BSidesCBR 2017 CTF: The Good Old Days

This is a write up of the “The Good Old Days” (5 points) trivia challenge from BSides Canberra 2017.

Description

What date was it when exploit-db.com landed its 30,001st exploit?

Solution

The aim was to locate the date that the 30,001st exploit was uploaded to Exploit Database. This was an easy challenge with no real coding involved.

The current Exploit Database website has 37,121 exploits (at the time of the challenge).

So, we know that it will be a reasonable time ago. The Wayback Machine has 1,248 versions of the site, so going through all of them would be rather inefficient. Checking the first save in 2016 shows 37,089 exploits — not very different to 2017, so we know that the 30,000th exploit will be another few years back.

One of the issues with using the Wayback Machine to visit Exploit Database is that when accessing some pages a block appears due to it detecting a DDOS attack. This occurs when going through the top section rather than the calendar.

This can be avoided my deleting the “:80/” from the end of the URL.

Going back to mid-2014, Exploit.db had 30,119 exploits, so very close to the target. Going back 2 months has 29,778 exploits, so it must between the start of June 2014 and end of July 2014. There are 27 saves between these times. Narrowing the search further, trying median date, 27th June 2014. This had 30,053 exploits, so very close, and have narrowed the range by half. Going for the median date of the remaining range: 11th June, has 29,894, so just under.

Again, this narrows the search range. The median value of the remaining range is 20th June, which has the target value of 30,001 exploits. Whilst the Wayback Machine shows this as June 20, on the actual website, it shows as being 19th June, as the 30,001st exploit must have been uploaded after the crawler had been through. The flag was the md5 hash of the date.

Thanks to the BSides Canberra CTF organisers for a nice warm-up trivia challenge!