Hack the Box Challenge - misDIRection


Hint: During an assessment of a unix system the HTB team found a suspicious directory. They looked at everything within but couldn't find any files with malicious intent.

At first glance, this looks like a traversal challenge or something. Let's take a look! I download the zip file using wget, then extract using unzip and the provided password. It looks like we have a 15.3K file with "nothing" in it - this is going to get interesting, I can already tell! The root folder is hidden, so that's why it doesn't appear in your file browser by default.

I went back to the terminal and ran unzip -t misDIRection.zip so I could get a better view of everything. The first thing that popped out was some of the folders were empty, while others had a single file with just a number for a file name.

Ok, don't over think this one. It's stupid easy, you just have to open your eyes and look at what's in front of you.

I went old school for this challenge - I'm sure there's a script I could run to sort by number, but I did it all by hand because why not? I copied the output of that unzip -t command into Leafpad, then started deleting the folders that didn't have a number.



After I cleaned it up (ctrl+h is your friend here), I started rearranging the folders by the number of the file.  One is S, two is F, etc. Make sure you keep an eye on the case of the folder name, that will be important later. After everything had been sorted, I thought I had the flag. I appended HTB{} around it and clicked Submit. Nothing. Minor setback, let's see what we can do with this. My first instinct was to check to see if this was a hash or something. I browsed out to MD5 Hashing and dropped my string in there. Looking at all of the available decoded hashes, nothing is popping out to me as a valid flag. Well, the name of the challenge is misDIRection, maybe the flag is just that string backwards! I found a web app that will reverse any string you want, but that still wasn't it. Finally, I went over to Base64 Decode and dropped my string in there. Bingo! And look! It already has the HTB{} there for us. After another copy/paste, I had completed this challenge successfully.


Until next time!

Comments

Post a Comment

Popular posts from this blog

Exporting BitLocker Recovery Keys From AD Using PowerShell

In preparation for migrating our workstations over to Microsoft BitLocker Administration Management (MBAM), I wanted to backup the recovery keys for my team's systems since we're testing and implementing it. In order to do this, I needed to write something that would pull in every computer in an OU in AD, then grab the msFVE-RecoveryInformation class for each object. I know, I know... there's better ways to create the PSObject. I've been mired in writing in PowerShell 2.0 to support the Windows XP systems here at the company. I know, I know... yes, we still have Windows XP. Yes, there are plans on moving to a supported OS. No, I don't know when that will be.
Read more

Hack the Box Challenge - Blackhole

Image
It looks like HTB has added a few new Miscellaneous challenges since my last post, time to get back to work! First on my list is Blackhole, a 20 point challenge with a hint of "A strange file has been discovered in Stephen Hawking's computer. Can you discover what it is?" Let's get started! I use wget to download the zip file, then unzip to extract it. After I enter the password, it looks like there's another archive in here, let's try to extract that one as well. Well, according the file manager, it has the folder icon, but when I run the file hawking command, it appears to be a jpeg - let's rename it and see what happens. Using the rename command, mv hawking hawking.jpg changes the extension to a jpeg. Now I can see a picture of Stephen Hawking with a nice quote, "Life would be tragic if it weren't funny." This is probably going to be a stego challenge, awesome! I'll use steghide like I did in the Milkshake challenge,
Read more

Hack the Box Challenge - You Can Do It!

Hint: The flag is in the format HTB{plaintext} Not much in the way of a hint, but let's get this show started! I download the zip file using wget , then extract it using unzip and the password provided. Just like the last Crypto challenge "Classic, yes complicated!", we're given a txt file that contains a "scrambled" string. I'm going to try to use ROT13 again to see if we have any luck. Nope, of course it wouldn't be THAT easy! I see the last character of this string is a "!". That's probably padding, so let's see what we can find. My research didn't find anything with padding, what else could it be? The first letter is "Y" and the last character is "!", same as the challenge name. I bet this is an anagram, off to find an online anagram solver! Searching online was a bust, but I was able to solve it by writing it out and crossing the letters as I used them. Just like the challenge, you can d
Read more