Hack The Box Challenge: Inferno

Hint: Find the flag.

When I started this challenge, I took one look at the hint and already started questioning what I was up against. Not wanting to disappoint myself, I fired up my Kali VM through Oracle's VirtualBox and got started.

I launched a terminal and used wget to download the zip file.

I used the built in unzipping command to unzip inferno.zip.

unzip inferno.zip
I entered the password provided, "hackthebox" and it spit out a txt file. Ok, I was expecting something a little more than this, but hey, maybe it's a super easy flag. Nevermind…

RCdgXyReIjdtNVgzMlZ4ZnZ1PzFOTXBMbWwkakdGZ2dVZFNiYn08eyldeHFwdW5tM3Fwb2htZmUrTGJnZl9eXSNhYFleV1Z6PTxYV1ZPTnJMUUpJTkdrRWlJSEcpP2MmQkE6Pz49PDVZenk3NjU0MzIrTy8uJyYlJEgoIWclJCN6QH59dnU7c3JxdnVuNFVxamlubWxlK2NLYWZfZF0jW2BfWHxcW1pZWFdWVVRTUlFQMk5NRktKQ0JmRkU+JjxgQDkhPTw1WTl5NzY1NC0sUDAvby0sJUkpaWh+fSR7QSFhfXZ7dDpbWnZvNXNyVFNvbm1mLGppS2dgX2RjXCJgQlhXVnpaPDtXVlVUTXFRUDJOR0ZFaUlIR0Y/PmJCJEA5XT08OzQzODFVdnUtMiswLygnSysqKSgnfmZ8Qi8=

If you are on Windows or are looking for an "easier" way to decode this, head on over to  https://www.base64decode.org/. If you're like me and want to really learn as much as you can with these challenges, there's another awesome built in tool you can use!


base64 --decode inferno.txt > infernodecoded.txt
Or, drop everything after the first txt.



base64 --decode inferno.txt


 Ok, so what can we do with this? It certainly does not look like a familiar language to me. The name of the challenge is "Inferno", I wonder if that has anything to do with Dante's Inferno. Let's use some Googling to see what we can find. Sure enough, I searched for "dante programming language" and Malbolge came up. Just like my humanities prof back in college taught us about this book, the 8th circle of hell contains counterfeiters, sorcerers, grafters, hypocrites and other sinners guilty of fraud.

According to Wikipedia, Malbolge is apparently influenced by Brainfuck… Nope. I don't want to finish this challenge. As a joke, a colleague and I tried to figure out Brankfuck, but gave up after about three minutes. It's not very fun, check out this "Hello, world" code snippet.

++++++++[>++++[>++>+++>+++>+<<<<-]>+>+>->>+[<]<-]>>.>---.+++++++..+++.>>.<-.<.+++.------.--------.>>+.>++.


This is literally "Hello, world" in Brankfuck. Ok, enough Brainfuckery, let's just finish this challenge.

I am not about to find an IDE/interpreter/compiler for Malbolge, so let's see if there's a web interpreter available. A quick Google search for "malbolge interpreter online" and sure enough:


Oh look, right on the front page, "Malbolge, invented by Ben Olmstead in 1998, is an esoteric programming language
designed to be as difficult to program in as possible. And so it is :-)". Hey you know what, it's one less thing for me to figure out. Let's drop this code in and see if we can get a flag!

I copy/paste the code in, click Run Program, and there's the flag! Congratulations, we've made it through the Inferno challenge!

Let's take a look at what we used to solve this challenge. First, we used "wget" to download the zip file, "unzip" to unzip the file, some Googling, and some past-knowledge of Dante's Inferno to find the language this was written in. I'd say this was pretty easy, not terrible, but not a complete walk in the park.

Until next time!

Comments

Post a Comment

Popular posts from this blog

Exporting BitLocker Recovery Keys From AD Using PowerShell

In preparation for migrating our workstations over to Microsoft BitLocker Administration Management (MBAM), I wanted to backup the recovery keys for my team's systems since we're testing and implementing it. In order to do this, I needed to write something that would pull in every computer in an OU in AD, then grab the msFVE-RecoveryInformation class for each object. I know, I know... there's better ways to create the PSObject. I've been mired in writing in PowerShell 2.0 to support the Windows XP systems here at the company. I know, I know... yes, we still have Windows XP. Yes, there are plans on moving to a supported OS. No, I don't know when that will be.
Read more

Hack the Box Challenge - Blackhole

Image
It looks like HTB has added a few new Miscellaneous challenges since my last post, time to get back to work! First on my list is Blackhole, a 20 point challenge with a hint of "A strange file has been discovered in Stephen Hawking's computer. Can you discover what it is?" Let's get started! I use wget to download the zip file, then unzip to extract it. After I enter the password, it looks like there's another archive in here, let's try to extract that one as well. Well, according the file manager, it has the folder icon, but when I run the file hawking command, it appears to be a jpeg - let's rename it and see what happens. Using the rename command, mv hawking hawking.jpg changes the extension to a jpeg. Now I can see a picture of Stephen Hawking with a nice quote, "Life would be tragic if it weren't funny." This is probably going to be a stego challenge, awesome! I'll use steghide like I did in the Milkshake challenge,
Read more

Hack the Box Challenge - You Can Do It!

Hint: The flag is in the format HTB{plaintext} Not much in the way of a hint, but let's get this show started! I download the zip file using wget , then extract it using unzip and the password provided. Just like the last Crypto challenge "Classic, yes complicated!", we're given a txt file that contains a "scrambled" string. I'm going to try to use ROT13 again to see if we have any luck. Nope, of course it wouldn't be THAT easy! I see the last character of this string is a "!". That's probably padding, so let's see what we can find. My research didn't find anything with padding, what else could it be? The first letter is "Y" and the last character is "!", same as the challenge name. I bet this is an anagram, off to find an online anagram solver! Searching online was a bust, but I was able to solve it by writing it out and crossing the letters as I used them. Just like the challenge, you can d
Read more