# Phriedman Systems (250)

<blockquote>  
We want access to the CEO's secure data. Log in to their website using the
CEO's account. https://phriedmansystems.onrender.com/  
  
  
  
Hints:

  
• This is primarily a Recon challenge.  
  
• There is NO password cracking, brute force, or password guessing required.  
  
• There is NO steganography of any sort required.  
  
• The onrender.com website is just used for hosting. Attacking Render is not a
part of the challenge; do not attack Render or attempt to break into the
backend.  
  
• You don't need to use anything on the Internet at all apart from
phriedmansystems.onrender.com.  

Author: nb  
</blockquote>

# Solution

As you can see from the text of the task we shouldn't try to guess or hack
something. We also can see that all valuable information exists only on this
site. So, lets begin...

  
First, pay attention to the category of this challenge. It's FWN (Forensic,
Web and Network). Based on it, we will use the following methods.  
  
1\. When i see task from Web category i always like to check out `/robots.txt`
directory.

Excellent! We found login page.

    
    
    User-agent: *  
    Allow: /  
    Disallow: /login.html

Let's check this page.

  
![](https://user-
images.githubusercontent.com/79190893/117558742-350ba900-b0c3-11eb-8ec1-53d626f55f31.PNG)  

As we can see, first we need to find out the SEO's login.

2\. Let's explore all pages.

The next hint we can find on the tabs `"Employees"` and `"Careers"`. On both
tabs, we can find the e-mail of employees.

On the `"Employees"`: `Rob Fiddson - Mechanical Engineer:
rfiddson@phriedmansystems`  
  
On the `"Careers"`: `Stephanie Leaver - Director of HR: [email protected]`  

Based on this, we can see that the login is the first letter of the name +
last name! Thus, the SEO login: `csmith`  
Let's check it out. Correct!

  
![](https://user-
images.githubusercontent.com/79190893/117559070-8c127d80-b0c5-11eb-8794-740664efd230.png)  

3\. It remains to find out the password.

Unfortunately, having carefully researched the entire site, I could not find
information that would be useful... The only thing left is the phone number.
Let's try to call!  
  
IT'S WORKING! We got an answer!  
  
The answering machine offers us a choice of menu options.  
  
Having used all the menu options, we can notice that the first option allows
us to get more detailed information about the company. It may be useful!  
  
Under the fourth option we find technical support! Bingo! We can recover the
password by login! Next, using the keyboard, we need to specify the login.  
  
  
In the picture below, you can see an example of a keyboard:  
  

  
![](https://user-
images.githubusercontent.com/79190893/117559349-e1e82500-b0c7-11eb-8b69-8f4ec017ac3e.jpg)  

Using the numbers, enter the login. And at the end we add "#" for input: `222
222 7777 6 444 8 44 #`  
  
In response, we receive a warning that we can restore this account only by
correctly answering the question.  
  
As an answer, we need to enter the favorite city of the CEO. We got this
information in the first menu option. It's `Albany`.  
  
Using the keyboard, enter the name of the city. If we see "two letters on one
number", then we need to add "0". And at the end we add "#" for input: `2 555
22 0 2 66 999 #`  
  
Password reset! New password: `monkey_alpaca_excellent_button_7435`

Log in to the site and get the flag:
`DawgCTF{y0ur_c4ll_1s_v3ry_1mp0rt4nt_t0_u5}`  

Original writeup
(https://github.com/L0stFaith/CTFs/blob/master/DawgCTF/FWN%20(Forensic%2C%20Web%2C%20Network)/Phriedman%20Systems.md).