S3cr3t_R3c1p3

August left Chris in America.

R4J

Comments

  • Can't use John, rsa is broken, Text file is not understandable at all.
  • Hey guys, challenge creator here.

    To keep things fair, I'll drop the hints I posted in all the other channels here aswell.

    1. It's a forensic challenge. No need to calculate p, q and whatnot.
    2. The Challenge "story line" should have been a hint for the tool to use.
    3. Ask yourself: What can bad guys do to "hide" their tracks? Keep 1. in mind while you do so.

    Hope that get you guys a boost.

    I hope I don't waste your time on this. Either way - it's a learning experience for me aswell.

    Have fun!
    x41

    x41

  • Type your comment> @x41 said:

    Hey guys, challenge creator here.

    To keep things fair, I'll drop the hints I posted in all the other channels here aswell.

    1. It's a forensic challenge. No need to calculate p, q and whatnot.
    2. The Challenge "story line" should have been a hint for the tool to use.
    3. Ask yourself: What can bad guys do to "hide" their tracks? Keep 1. in mind while you do so.

    Hope that get you guys a boost.

    I hope I don't waste your time on this. Either way - it's a learning experience for me aswell.

    Have fun!
    x41

    Why do you think that its a good idea to guess stuff from a vague description?

    R4J

  • The names and descriptions in 90% of all challenges / boxes are some sort of hint. I'll make less use of it next time, if you guys don't like that.

    The challenge is, technically, easier than it seems. It just seems to be way out of HTB's comfort zone.

    x41

  • Type your comment> @x41 said:

    The names and descriptions in 90% of all challenges / boxes are some sort of hint. I'll make less use of it next time, if you guys don't like that.

    The challenge is, technically, easier than it seems. It just seems to be way out of HTB's comfort zone.

    Yeah but those 90% of challenges/boxes are also solvable without the hints from their names and description.

    R4J

  • R4JR4J
    edited January 11

    Obviously the challenge is easy and its just about guessing the thing.

    R4J

  • My 50 cents to it. I hope it's not too much spoiler. If so, please feel free to delete it.

    Your recipe has two ingredients. The first one should be obvious because of RSA. For the 2nd one think of buying some balloons for a party and what you need to do with them before the party starts (= reversing what evil guys often do in their code for example to not being detected by some SIEM or perimeter rules).

    Last, but not least: ignore the markers.

    v1p3r0u5
    If you need some help => 1) Your findings so far? 2) Your conclusions? 3) Your further ideas?
    RESPECT++ if I was able to help you! => https://www.hackthebox.eu/home/users/profile/139772

    No messages on the wall please and don't message me via HTB chat, please use the forum!

  • Waw what a waste of time.

    R4J

  • Sorry to hear that.

    x41

  • Do we need to decrypt a random key?

  • It's not an encryption. Otherwise it would have been in the crypto section.
    It's not stego either. Because we have a section for that on HTB.
    So what could it be that would "sort of" fit forensic?

    x41

  • I don't know but someones going to come knocking if I keep googling Meth-Cook

  • edited January 11

    I'm still thinking how this could be a forensic challenge. Mods definitely need relook. Challenges getting worse these days.

    MrR3boot
    Learn | Hack | Have Fun

  • Type your comment> @MrR3boot said:

    I'm still thinking how this could be a forensic challenge. Mods definitely need relook. Challenges getting worse these days.

    Truth to be told - It was hard to find a propper category for that. We might need a SOC / Blue-Team or whatever category for stuff like this.

    I am sorry that you didn't like the challenge. Maybe you could drop me your thought what it was that made the challenge so bad in your eyes.

    Beside that - I gave the Mods a rundown on what I want to accomplish with this challenge and expected that they will try to solve the challenge and see if it makes remotely sense to another brain that doesn't know the answer already. If a challenge isn't working as intended - it should be rejected. 100%.

    In this case the mods where sitting on my challenge for over a year before releasing it. So plenty of time to make some QA.

    I'll take your feedback as a learning exercise. Feel free to leave me some DMs so I can do better next time. Nobody got time for shitty challenges. ;)

    Cheers!
    x41

    x41

  • Very easy one.

    OSCP | CCSK

    Hack The Box

  • There is no reason whatsoever to believe that Cook encrypted the file. It is not implausible that public key is a public knowledge in this story and anybody could have encrypted this file. Poor chap was only trying to protect their private key. It is a setup.

    joeblogg801

  • Fantastic challenge! Thank you @x41 for it and @v1p3r0u5 for the genial party stuff hint here.

  • Thanks @Humi7. Glad you liked it. =)

    x41

  • edited January 16

    i have an idea on how to cook it or maybe bake it but chef must let me know where to put what. right!?

  • x41x41
    edited January 16

    Right. Except, you are the chef. ;)

    x41

  • Type your comment> @v1p3r0u5 said:

    My 50 cents to it. I hope it's not too much spoiler. If so, please feel free to delete it.

    Your recipe has two ingredients. The first one should be obvious because of RSA. For the 2nd one think of buying some balloons for a party and what you need to do with them before the party starts (= reversing what evil guys often do in their code for example to not being detected by some SIEM or perimeter rules).

    Last, but not least: ignore the markers.

    I read your hints and now I'm even MORE confused, lol! :D


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • so i managed the challange after 3 day..
    my first thoughts was to do something q and p and i saw the creators comment so i eliminated that one.
    tried with op..s.. but that didnt work so i went over to the cheef but the cheef didnt wanna cook any thing nor baking.
    found the reason to why it didnt work and honestly i woudlnt figure it out if i didnt got a nudge from @mdghost .thanks mate

    so if you find the right way to make the chef do the cooking then go over and 'OPEN' the file

    thnkas @x41 for the challange

  • @x41 said:
    Right. Except, you are the chef. ;)

    true but sometimes the chef dosent know if he should use pepper or salt or both..don wanna screw the food with bad recipes :D :D

  • Great challenge, 3 days later i can't find a simple and logical solution for cook recipe after all the hints, I hope next hints on the next days, help me, congratulations for sharing this challenge,
  • edited January 18

    @time2p1ay said:
    Great challenge, 3 days later i can't find a simple and logical solution for cook recipe after all the hints, I hope next hints on the next days, help me, congratulations for sharing this challenge,

    If you know what's the tool to bake your recipe, the hint from @v1p3r0u5 is enough to solve this challenge ;)

  • edited January 20
    You're right, hint from @v1p3r0u5 have all ingredients to cook this challenge, thank you @mrnfrancesco and @v1p3r0u5.
  • @time2p1ay you are welcome. Hope you liked it, even if it seemed to be harder than intendet.

    @Z1LV3R That's true. ^^

    x41

  • edited January 22

    edit: got unstuck.

    I enjoyed it, got me to use some new tools, and learnt stuff going down 'wrongish' path.

  • edited January 24

    Is "the tool to bake your recipe" a common one? Something normally included on Kali for example? Or is it something we have to find? Is there any blog post or other material relevant to this kind of thing I could read up on? I'm completely confused on this challenge after a very long time and many rabbit holes and feel pretty stupid.

    Oooh. #facepalm. You gotta make that balloon expand in a manner of speaking.

    Got it. Man, I am an idiot for having dived down so many rabbit holes for so long with this one.

    Good challenge! Hopefully I've learned a lesson here. :-)

  • I think I found the tool that allows me to choose my recipe and bake it.

    Do I need to edit the input to have a valid asn1 structure?
    I’m stuck on if I need to change the input, what’s the methodology

Sign In to comment.