Hack the Box Challenge: fs0ciety


Hint: We believe that there is an SSH Password inside password protected 'ZIP' folder. Can you crack the 'ZIP' folder and get the SSH password?


I almost went back and watched every episode of Mr. Robot before starting this challenge, but I was too eager to do that. I downloaded the zip file with wget and extracted it using unzip and the provided password. This may get confusing later, but luckily they named the target zip file without the "0" in the name.

First thing's first, we need to do what the hint says, crack the zip file. Lucky for us, Kali has a built-in zip cracker that can use either a brute force attack, or a dictionary attack. If you’re following my articles by published date, you should already have rockyou.txt. If not, please refer to the "0ld is g0ld" guide.

Since I haven't used fcrackzip before, the first thing I do is check the man pages for it.

man fcrackzip

Since I'm going to leverage rockyou.txt, I'll use the -D, -u and -p switches (case-sensitive).




I don't recall how long the first time took, but when I reran it to write this guide, it completed successfully almost instantly. With our password in hand, I run the unzip command again and enter this new password. I see that it has given us a new file, "sshcreds_datacenter.txt".

I used the concatenate (cat) command to read the file, but you are more than welcome to use any text editor to read the file.



That looks interesting, let's use base64 to decode this text. Because of the "garbage" in the file, we'll have to use the -i switch to ignore non-alphanumeric characters (don't believe me? Check the man pages…). I'm also going to send the output of base64 to a text file for easier reading later.
Let's take a look at that decoded file now! Oh crap, the -i switch didn't remove the "Encrypted SSH…" text, but at least it got rid of the asterisks. I'll have to figure out a way to strip out anything I don't want encoded/decoded later on. For the sake of this article, let's just use vim to remove the junk we don't want.

vim fs0cietydecoded.txt

After we make our changes, type in :wq to save and quit. Now when we cat the file again, it looks much better. In fact, it looks like binary. I'll have to research this more later, but I just copied the binary text and went out to Rapid Tables to get an online translator. I'm sure I could write a perl or python script to convert binary to ascii, but I was just excited to see if this was the flag, or if there was more work ahead of me. After pasting in the binary text and clicking convert, we are presented with the flag! Is it just me, or does this have absolutely nothing to do with Mr. Robot?

Remember to add HTB{} around that flag to get credit for this challenge.

Until next time!

Comments

Post a Comment

Popular posts from this blog

Exporting BitLocker Recovery Keys From AD Using PowerShell

In preparation for migrating our workstations over to Microsoft BitLocker Administration Management (MBAM), I wanted to backup the recovery keys for my team's systems since we're testing and implementing it. In order to do this, I needed to write something that would pull in every computer in an OU in AD, then grab the msFVE-RecoveryInformation class for each object. I know, I know... there's better ways to create the PSObject. I've been mired in writing in PowerShell 2.0 to support the Windows XP systems here at the company. I know, I know... yes, we still have Windows XP. Yes, there are plans on moving to a supported OS. No, I don't know when that will be.
Read more

Hack the Box Challenge - Blackhole

Image
It looks like HTB has added a few new Miscellaneous challenges since my last post, time to get back to work! First on my list is Blackhole, a 20 point challenge with a hint of "A strange file has been discovered in Stephen Hawking's computer. Can you discover what it is?" Let's get started! I use wget to download the zip file, then unzip to extract it. After I enter the password, it looks like there's another archive in here, let's try to extract that one as well. Well, according the file manager, it has the folder icon, but when I run the file hawking command, it appears to be a jpeg - let's rename it and see what happens. Using the rename command, mv hawking hawking.jpg changes the extension to a jpeg. Now I can see a picture of Stephen Hawking with a nice quote, "Life would be tragic if it weren't funny." This is probably going to be a stego challenge, awesome! I'll use steghide like I did in the Milkshake challenge,
Read more

Hack the Box Challenge - You Can Do It!

Hint: The flag is in the format HTB{plaintext} Not much in the way of a hint, but let's get this show started! I download the zip file using wget , then extract it using unzip and the password provided. Just like the last Crypto challenge "Classic, yes complicated!", we're given a txt file that contains a "scrambled" string. I'm going to try to use ROT13 again to see if we have any luck. Nope, of course it wouldn't be THAT easy! I see the last character of this string is a "!". That's probably padding, so let's see what we can find. My research didn't find anything with padding, what else could it be? The first letter is "Y" and the last character is "!", same as the challenge name. I bet this is an anagram, off to find an online anagram solver! Searching online was a bust, but I was able to solve it by writing it out and crossing the letters as I used them. Just like the challenge, you can d
Read more