After several hints we finally got how this challenge have to be done:

  • from the ip given it was clearly using IPv6 techonologies

  • the hint suggested to use the SCTP protocol instead of TCP/UDP

For the IPv6 service we used gogoCLIENT, and ncat which supports ipv6 and sctp. The hints says also the they likes small numbers so:

ncat -6 –sctp 2400:6180:0000:00d0::0264:7001 1



This was a pretty long challenge.

We can execute any command we want and the result we get is the number of seconds that the command took for execute. We just then bruteforce every character of the flag file and if we guessed it right then we will sleep for 2 seconds else just keep going with the guess.

Exploit: http://pastebin.com/fVCm7vDm