Posts

Showing posts from July, 2018

Hack the Box Challenge - Widescreen

Hint: Someone has leaked pictures of our unreleased movie. Can you help identify him? This is probably the easiest challenge yet. Upon opening the image on my Windows box, the giant black bar across the bottom stood out. I could see some weird "artifact" hidden when I pasted the image into Word. I zoomed in and tilted my screen a little and there was the flag. I got really, really lucky with this one. Until next time!

Hack the Box Challenge - Classic, Yet Complicated!

Hint: Find the plaintext, the key is your flag! This will be my first Crypto challenge write up, let's see what we can do! I use wget to download the zip file, then use unzip and the provided password to extract my file. From that zip file we are given a txt file. It's pretty small, 553 bytes, so nothing hidden inside. Let's see what it says! "alp gwcsepul gtavaf, nlv prgpbpsu mb h jcpbyvdlq, ipltga rv glniypfa we ekl 16xs nsjhlcb. px td o lccjdstslpahzn fptspf xstlxzi te iosj ezv sc xcns ttsoic lzlvrmhaw ez sjqijsa xsp rwhr. tq vxspf sciov, alp wsphvcv pr ess rwxpqlvp nwlvvc dyi dswbhvo ef htqtafvyw hqzfbpg, ezutewwm zcep xzmyr o scio ry tscoos rd woi pyqnmgelvr vpm . qbctnl xsp akbflowllmspwt nlwlpcg, lccjdstslpahzn fptspfo oip qvx dfgysgelipp ec bfvbxlrnj ojocjvpw, ld akfv ekhr zys hskehy my eva dclluxpih yoe mh yiacsoseehk fj l gebxwh sieesn we ekl iynfudktru. xsp yam zd woi qwoc." I've done some other CTF challenges before, this looks l...

Hack the Box Challenge - You Can Do It!

Hint: The flag is in the format HTB{plaintext} Not much in the way of a hint, but let's get this show started! I download the zip file using wget , then extract it using unzip and the password provided. Just like the last Crypto challenge "Classic, yes complicated!", we're given a txt file that contains a "scrambled" string. I'm going to try to use ROT13 again to see if we have any luck. Nope, of course it wouldn't be THAT easy! I see the last character of this string is a "!". That's probably padding, so let's see what we can find. My research didn't find anything with padding, what else could it be? The first letter is "Y" and the last character is "!", same as the challenge name. I bet this is an anagram, off to find an online anagram solver! Searching online was a bust, but I was able to solve it by writing it out and crossing the letters as I used them. Just like the challenge, you can d...

Hack the Box Challenge - misDIRection

Image
Hint: During an assessment of a unix system the HTB team found a suspicious directory. They looked at everything within but couldn't find any files with malicious intent. At first glance, this looks like a traversal challenge or something. Let's take a look! I download the zip file using wget , then extract using unzip and the provided password. It looks like we have a 15.3K file with "nothing" in it - this is going to get interesting, I can already tell! The root folder is hidden, so that's why it doesn't appear in your file browser by default. I went back to the terminal and ran unzip -t misDIRection.zip so I could get a better view of everything. The first thing that popped out was some of the folders were empty, while others had a single file with just a number for a file name. Ok, don't over think this one. It's stupid easy, you just have to open your eyes and look at what's in front of you. I went old school for this chal...