Postpwned Ramblings

It looks like HTB has added a few new Miscellaneous challenges since my last post, time to get back to work! First on my list is Blackhole, a 20 point challenge with a hint of "A strange file has been discovered in Stephen Hawking's computer. Can you discover what it is?" Let's get started! I use wget to download the zip file, then unzip to extract it. After I enter the password, it looks like there's another archive in here, let's try to extract that one as well. Well, according the file manager, it has the folder icon, but when I run the file hawking command, it appears to be a jpeg - let's rename it and see what happens. Using the rename command, mv hawking hawking.jpg changes the extension to a jpeg. Now I can see a picture of Stephen Hawking with a nice quote, "Life would be tragic if it weren't funny." This is probably going to be a stego challenge, awesome! I'll use steghide like I did in the Milkshake challenge,

Hey everyone! I realized I hadn't posted anything in quite some time - I deeply apologize for that. I've been working on the Bandit challenges from Over the Wire as well as studying for my Sec+ certification. I've also been thinking about how I can expand on my goal of knowledge sharing. I think I'd like to do a "recommended reading" list, where I list some of the books and articles I find interesting. What else would you like to see? 

Hint: Someone has leaked pictures of our unreleased movie. Can you help identify him? This is probably the easiest challenge yet. Upon opening the image on my Windows box, the giant black bar across the bottom stood out. I could see some weird "artifact" hidden when I pasted the image into Word. I zoomed in and tilted my screen a little and there was the flag. I got really, really lucky with this one. Until next time!

Hint: Find the plaintext, the key is your flag! This will be my first Crypto challenge write up, let's see what we can do! I use wget to download the zip file, then use unzip and the provided password to extract my file. From that zip file we are given a txt file. It's pretty small, 553 bytes, so nothing hidden inside. Let's see what it says! "alp gwcsepul gtavaf, nlv prgpbpsu mb h jcpbyvdlq, ipltga rv glniypfa we ekl 16xs nsjhlcb. px td o lccjdstslpahzn fptspf xstlxzi te iosj ezv sc xcns ttsoic lzlvrmhaw ez sjqijsa xsp rwhr. tq vxspf sciov, alp wsphvcv pr ess rwxpqlvp nwlvvc dyi dswbhvo ef htqtafvyw hqzfbpg, ezutewwm zcep xzmyr o scio ry tscoos rd woi pyqnmgelvr vpm . qbctnl xsp akbflowllmspwt nlwlpcg, lccjdstslpahzn fptspfo oip qvx dfgysgelipp ec bfvbxlrnj ojocjvpw, ld akfv ekhr zys hskehy my eva dclluxpih yoe mh yiacsoseehk fj l gebxwh sieesn we ekl iynfudktru. xsp yam zd woi qwoc." I've done some other CTF challenges before, this looks l

Hint: The flag is in the format HTB{plaintext} Not much in the way of a hint, but let's get this show started! I download the zip file using wget , then extract it using unzip and the password provided. Just like the last Crypto challenge "Classic, yes complicated!", we're given a txt file that contains a "scrambled" string. I'm going to try to use ROT13 again to see if we have any luck. Nope, of course it wouldn't be THAT easy! I see the last character of this string is a "!". That's probably padding, so let's see what we can find. My research didn't find anything with padding, what else could it be? The first letter is "Y" and the last character is "!", same as the challenge name. I bet this is an anagram, off to find an online anagram solver! Searching online was a bust, but I was able to solve it by writing it out and crossing the letters as I used them. Just like the challenge, you can d

Hint: During an assessment of a unix system the HTB team found a suspicious directory. They looked at everything within but couldn't find any files with malicious intent. At first glance, this looks like a traversal challenge or something. Let's take a look! I download the zip file using wget , then extract using unzip and the provided password. It looks like we have a 15.3K file with "nothing" in it - this is going to get interesting, I can already tell! The root folder is hidden, so that's why it doesn't appear in your file browser by default. I went back to the terminal and ran unzip -t misDIRection.zip so I could get a better view of everything. The first thing that popped out was some of the folders were empty, while others had a single file with just a number for a file name. Ok, don't over think this one. It's stupid easy, you just have to open your eyes and look at what's in front of you. I went old school for this chal

Hint: Can you find the flag? Art as in the concept, or the name? Let's find out! I download the zip file using wget then extract is using unzip and the provided password. Seriously? A PNG file? I type in xdg-open art.zip to open the file in Image Viewer. Oh that's pretty. Looks kind of like a maze with lots of pretty colors. Ok… maybe the flag is hidden using steganography. The file size is 5.4 kB, so probably not, but let's check anyway. I should probably note at this point, that I am not very good at steganography - luckily there's Google and tools already written that work in Kali. I managed to find two such tools: Steghide and StenoSuite. I'll start with StegoSuite first, so let's get that installed. apt-get install stegosuite -y I don't like installing a lot of things at once, I'd rather install one tool, use it first, and if it doesn't meet my needs, uninstall and try another one. I think this comes from my time as a com

Hint: We believe that there is an SSH Password inside password protected 'ZIP' folder. Can you crack the 'ZIP' folder and get the SSH password? I almost went back and watched every episode of Mr. Robot before starting this challenge, but I was too eager to do that. I downloaded the zip file with wget and extracted it using unzip and the provided password. This may get confusing later, but luckily they named the target zip file without the "0" in the name. First thing's first, we need to do what the hint says, crack the zip file. Lucky for us, Kali has a built-in zip cracker that can use either a brute force attack, or a dictionary attack. If you’re following my articles by published date, you should already have rockyou.txt. If not, please refer to the "0ld is g0ld" guide. Since I haven't used fcrackzip before, the first thing I do is check the man pages for it. man fcrackzip Since I'm going to leverage rockyou

Hint:   Old algorithms are not a waste, but are really precious...  0ld is G0ld, hrm. At first glance, I'm thinking I may have to dust off my Basic or COBOL, or some other "older" language. The hint seems a little weird, not sure if it's an ESL (English as a Second Language) thing or something lost in translation, or if that is supposed to mean something to me. I have no idea at this point, so I'm just going to dive in! Time to use wget to download the zip file and get it extracted. I use the unzip command to extract 0ld_is_g0ld.zip. I enter the password from the website and proceed. Using ls , I can see it gave me a PDF file. Let's see if we can open it! I use xdg-open "0ld is g0ld.pdf" and it launches Document Viewer with a password prompt. Nah, can't be this easy, let's try the same password for the zip file. Nope. As I was still learning Linux and Kali, I decided to use some Google-Fu to find a good PDF

I just posted a "walkthrough" for a Hack The Box challenge, and I figured I should say something. I originally wrote these for myself - these are my notes from the challenges. Obviously I have formatted them better, went back and took more screenshots, and added some commentary on what I was thinking of to help myself complete the objective. I will do my best to NOT post the flag needed to complete the challenge. I will however, lead you up to the point where you can easily get the flag if you follow my every step. If any of my steps are missing something, please let me know. These are older notes, and I may have missed a step or skipped over something important because I am going through the challenge again, using my notes to complete it again. Perhaps I should do a write up of how I got into Hack The Box...

Hint: Find the flag. When I started this challenge, I took one look at the hint and already started questioning what I was up against. Not wanting to disappoint myself, I fired up my Kali VM through Oracle's VirtualBox and got started. I launched a terminal and used wget to download the zip file. wget  https://www.hackthebox.eu/storage/challenges/misc/inferno.zip I used the built in unzipping command to unzip inferno.zip. unzip inferno. zip I entered the password provided, "hackthebox" and it spit out a txt file. Ok, I was expecting something a little more than this, but hey, maybe it's a super easy flag.  Nevermind… RCdgXyReIjdtNVgzMlZ4ZnZ1PzFOTXBMbWwkakdGZ2dVZFNiYn08eyldeHFwdW5tM3Fwb2htZmUrTGJnZl9eXSNhYFleV1Z6PTxYV1ZPTnJMUUpJTkdrRWlJSEcpP2MmQkE6Pz49PDVZenk3NjU0MzIrTy8uJyYlJEgoIWclJCN6QH59dnU7c3JxdnVuNFVxamlubWxlK2NLYWZfZF0jW2BfWHxcW1pZWFdWVVRTUlFQMk5NRktKQ0JmRkU+JjxgQDkhPTw1WTl5NzY1NC0sUDAvby0sJUkpaWh+fSR7QSFhfXZ7dDpbWnZ

I just renewed this domain and I realized something - it's been a year since I first started this blog and we are already closing up the first month of 2018 and I don't have much to show for. I haven't put much out here honestly, I have plenty of code snippets and ideas for content, but life has gotten in the way. My original idea was to make this a security centric blog where I would document my studies and write about what I was learning to not only help me better understand the content, but to help anyone else who is interested. I think I would like to continue with the original idea, but also write about my non-security related wins and code snippets. I've recently taken on the role of a Citrix engineer in addition to my other tasks. I'm still pretty new, but I have spotted a few areas for automation and scripting that I would like to explore. So here's to 2018, may I finally get around to writing more often!