Posts

Showing posts from June, 2018

Hack the Box Challenge: Art

Hint: Can you find the flag? Art as in the concept, or the name? Let's find out! I download the zip file using wget then extract is using unzip and the provided password. Seriously? A PNG file? I type in xdg-open art.zip to open the file in Image Viewer. Oh that's pretty. Looks kind of like a maze with lots of pretty colors. Ok… maybe the flag is hidden using steganography. The file size is 5.4 kB, so probably not, but let's check anyway. I should probably note at this point, that I am not very good at steganography - luckily there's Google and tools already written that work in Kali. I managed to find two such tools: Steghide and StenoSuite. I'll start with StegoSuite first, so let's get that installed. apt-get install stegosuite -y I don't like installing a lot of things at once, I'd rather install one tool, use it first, and if it doesn't meet my needs, uninstall and try another one. I think this comes from my time as a com...

Hack the Box Challenge: fs0ciety

Image
Hint: We believe that there is an SSH Password inside password protected 'ZIP' folder. Can you crack the 'ZIP' folder and get the SSH password? I almost went back and watched every episode of Mr. Robot before starting this challenge, but I was too eager to do that. I downloaded the zip file with wget and extracted it using unzip and the provided password. This may get confusing later, but luckily they named the target zip file without the "0" in the name. First thing's first, we need to do what the hint says, crack the zip file. Lucky for us, Kali has a built-in zip cracker that can use either a brute force attack, or a dictionary attack. If you’re following my articles by published date, you should already have rockyou.txt. If not, please refer to the "0ld is g0ld" guide. Since I haven't used fcrackzip before, the first thing I do is check the man pages for it. man fcrackzip Since I'm going to leverage rockyou...

Hack the Box Challenge: 0ld is G0ld

Image
Hint:   Old algorithms are not a waste, but are really precious...  0ld is G0ld, hrm. At first glance, I'm thinking I may have to dust off my Basic or COBOL, or some other "older" language. The hint seems a little weird, not sure if it's an ESL (English as a Second Language) thing or something lost in translation, or if that is supposed to mean something to me. I have no idea at this point, so I'm just going to dive in! Time to use wget to download the zip file and get it extracted. I use the unzip command to extract 0ld_is_g0ld.zip. I enter the password from the website and proceed. Using ls , I can see it gave me a PDF file. Let's see if we can open it! I use xdg-open "0ld is g0ld.pdf" and it launches Document Viewer with a password prompt. Nah, can't be this easy, let's try the same password for the zip file. Nope. As I was still learning Linux and Kali, I decided to use some Google-Fu to find a good PDF...

Hack The Box Walkthroughs

I just posted a "walkthrough" for a Hack The Box challenge, and I figured I should say something. I originally wrote these for myself - these are my notes from the challenges. Obviously I have formatted them better, went back and took more screenshots, and added some commentary on what I was thinking of to help myself complete the objective. I will do my best to NOT post the flag needed to complete the challenge. I will however, lead you up to the point where you can easily get the flag if you follow my every step. If any of my steps are missing something, please let me know. These are older notes, and I may have missed a step or skipped over something important because I am going through the challenge again, using my notes to complete it again. Perhaps I should do a write up of how I got into Hack The Box...

Hack The Box Challenge: Inferno

Image
Hint: Find the flag. When I started this challenge, I took one look at the hint and already started questioning what I was up against. Not wanting to disappoint myself, I fired up my Kali VM through Oracle's VirtualBox and got started. I launched a terminal and used wget to download the zip file. wget  https://www.hackthebox.eu/storage/challenges/misc/inferno.zip I used the built in unzipping command to unzip inferno.zip. unzip inferno. zip I entered the password provided, "hackthebox" and it spit out a txt file. Ok, I was expecting something a little more than this, but hey, maybe it's a super easy flag.  Nevermind… RCdgXyReIjdtNVgzMlZ4ZnZ1PzFOTXBMbWwkakdGZ2dVZFNiYn08eyldeHFwdW5tM3Fwb2htZmUrTGJnZl9eXSNhYFleV1Z6PTxYV1ZPTnJMUUpJTkdrRWlJSEcpP2MmQkE6Pz49PDVZenk3NjU0MzIrTy8uJyYlJEgoIWclJCN6QH59dnU7c3JxdnVuNFVxamlubWxlK2NLYWZfZF0jW2BfWHxcW1pZWFdWVVRTUlFQMk5NRktKQ0JmRkU+JjxgQDkhPTw1WTl5NzY1NC0sUDAvby0sJUkpaWh+fSR7QSFhfXZ7dDpbWnZ...