Posts: 48 Location: Joined: 11.01.17 Rank: Mad User
Posted on 07-07-17 22:33
The website gobzi linked to had an XSS vulnerability and redirected you to a malicious site. I copy pasted the blog's content and pasted it onto my website.
Check it out here:
TLDR: Basically, there's a really good guide written by some security researchers at Carnegie-Mellon. But to prevent bots from just randomly crawling into their servers, they created a card game which you must reverse engineer and hack to access the guide. To connect, type "nc shell2017.picoctf.com 5194" then you will be directed to the challenge. Once you solved it, type "cd ../../documents/research/results" to get to the folder where the guide is located. Finally, then type "cat ios_cve_427_2008_vuln.pdf" to read it. It's a little complicated to explain the instructions in the document but basically you have to set up a Pineapple to log their IPs then download a few other tools to jailbreak the phone and finally crack their account password. Note that since the guide in from 2008, it may not work on newer Facebook or Twitter anymore. But you can try.