb in Wirehsark

When I used this filter with 0x0 as a value I got the following result:

It is about a complain sent from the room 1024 and with an unusual troll_id. I then filtered 1024 (room number) and the opposite ip.flags.rb and I got the following results that are the three complains sent by the trolls

The answer is “Flud Hagg Yaqh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: