Longbottom misc challenge

I’m more like a Java slayer at this moment tbh.
Good challenge btw.

Awesome challenge, i completely fell into that rabbit hole, learned a lot about crypto-js tho :')
I got another hint, if you are on a laptop with a putty terminal, set the font size to 7…
I still wasnt able to read it, after widening the terminal or zooming out.

Also, dont use stegcracker with a password list containing all harry potter passwords :wink:

Just take a walk, eat some pickles (goes nice while watching old sketch comedy show) and insert the result to get the flag :slight_smile:

hope this is not a spoiler. But OOOs are really 000, if you stuck at the end.

edit: wrong post.

A good challenge which took me a while. Also, I’ve never been a fan of Pickles in my burger.
o || 0 || O
Above three are all different

Just solved it…

■■■■ Rabbits… LOL

Happy to help if anyone needs a hint :slight_smile:

Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.

nmap -sSVC 10.10.10.121 →
I got three ports 22, 80 , 3000

I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.

Also there is If_None-Matched parameter pass to request header. But that doesn’t seems
fruitful.

Is there anything that I’m missing.Kindly Help me out!

This was quite fun, but at some point in the challenge, I got into a “Pickle” :slight_smile:
Please give me a shout if you need some hints or assistance!

That was a great challenge, but it has the potential of taking you forever with several rabbit-holes to fall into. Had a good laugh when it unraveled though.

Online-search can give you the tools, but you still need to be creative for one step.

Its Dill Compression

Type your comment> @VibhorBansal said:

Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.

nmap -sSVC 10.10.10.121 →
I got three ports 22, 80 , 3000

I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.

Also there is If_None-Matched parameter pass to request header. But that doesn’t seems
fruitful.

Is there anything that I’m missing.Kindly Help me out!

wrong forum :expressionless:

Well, this one was kind of BS. I would have never found it without people here commenting about terminal width/zoom.

iv found the relish but the reptile keeps complaining.
AttributeError: ‘module’ object has no attribute ‘load’

anyone able to help out, iv tried stackoverflow and so on, removed and added the culpret and so on, but no dice.

Type your comment> @SecHaq said:

A good challenge which took me a while. Also, I’ve never been a fan of Pickles in my burger.
o || 0 || O
Above three are all different

haha this is a good hint ??

■■■■ rabbit hole.
if anyone need help PM me… ???

HAPPY TO HELP…!!!

I liked this one. Would have been in a pickle if I hadn’t read some of the hints on here though.

Hi folks im on the last step… found the “PW” with the python2 thing ^^ (try to not hint anything very important :D) but what the ■■■■ should i do with these (888b…88blah) stuff… am i just blind or do i miss something?

PM me if you have some helping hint

Krg s1ck0

This challenge killed me… However, now I know how to make my terminal startup look fancy… Thanks for all your hints.

:tired_face:

Image