Hack the Box Challenge: fs0ciety


Hint: We believe that there is an SSH Password inside password protected 'ZIP' folder. Can you crack the 'ZIP' folder and get the SSH password?


I almost went back and watched every episode of Mr. Robot before starting this challenge, but I was too eager to do that. I downloaded the zip file with wget and extracted it using unzip and the provided password. This may get confusing later, but luckily they named the target zip file without the "0" in the name.

First thing's first, we need to do what the hint says, crack the zip file. Lucky for us, Kali has a built-in zip cracker that can use either a brute force attack, or a dictionary attack. If you’re following my articles by published date, you should already have rockyou.txt. If not, please refer to the "0ld is g0ld" guide.

Since I haven't used fcrackzip before, the first thing I do is check the man pages for it.

man fcrackzip

Since I'm going to leverage rockyou.txt, I'll use the -D, -u and -p switches (case-sensitive).




I don't recall how long the first time took, but when I reran it to write this guide, it completed successfully almost instantly. With our password in hand, I run the unzip command again and enter this new password. I see that it has given us a new file, "sshcreds_datacenter.txt".

I used the concatenate (cat) command to read the file, but you are more than welcome to use any text editor to read the file.



That looks interesting, let's use base64 to decode this text. Because of the "garbage" in the file, we'll have to use the -i switch to ignore non-alphanumeric characters (don't believe me? Check the man pages…). I'm also going to send the output of base64 to a text file for easier reading later.



Let's take a look at that decoded file now! Oh crap, the -i switch didn't remove the "Encrypted SSH…" text, but at least it got rid of the asterisks. I'll have to figure out a way to strip out anything I don't want encoded/decoded later on. For the sake of this article, let's just use vim to remove the junk we don't want.

vim fs0cietydecoded.txt

After we make our changes, type in :wq to save and quit. Now when we cat the file again, it looks much better. In fact, it looks like binary. I'll have to research this more later, but I just copied the binary text and went out to Rapid Tables to get an online translator. I'm sure I could write a perl or python script to convert binary to ascii, but I was just excited to see if this was the flag, or if there was more work ahead of me. After pasting in the binary text and clicking convert, we are presented with the flag! Is it just me, or does this have absolutely nothing to do with Mr. Robot?

Remember to add HTB{} around that flag to get credit for this challenge.

Until next time!

Comments

Popular posts from this blog

Exporting BitLocker Recovery Keys From AD Using PowerShell

Hack the Box Challenge - Blackhole

Hack the Box Challenge - You Can Do It!