Eternal Loop -Misc - only bruteforce

2

Comments

  • Finally, managed to complete it! Thanks for everyone.

    badge

  • Sanduuz can you help me for the last event

    ArmaTank

  • @Sanduuz said:
    Finally, managed to complete it! Thanks for everyone.

    Sanduuz can you help me for the last event

    ArmaTank

  • Got hung up on the script loop but finally got it. Fun challenge!

  • @Sanduuz said:
    Nevermind, I just realized I have a corrupt file....

    Quality content and family fun - the HTB forums for when you're feeling down and need someone to make you giggle.

    OSCP | TMHC CTF

  • Is this file corrupt? I have downloaded the zip and extracted the contents using the default hackthebox password. However, my fcrack and john doesn't want to handle that file.

    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: Unterminated quoted string
    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: EOF in backquote substitution

    Did I corrupt my system?

  • @magnus, John and fcrack are useless here. Start with strings or xxd then use that hint and refer to the challenge name.

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • Really trying to figure out a way to make this extraction scripted. If anyone is willing to give a little nudge into the right direction, it would be much appreciated. I know a bit about scripting, but not too much yet and I think this can help me learn so much more again :)

    SnakeMind

  • @SnakeMind said:
    Really trying to figure out a way to make this extraction scripted.

    I baked something in bash, it isn't pretty but got what I wanted :joy:

    SnakeMind

  • edited July 2018

    Anyone want to give me a hint on the last file here? I scripted my way down to what I THINK is the last zip file but when I try to crack it with a common zip file cracker I get a bunch of false positives from a commonly used word list.

    Edit: never mind, it turns out that using the right options with a popular zip file cracker really makes a big difference! ;-) Anyone want to suggest to me what to do with the db contained therein?

    ...and I got it!

  • How many zip files in hear?

  • guys i cant crack with john !!
    "No password hashes left to crack " i cant fix it ,, any help would be great !

  • @stormy said:
    guys i cant crack with john !!
    "No password hashes left to crack " i cant fix it ,, any help would be great !

    Try a different tool for cracking the filetype you are working with. A literal google search should get you where you need to go.

    If anyone needs a nudge feel free to PM me

    Arrexel

  • @stormy said:
    guys i cant crack with john !!
    "No password hashes left to crack " i cant fix it ,, any help would be great !

    Maybe try an other approach? Forget dictionary attacks etc, look what is in front of your eyes.

  • HI,

    got the db, but cant find the flag inside. Any hint?

  • @pkneca said:
    HI,

    got the db, but cant find the flag inside. Any hint?

    Can you figure out what kind of db it is?
    Are there different ways you can search through or view it?

    Arrexel

  • I am able to see its contents, but cant find flag..

  • edited August 2018

    Guys my last file from zip is kinda empty am I missing something the DoNo..

  • @mohabaks said:
    Guys my last file from zip is kinda empty am I missing something the DoNo..

    You need to get and bruteforce the last zip file! Take a look to "Kali Startmenu=> Password attacks=> offline". It took 10 sec. to let me in! I used the biggest wordlist.

    Perhabs you need to run your script twice without to delete the empty file before!? My script worked this way.

    hth, otherwise PM me!

  • O my fucking god xDDDDDDDDDDDDDDDDDDDDDDDDDDDD

  • @BfB said:
    I created a python script to extract all, bruteforce and exctract the flag.. I'm lazy ahaha

    Me too, but i've found problems with the dictionary for the last password.... at the end I used default tool with the "big rock"

  • Hi here!
    Can someone explain, what I should do with database (I'm already unpack it).

  • edited September 2018

    @NicoF2000 said:
    Okay, that was easier than expected. Got the flag :+1:

    I have got to the same point you did. looking through the database, nothing obvious. What triggered the easier than expected?

    Solved it: who would have known it was there

  • edited September 2018

    @artembelskii said:
    Hi here!
    Can someone explain, what I should do with database (I'm already unpack it).

    Just use any ## editors like notepad++ to open the last database file and search 🏁.

    https://www.hackthebox.eu/profile/42599

  • nice!!, good challenge, i recommend to make a automated tool and for the last zip file brute force it, then so easy like check strings and look for the Flag

  • Only ~500 iterations loop if you cannot script the unzipping

  • Anybody else getting a corrupted zip file about 2 iterations in? I unpack Eternal_loop with the standard hackthebox password, and I do the second one the same way. However on the third file I put in hackthebox and extract it but I always get "An error occurred while extracting files." Am I alone?

  • @viadoxic said:
    Anybody else getting a corrupted zip file about 2 iterations in? I unpack Eternal_loop with the standard hackthebox password, and I do the second one the same way. However on the third file I put in hackthebox and extract it but I always get "An error occurred while extracting files." Am I alone?

    The sub-zip files have numbers as their names! Why do you think is that ? :)

  • edited October 2018

    @NicoF2000 said:
    The last zip can be extracted using a common wordlist.
    But what I fould there didn't lead me to the flag... What sould I do with this datebase?
    I already searched for the flag but I can't find it.

    The last zip is 6969.zip? i found DoNotTouch file but i can't extract zip file with fcrack.
    Which tool i should use?

Sign In to comment.