lesion.io Blog
  • Roadmap
  • Docs
    • Templates
      • Data Inventory
      • Access Control
      • Cybersecurity Roles & Responsibilities
      • Asset Inventory
      • Acceptable Use Policy
      • Change Management
      • Vendor Risk Assessment Form
      • Password Protection Policy
  • About Us
    • Manifesto
    • Metrics
  • CTF Team
    • CISA ICS CTF 2024
      • Virbank
        • Mission: Inconceivable - 1
        • Mission: Inconceivable - 2
        • Extend Your Stay - 1
        • Extend Your Stay - 2
        • Extend Your Stay - 3
        • Extend Your Stay - 4
        • Follow The Charts - 1
        • Follow The Charts - 2
        • Read Askew Manuscripts - 1
        • Read Askew Manuscripts - 2
        • Read Askew Manuscripts - 3
        • Read Askew Manuscripts - 4
        • Read Askew Manuscripts - 5
      • Anville
        • Genisys of the Problems - 1
        • Genisys of the Problems - 2
        • Genisys of the Problems - 3
        • Modeling Trains - 1
        • Modeling Trains - 2
        • Modeling Trains - 3
      • Castelia
        • Page
      • Driftviel
        • Page 1
Powered by GitBook
On this page

Was this helpful?

  1. CTF Team
  2. CISA ICS CTF 2024
  3. Virbank

Extend Your Stay - 3

PreviousExtend Your Stay - 2NextExtend Your Stay - 4

Last updated 9 months ago

Was this helpful?

  1. We are tasked now with another .cfx file that we need to analyze. It wants us to find the type of Card that the hackers are exfiltrating with the code.

  2. We do the same thing as before and unzip the .cfx file. After some code analysis we find something weird going on with these 3 const's.

  1. The const "birdIdentifier1" is doing some regex that that matches a 16 digits and numbers between 51-55. 16 digits is usually a credit card and 51-55 is usually the numbers for master card. (Our flag being Master Card)

  2. The second and third const's further validate this by giving us the regex for a MM/YY and the 3 numbers on the back of a card.