Arkham

How do i crack the file

I need a confirmation for user; is it correctly understood that the culprit is on a service serving f***s? And the state of them, for which I’ve found a key?

Type your comment> @extincted said:

I need a confirmation for user; is it correctly understood that the culprit is on a service serving f***s? And the state of them, for which I’ve found a key?

I’m at the same the stage + thinking the same thing… just not sure how to actually use the key

You guys Has anybody looked into faces?

Spoiler Removed okay i thought it just a small hint

hey waspy I got the data now I just got to move on how to make use of it that was cool good one MinatoTW

@wabafet good move on and for ur question my gobuster with 2-3mid found nothing in faces like u said

look harder this isnt gobuster or dirb specific I found this by hand after nmap

@wabafet if u talking about the file ik i found it

@waspy no I mean the faces thing is web specific me and a few other people are working on how to do something with it from the info we got from that file have you managed to atleast view the files contents?

oh okay got u, not yet i stopped working on it maybe later when am free thnx anyway and good luck

Well this is fun! I found the file containing the note and the other file easily enough. Managed to get some contents out of the other file (without needing a password) and that revealed w**. x**. b** which looks like it contains some potentially useful stuff (a bit like ‘heads’, without wanting to say too much), but I’ve no idea how to leverage it… any tips?

99% certain I’ve found the vulnerability… totally failing to exploit it though! :frowning:

Guys about the wordlist as it’s taking a lot of time, you can intelligently create a “subset” wordlist from rockyou depending on the box. :wink: Sometimes it’s important to narrow down your resources.

.

Type your comment> @19Rich said:

99% certain I’ve found the vulnerability… totally failing to exploit it though! :frowning:

Yep I am at the same stage. Tried to look at the size of the secret to determine which algo to use, as the default one requires a larger key (according to documentation).

But still no luck.

I’ve got the secret, the algorithm associated with it, and also found the vulnerability with the application, but I’ve zero idea about how to pull it all together!

Me three

Docs are your friend !

Sadly might not be able to do the box because my laptop cant bruteforce …