web

X509 was a mistake

Punkty: 272
Rozwiązań: 16

We've got a foothold on one of the gov office's servers. The source code for the webapp was fully stolen, and we also have a bunch of credentials for various accounts.

It seemed simple from that point on, but it's definitely not. They seem to be using some extremely weird "certificate login process". Can you figure out how to hack it through to the admin's account?

citizens.tgs 1.9 MB

signertool.tgz 20 MB

sources.tgz 16 KB

https://x509.ecsc26.hack.cert.pl/

Password for .p12 (PKCS#12) files: password

Format flagi: ecsc26{litery_cyfry_i_znaki_specjalne}.
W razie wątpliwości lub pytań dotyczących konkursu zapraszamy na naszego Discorda: https://discord.gg/gAtRKa2rcn.

Aby wysłać flagę, musisz się zalogować.