Posts

Hack the Box Challenge - Blackhole

Image
It looks like HTB has added a few new Miscellaneous challenges since my last post, time to get back to work! First on my list is Blackhole, a 20 point challenge with a hint of "A strange file has been discovered in Stephen Hawking's computer. Can you discover what it is?" Let's get started! I use wget to download the zip file, then unzip to extract it. After I enter the password, it looks like there's another archive in here, let's try to extract that one as well. Well, according the file manager, it has the folder icon, but when I run the file hawking command, it appears to be a jpeg - let's rename it and see what happens. Using the rename command, mv hawking hawking.jpg changes the extension to a jpeg. Now I can see a picture of Stephen Hawking with a nice quote, "Life would be tragic if it weren't funny." This is probably going to be a stego challenge, awesome! I'll use steghide like I did in the Milkshake challenge, ...

Update

Hey everyone! I realized I hadn't posted anything in quite some time - I deeply apologize for that. I've been working on the Bandit challenges from Over the Wire as well as studying for my Sec+ certification. I've also been thinking about how I can expand on my goal of knowledge sharing. I think I'd like to do a "recommended reading" list, where I list some of the books and articles I find interesting. What else would you like to see? 

Hack the Box Challenge - Widescreen

Hint: Someone has leaked pictures of our unreleased movie. Can you help identify him? This is probably the easiest challenge yet. Upon opening the image on my Windows box, the giant black bar across the bottom stood out. I could see some weird "artifact" hidden when I pasted the image into Word. I zoomed in and tilted my screen a little and there was the flag. I got really, really lucky with this one. Until next time!

Hack the Box Challenge - Classic, Yet Complicated!

Hint: Find the plaintext, the key is your flag! This will be my first Crypto challenge write up, let's see what we can do! I use wget to download the zip file, then use unzip and the provided password to extract my file. From that zip file we are given a txt file. It's pretty small, 553 bytes, so nothing hidden inside. Let's see what it says! "alp gwcsepul gtavaf, nlv prgpbpsu mb h jcpbyvdlq, ipltga rv glniypfa we ekl 16xs nsjhlcb. px td o lccjdstslpahzn fptspf xstlxzi te iosj ezv sc xcns ttsoic lzlvrmhaw ez sjqijsa xsp rwhr. tq vxspf sciov, alp wsphvcv pr ess rwxpqlvp nwlvvc dyi dswbhvo ef htqtafvyw hqzfbpg, ezutewwm zcep xzmyr o scio ry tscoos rd woi pyqnmgelvr vpm . qbctnl xsp akbflowllmspwt nlwlpcg, lccjdstslpahzn fptspfo oip qvx dfgysgelipp ec bfvbxlrnj ojocjvpw, ld akfv ekhr zys hskehy my eva dclluxpih yoe mh yiacsoseehk fj l gebxwh sieesn we ekl iynfudktru. xsp yam zd woi qwoc." I've done some other CTF challenges before, this looks l...

Hack the Box Challenge - You Can Do It!

Hint: The flag is in the format HTB{plaintext} Not much in the way of a hint, but let's get this show started! I download the zip file using wget , then extract it using unzip and the password provided. Just like the last Crypto challenge "Classic, yes complicated!", we're given a txt file that contains a "scrambled" string. I'm going to try to use ROT13 again to see if we have any luck. Nope, of course it wouldn't be THAT easy! I see the last character of this string is a "!". That's probably padding, so let's see what we can find. My research didn't find anything with padding, what else could it be? The first letter is "Y" and the last character is "!", same as the challenge name. I bet this is an anagram, off to find an online anagram solver! Searching online was a bust, but I was able to solve it by writing it out and crossing the letters as I used them. Just like the challenge, you can d...

Hack the Box Challenge - misDIRection

Image
Hint: During an assessment of a unix system the HTB team found a suspicious directory. They looked at everything within but couldn't find any files with malicious intent. At first glance, this looks like a traversal challenge or something. Let's take a look! I download the zip file using wget , then extract using unzip and the provided password. It looks like we have a 15.3K file with "nothing" in it - this is going to get interesting, I can already tell! The root folder is hidden, so that's why it doesn't appear in your file browser by default. I went back to the terminal and ran unzip -t misDIRection.zip so I could get a better view of everything. The first thing that popped out was some of the folders were empty, while others had a single file with just a number for a file name. Ok, don't over think this one. It's stupid easy, you just have to open your eyes and look at what's in front of you. I went old school for this chal...

Hack the Box Challenge: Art

Hint: Can you find the flag? Art as in the concept, or the name? Let's find out! I download the zip file using wget then extract is using unzip and the provided password. Seriously? A PNG file? I type in xdg-open art.zip to open the file in Image Viewer. Oh that's pretty. Looks kind of like a maze with lots of pretty colors. Ok… maybe the flag is hidden using steganography. The file size is 5.4 kB, so probably not, but let's check anyway. I should probably note at this point, that I am not very good at steganography - luckily there's Google and tools already written that work in Kali. I managed to find two such tools: Steghide and StenoSuite. I'll start with StegoSuite first, so let's get that installed. apt-get install stegosuite -y I don't like installing a lot of things at once, I'd rather install one tool, use it first, and if it doesn't meet my needs, uninstall and try another one. I think this comes from my time as a com...