Skip to content

Grepping for Gold⚓︎

Elf: Greasy GopherGuts
Direct link: gnmap terminal
Objective: Thaw Frost Tower's Entrance

Request⚓︎

Greasy GopherGuts

Grnph. Blach! Phlegm.
I'm Greasy Gopherguts. I need help with parsing some Nmap output.
If you help me find some results, I'll give you some hints about Wi-Fi.
Click on the terminal next to me and read the instructions.
Maybe search for a cheat sheet if the hints in the terminal don't do it for ya'.
You'll type quizme in the terminal and grep through the Nmap bigscan.gnmap file to find answers.

Hints⚓︎

Grep Cheat Sheet

Check this out if you need a grep refresher.

Solution⚓︎

Welcome message
Howdy howdy!  Mind helping me with this homew- er, challenge?
Someone ran nmap -oG on a big network and produced this bigscan.gnmap file.
The quizme program has the questions and hints and, incidentally,
has NOTHING to do with an Elf University assignment. Thanks!

Answer all the questions in the quizme executable:
- What port does 34.76.1.22 have open?
- What port does 34.77.207.226 have open?
- How many hosts appear "Up" in the scan?
- How many hosts have a web port open?  (Let's just use TCP ports 80, 443, and 8080)
- How many hosts with status Up have no (detected) open TCP ports?
- What's the greatest number of TCP ports any one host has open?

Check out bigscan.gnmap and type quizme to answer each question.

Many of the terminals at KringleCon are designed to help you get acquainted with a specific technology or tool. Last year it was a Linux primer, this time around we get to learn all about grep. The Answers section below provides a copy/pastable overview of all commands. All entries also link to explainshell.com which provides a more in-depth explanation.

Oh, and if you don't have time for all of that, scroll down a little... 😄

Answers

Q: What port does 34.76.1.22 have open?
C: grep '34.76.1.22' bigscan.gnmap
A: 62078

Q: What port does 34.77.207.226 have open?
C: grep '34.77.207.226' bigscan.gnmap
A: 8080

Q: How many hosts appear "Up" in the scan?
C: grep -i 'Status: Up' bigscan.gnmap | wc -l
A: 26054

Q: How many hosts have a web port open? (Let's just use TCP ports 80, 443, and 8080)
C: grep '80/open/tcp\|443/open/tcp\|8080/open/tcp' bigscan.gnmap | wc -l
A: 14372

Q: How many hosts with status Up have no (detected) open TCP ports?
C: echo $(expr $(grep -i 'Status: Up' bigscan.gnmap | wc -l) - $(grep -i '/open/' bigscan.gnmap | wc -l))
A: 402

Q: What's the greatest number of TCP ports any one host has open?
C: grep -E '(.*/open/.*///,?\s){12}' bigscan.gnmap and grep -E '(.*/open/.*///,?\s){13}' bigscan.gnmap
A: 12

Answers

Extracting the answers from the quizme binary

If putting in the time and effort to learn about grep isn't your thing, then you're in luck! Someone was nice enough to leave a copy of pyi-archive_viewer in /usr/local/bin which you can use to inspect and extract data from executables created with PyInstaller, like /usr/bin/quizme. Start by using pyi-archive_viewer /usr/bin/quizme to view all available components in the quizme binary.

Analyze quizme

Next, extract the quizme component and save it to quizme.bin using x quizme.

Extract quizme

Finally, use strings quizme.bin | grep question | jq to extract the answers from the quizme.bin file. 😂

Extract JSON

Response⚓︎

Greasy GopherGuts

Grack. Ungh. ... Oh!
You really did it?
Well, OK then. Here's what I know about the wifi here.
Scanning for Wi-Fi networks with iwlist will be location-dependent. You may need to move around the North Pole and keep scanning to identify a Wi-Fi network.
Wireless in Linux is supported by many tools, but iwlist and iwconfig are commonly used at the command line.
The curl utility can make HTTP requests at the command line!
By default, curl makes an HTTP GET request. You can add --request POST as a command line argument to make an HTTP POST request.
When sending HTTP POST, add --data-binary followed by the data you want to send as the POST body.