Steam Community :: Guide :: [EN] Flight Zero

Store Page

Hacker Evolution - Untold

All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

Hacker Evolution - Untold > Guides > Vic=HKC='s Guides

Not enough ratings

[EN] Flight Zero

By Vic=HKC=

Fair warning: I use xmoney at the beginning at the first level because I didn't find how to beat the pack without resorting to cheating and apparently, nobody found the solution.

Award

Created by

Vic=HKC=
Offline

Category: Walkthroughs

Languages: English

Posted

3 Mar, 2019 @ 1:20am

162	Unique Visitors
2	Current Favorites

Guide Index

Overview

Introduction

[FZ1] Intrusion

[FZ1] Server details

[FZ2] Land it safely

[FZ2] Server details

[FZ3] Finale

[FZ3] Server details

Comments

Introduction

This walkhtrough is also published on Neoseeker.

To read absolutely:

http://gtm.steamproxy.vip/sharedfiles/filedetails/?id=121869669

[FZ1] Intrusion

Level Introduction

For now, and given the fact that I don't seem to arrive to beat the second level despite finishing this one with different paths, I'm using xmoney at the beginning of this one.

xmoney

We don't have any choice but to begin by the gate server after scanning it and comparing it to the wifi server.

Scan gate.wxt-airport.com
Scan wifi.wxt-airport.com
Decrypt gate.wxt-airport.com
Crack gate.wxt-airport.com 900
Connect gate.wxt-airport.com 900
Ls
Download backdoor_901.exploit
Cat activity.log
- We can see a series of servers: only two can be scanned in addition of the mail at the end of the file.
Scan rfid-2.wxt-airport.com
Scan rfid-5.wxt-airport.com
Scan auth.wxt-airport.com
Logout

As we have an exploit for port 901, let's use it for the port 901 of the gate server.

Exec backdoor_901.exploit gate.wxt-airport.com
Connect gate.wxt-airport.com 901
Deletelogs
Ls
Download log_900.exploit
Logout

You don't need to hack into the rfid-2 server (but it doesn't matter in reality). I did it to retrieve the money.

Bounce gate.wxt-airport.com
Decrypt rfid-2.wxt-airport.com
Crack rfid-2.wxt-airport.com 800
Bounce gate.wxt-airport.com
Connect rfid-2.wxt-airport.com 800
Transfer 500
Deletelogs
Logout

Same process for the number five, which is our target.

Bounce rfid-2.wxt-airport.com
Decrypt rfid-5.wxt-airport.com
Crack rfid-5.wxt-airport.com 800
Bounce rfid-2.wxt-airport.com
Connect rfid-5.wxt-airport.com 800
Transfer 500
Deletelogs
Ls
Cat id.dat
Download id.dat
Logout

Now, we're going to hack into the auth server as you still don't have any exploit for the wifi server.

Bounce [choose a server with three bounces left]
Bounce [choose a server]
Decrypt auth.wxt-airport.com
Crack auth.wxt-airport.com 800
Bounce [any server still in the bounce]
Exec log_900.exploit auth.wxt-airport.com
Connect auth.wxt-airport.com 900
Transfer 1000
Deletelogs
Ls
Cat connection.log
- The only client that managed to connect is the number 10
Scan client-10.wifi.wxt-airport.com
Logout

Well, the wifi server is still not a possibility, however, the client-10 is now at reach.

Bounce [choose a server with three bounces left]
Decrypt client-10.wifi.wxt-airport.com
Crack client-10.wifi.wxt-airport.com 100
Bounce [the server used in the bounce]
Exec backdoor_901.exploit client-10.wifi.wxt-airport.com
Connect client-10.wifi.wxt-airport.com 100
Transfer 500
Deletelogs
Ls
Download wlan_8001.exploit
Download gpstracking.bin
- You receive a message, with now a clear email address
Scan wxt-airport.com
Logout

Technically, we can finally start to hack the wifi server. I tried a playthrough without touching wxt-airport but it yelded the same result for the next level. So, I let this one here.

Decrypt wxt-airport.com
Exec backdoor_901.exploit wxt-airport.com
Connect wxt-airport.com 901
Transfer 500
Deletelogs
Logout

Let's finish to hack the auth server.

Bounce [choose a server]
Crack auth.wxt-airport.com 800
Bounce [the server used in the bounce]
Connect auth.wxt-airport.com 800
Transfer 1000
Deletelogs
Logout

Now, we can finally attack the wifi server.

Bounce [choose a server]
Bounce [choose a server]
Bounce [choose a server]
Decrypt wifi.wxt-airport.com
Bounce [one of the three servers used for the bounce]
Bounce [one of the two servers still in the bounce]
Bounce [the last server still in the bounce]
Exec wlan_8001.exploit wifi.wxt-airport.com
Connect wifi.wxt-airport.com 8001
Deletelogs
Ls
Cat dhcp.list
- Remember id.dat? You can find the right client thanks to the boarding pass. But also, the last client has no boarding pass...
Scan client-76.wifi.wxt-airport.com
Scan client-99.wifi.wxt-airport.com
Logout
Killtrace

We have a choice: either attack client-76 which seems easier or attack client-99 which is our target. The path with less trace level is to attack the target. You're going to understand it later.

Bounce wifi.wxt-airport.com
Decrypt client-99.wifi.wxt-airport.com
Killtrace
Bounce [choose a server with 2 bounces left]
Crack client-99.wifi.wxt-airport.com 75
Bounce [one of the two servers used for the bounce]
Bounce [the last server still in the bounce]
Connect client-99.wifi.wxt-airport.com 75
Deletelogs
Ls
Download file_share_20.exploit
- This is why I chose to hack first client-99: to use this exploit on client-76 instead of cracking it
Logout

Now, we can hack into client-76 without using a crack.

Bounce [choose a server with 2 bounces left]
Decrypt client-76.wifi.wxt-airport.com
Bounce [the server used in the bounce]
Exec file_share_20.exploit client-76.wifi.wxt-airport.com
Connect client-76.wifi.wxt-airport.com 20
Deletelogs
Ls
Download bluetooth_2000.exploit
Logout
Killtrace

Let's hack the port 2000 on client-99.

Exec bluetooth_2000.exploit client-99.wifi.wxt-airport.com
Connect client-99.wifi.wxt-airport.com 2000
Transfer 500
Deletelogs
Ls
Cat pairing.list
- We found the device we need to track
Scan pda.bt-link.wlan
Logout

This server is tough but if you followed my instructions, you should have enough servers.

Bounce [choose a server with 3 bounces left]
Bounce [choose a server with 3 bounces left]
Bounce [choose a server]
Decrypt pda.bt-link.wlan
Killtrace (x2)
Bounce [choose a server]
Bounce [choose a server]
Bounce [choose a server]
Crack pda.bt-link.wlan 999
Connect pda.bt-link.wlan 999
Deletelogs
Upload gpstracking.bin

[FZ1] Server details

char = characters = number of characters

Server

Mention

gate.wxt-airport.com

Map

wifi.wxt-airport.com

Map

rfid-2.wxt-airport.com

File activity.log hosted on port 900 of gate.wxt-airport.com

rfid-5.wxt-airport.com

File activity.log hosted on port 900 of gate.wxt-airport.com

auth.wxt-airport.com

File activity.log hosted on port 900 of gate.wxt-airport.com

client-10.wifi.wxt-airport.com

File connection.log hosted on port 900 of auth.wxt-airport.com

wxt-airport.com

Message received after downloading gpstracking.bin from client-10.wifi.wxt-airport.com

client-76.wifi.wxt-airport.com

File dhcp.list hosted on port 8001 of wifi.wxt-airport.com

client-99.wifi.wxt-airport.com

File dhcp.list hosted on port 8001 of wifi.wxt-airport.com

pda.bt-link.wlan

File pairing.list hosted on port 2000 of client-99.wifi.wxt-airport.com

gate.wxt-airport.com

128 bits
port 900 (password 4 char) - log
port 901 (password 8 char) - backdoor
3 files
- port 900: activity.log
- port 900: backdoor_901.exploit
- port 901: log_900.exploit

wifi.wxt-airport.com

512 bits
port 8001 (password 64 char) - wlan
1 file
- port 8001: dhcp.list

rfid-2.wxt-airport.com

256 bits
port 800 (password 8 char) - interface
$500

rfid-5.wxt-airport.com

256 bits
port 800 (password 8 char) - interface
$500
2 files
- port 800: id.dat
- port 800: id.verify

auth.wxt-airport.com

512 bits
port 800 (password 8 char) - auth_daemon
port 900 (password 16 char) - log
$1000
1 file
- port 900: connection.log

client-10.wifi.wxt-airport.com

256 bits
port 100 (password 8 char) - qftp
port 901 (password 64 char) - backdoor
$500
2 files
- port 901: gpstracking.bin
- port 901: wlan_8001.exploit

wxt-airport.com

128 bits
port 80
port 901 (password 64 char) - backdoor
$500

client-76.wifi.wxt-airport.com

256 bits
port 20 (password 8 char) - file_share
1 file
- port 20: bluetooth_2000.exploit

client-99.wifi.wxt-airport.com

256 bits
port 2000 (password 64 char) - bluetooth
port 75 (password 16 char) - file_share
$500
2 files
- port 75: file_share_20.exploit
- port 2000: pairing.list

pda.bt-link.wlan

512 bits
port 999 (password 32 char) - sdcard

[FZ2] Land it safely

Level Introduction

The only easy beacon to crack is the first one.

Decrypt beacon-1.txy.network
Crack beacon-1.txy.network 99
Connect beacon-1.txy.network 99
Deletelogs
Ls
Cat gps-sync.log
- Two flights in the same time can be scanned
Scan flight-577.link
Scan flight-399.link
Logout

We need the second beacon for the flight-577 hack.

Bounce beacon-1.txy.network
Decrypt beacon-2.txy.network
Crack beacon-2.txy.network 99
Bounce beacon-1.txy.network
Connect beacon-2.txy.network 99
Deletelogs
Ls
Cat gps-sync.log
- Again, you can scan the flight in the same time as 577
Scan flight-488.link
Logout

While it's true that flight-488 and flight-399 are having money, they have two ports to hack and it's not really worthy for $500 each. So let's go directly to our objective.

Bounce beacon-1.txy.network
Bounce beacon-2.txy.network
Decrypt flight-577.link
Killtrace
Crack flight-577.link 500
Bounce beacon-2.txy.network
Connect flight-577.link 500
Transfer 1000
Deletelogs
Ls
Download flight-plan.info
Logout

Now, we're going to hack into the control tower as we need the beacon identifiers for the next objective.

Bounce beacon-2.txy.network
Bounce flight-577.link
Decrypt txy-control.lan
Killtrace
Crack txy-control.lan 101
Bounce flight-577.link
Connect txy-control.lan 101
Deletelogs
Ls
Cat beaconlist.info
- The four beacons are there
Scan beacon-1.strip-1.lan
Scan beacon-1.strip-2.lan
Scan beacon-2.strip-1.lan
Scan beacon-2.strip-2.lan
Logout

The next objectives are indicating that we need beacons from strip-2. The easy one is beacon-1.

Decrypt beacon-1.strip-2.lan
Killtrace (x2)
Bounce flight-577.link
Crack beacon-1.strip-2.lan 99
Connect beacon-1.strip-2.lan 99
Deletelogs
Ls
Del boot.bin
Logout

We can hack the second beacon.

Bounce beacon-1.strip-2.lan
Decrypt beacon-2.strip-2.lan
Killtrace
Crack beacon-2.strip-2.lan 99
Bounce beacon-1.strip-2.lan
Connect beacon-2.strip-2.lan 99
Deletelogs
Ls
Del boot.bin
Logout

We receive a message with a new server to scan. We need to retrieve a file there.

Scan xenti-secure.com
Decrypt xenti-secure.com
Killtrace
Crack xenti-secure.com 21
Connect xenti-secure.com 21
Deletelogs
Ls
Download identifier.dat
Download lock_3999.exploit
Just for your information, I've downloaded it but I never used it, you can forget about this exploit.

Logout

Now, we need to completely hack txy-control.lan.

Bounce xenti-secure.com
Crack txy-control.lan 100
Bounce xenti-secure.com
Connect txy-control.lan 100
Deletelogs
Upload identifier.dat
Logout

Well, let's hack the first beacon of the first strip.

Bounce [choose a server with 3 bounces left]
Bounce [choose a server with 3 bounces left]
Decrypt beacon-1.strip-1.lan
Killtrace (x2)
Bounce [one of the two servers used for the bounce]
Crack beacon-1.strip-1.lan 99
Bounce [the server still in the bounce]
Connect beacon-1.strip-1.lan 99
Deletelogs
Ls
Del boot.bin
Logout

And now, it's the finishing line.

Bounce [choose a server with 2 bounces left]
Bounce [choose a server with 2 bounces left]
Decrypt beacon-2.strip-1.lan
Killtrace
Bounce [one of the two servers used for the bounce]
Crack beacon-2.strip-1.lan 99
Bounce [the server still in the bounce]
Connect beacon-2.strip-1.lan 99
Deletelogs
Ls
Del boot.bin
Logout

[FZ2] Server details

char = characters = number of characters

Server

Mention

beacon-1.txy.network

Map

beacon-2.txy.network

Map

txy-control.lan

Map

flight-577.link

File gps-sync.log on port 900 of beacon-1.txy.network

flight-399.link

File gps-sync.log on port 900 of beacon-1.txy.network

flight-488.link

File gps-sync.log on port 900 of beacon-2.txy.network

beacon-1.strip-1.lan

File beaconlist.info hosted on port 101 of txy-control.lan

beacon-1.strip-2.lan

File beaconlist.info hosted on port 101 of txy-control.lan

beacon-2.strip-1.lan

File beaconlist.info hosted on port 101 of txy-control.lan

beacon-2.strip-2.lan

File beaconlist.info hosted on port 101 of txy-control.lan

xenti-secure.com

Message received ???

beacon-1.txy.network

128 bits
port 900 (password 4 char) - gps_port
1 file
- port 900: gps-sync.log

beacon-2.txy.network

256 bits
port 900 (password 8 char) - gps_port
1 file
- port 900: gps-sync.log

txy-control.lan

512 bits
port 100 (password 8 char) - identifier
port 101(password 8 char) - beacons
1 file
- port 101: beaconlist.info

flight-577.link

512 bits
port 500 (password 8 char) - computer_port
$1000
1 file
- port 500: flight-plan.info

flight-399.link

512 bits
port 500 (password 16 char) - computer_port
port 501 (password 8 char) - failsafe
$500

flight-488.link

256 bits
port 500 (password 16 char) - computer_port
port 501 (password 8 char) - failsafe
$500
1 file
- port 500: flightplan.info

beacon-1.strip-1.lan

512 bits
port 99 (password 8 char) - monitor
port 3999 (password 64 char) - lock
1 file
- port 99: beaconlist.info

beacon-1.strip-2.lan

128 bits
port 99 (password 8 char) - monitor
1 file
- port 99: boot.bin

beacon-2.strip-1.lan

512 bits
port 99 (password 8 char) - monitor
port 3999 (password 64 char) - lock
1 file
- port 99: boot.bin

beacon-2.strip-2.lan

256 bits
port 99 (password 8 char) - monitor
1 file
- port 99: boot.bin

xenti-secure.com

128 bits
port 21 (password 4 char) - ftp
2 files
- port 21: identifier.dat
- port 21: lock_3999.exploit

[FZ3] Finale

Level Introduction

We're going to retrieve the $5000 on fwl-8.net. As we have money following the xmoney cheat at the beginning of the first level, I'm upgrading my firewall to facilitate the transfer.

Upgrade fwl1
Decrypt fwl-8.net
Killtrace
Crack fwl-8.net
Connect fwl-8.net
Transfer 2000 (x2)
Deletelogs
Transfer 1000
Deletelogs
Logout

I'm upgrading my cpu.

Upgrade cpu0

Another server with money is storage-2.

Decrypt storage-2.net
Killtrace
Crack storage-2.net 100
Connect storage-2.net 100
Transfer 2000
Deletelogs
Logout

To be sure, we're also going to hack storage-5.

Decrypt storage-5.net
Killtrace
Crack storage-5.net 100
Connect storage-5.net 100
Deletelogs
Transfer 2000
Deletelogs
Logout

And now, it's the finishing line.

Bounce [choose a server]
Bounce [choose a server]
Bounce [choose a server]
Decrypt core.net
Killtrace (x2)
Crack core.net 99
Connect core.net 99
Deletelogs
Ls
Del xenticore.bin

[FZ3] Server details

''XX = number''

Server

Mention

fwl-XX.net

Map

storage-XX.net

Map

core.net

Map

fwl-6.net

256 bits
port 90 (password 8 char) - interface

fwl-7.net

256 bits
port 90 (password 8 char) - interface

fwl-8.net

128 bits
port 80 (password 4 char) - http_admin
$5000

fwl-9.net

256 bits
port 90 (password 8 char) - interface
1 file
- port 90: upload_92.exploit

fwl-10.net

256 bits
port 90 (password 8 char) - interface

fwl-11.net

512 bits
port 90 (password 8 char) - interface
port 91 (password 8 char) - wlan
port 92 (password 64 char) - upload

storage-2.net

256 bits
port 100 (password 8 char) - upload
$2000

storage-3.net

256 bits
port 100 (password 8 char) - upload
$500

storage-4.net

1024 bits

storage-5.net

256 bits
port 100 (password 8 char) - upload
$2000

core.net

2048 bits
port 99 (password 32 char) - storage
1 file
- port 99: xenticore.bin

CC-BY-NC
Vinciane Amorini
February 2019
This guide was first written on Neoseeker