Hack the Box Challenge - Blackhole



It looks like HTB has added a few new Miscellaneous challenges since my last post, time to get back to work! First on my list is Blackhole, a 20 point challenge with a hint of "A strange file has been discovered in Stephen Hawking's computer. Can you discover what it is?" Let's get started!

I use wget to download the zip file, then unzip to extract it. After I enter the password, it looks like there's another archive in here, let's try to extract that one as well. Well, according the file manager, it has the folder icon, but when I run the file hawking command, it appears to be a jpeg - let's rename it and see what happens.

Using the rename command, mv hawking hawking.jpg changes the extension to a jpeg. Now I can see a picture of Stephen Hawking with a nice quote, "Life would be tragic if it weren't funny." This is probably going to be a stego challenge, awesome!

I'll use steghide like I did in the Milkshake challenge, hopefully I'll actually be able to use it this time around. I enter steghide extract -sf hawking.jpg, but it's asking for a password. I took a wild guess and typed in the name of the file itself, and it worked!

Let's take a look at the flag.txt file we got from steghide. The only text in the file is one really long line with an = at the end, which probably means Base64. Base64 encoding will use one or two equal signs depending on how much it needs to pad the string to the proper length.

I use the base64 --decode flag.txt command, but it looks like it's just encoded twice, so I run the command again, this time piping it to base64 --decode again:


base64 --decode flag.txt | base64 --decode

So I see some encrypted text and the flag, which is also encrypted. I'm going out on a limb here, but I think it's a Caesar cipher going by instead of HTB, it says TFN. I'm going to head over to https://www.dcode.fr/caesar-cipher and see what I can find!

I paste in the coded text, hit the Test All… radio button and hit Decrypt Caesar Code to see what I find. It looks like it's a ROT12 cipher, so I change the radio button and type in 12 so I can read the message - what a neat little challenge! The encoded text is a Brief History of Hawking and the flag.

Until next time!

Comments

Popular posts from this blog

Exporting BitLocker Recovery Keys From AD Using PowerShell

Hack the Box Challenge - You Can Do It!