Interactive Coloring

drag iconDrag any color from the left toolbar to an area or text in the page. A blue outline will indicate a droppable element.

drag iconOn mobile, wait a tiny bit until you drag the color drop.

Wargames.MY December 2018 – Teka Teki Pakcik Bawang

We were given a .onion URL and there is a “Flag” page on the website which contain the hint for this challenge.

So basically, we need to identify the real ip of the website to get the flag. There is a hint released which shed some light:

Information Gathering: where do we run our CTF infra.

From the hint above, we then identified all subdomain IP address:

The next step is to identify the available host within the subnet which listening to port 80. After going through all the hassle we lastly found one.

nmap -PN -p 80 --open -oG - | awk '$NF~/http/{print $2}' >> DCSG.txt

and we get the list of hosts…[output snipped]

Write simple script to grep the info like title.


cat DCSG.txt | while read output
curl http://$output --max-time 3 | egrep 'No DB CMS' >> DCSGresult.txt
echo $output >> DCSGresult.txt

and return our expected result.

Access the website using IP address and here is our flag.

Flag : wgmy{bawang_membawang_tok_pawang}

Lesson learned: use http-title instead. 🙂

This website use cookies to ensure that you have the best experience on this website.