Mystery C2 Server

Instructions

Pasted image 20220908154823

Hints

Pasted image 20220908154830

Solution

Following the hint, I found the c2 matrix site. Looking in the detection columns, I saw a link to JARM for fingerprinting TLS servers. Pasted image 20220908154848 I cloned the repo, then I ran the file with python3, targeting the host. c2-1 The JARM is:

00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64

I searched that in Google, got an AlienVault result almost immediately. Pasted image 20220908154940 Looks like this is DeimosC2 Pasted image 20220908154954 That's it!!

MetaCTF{DeimosC2}

Next: Where's Vedder?