Kryptos

So Iā€™ve RCE and found something in the home directory that is encrypted using a ā€œweak methodā€ but I canā€™t wrap my head around how to decrypt that. Iā€™m trying to throw rockyou at it using some Python tool but thatā€™ll take forever and isnā€™t guaranteed to work. Iā€™ve also manually tried everything that looks like a password in the other files I found. Any hints where to look?

/Edit: Nevermind got user. Hint for others: Attack the weak crypto but donā€™t try to brute the fileā€™s passwordā€¦

Type your comment

Can anyone give a nudge in the login page, I see a token and a Database in the input, but donā€™t know how to reverse it

I loved it. Somehow every step was logical and I didnā€™t get stuck for too long on anything, whilst actually learning a lot. @no0ne @Adamm thank you guys, had tons of fun.

PM for hints. :slight_smile:

Rooted. Amazing box! Most fun I had so far

Finally rooted. That was fun! And frustration, but mostly fun :slight_smile:
Hint for user: straight forward, everything might be done without bruteforcing. Google errors, google ciphers, google vulnerabilities ā€¦ you will get it.
Hint for root: Internet is not always right ā€¦

This was the best bypass Iā€™ve ever seen in my life ā€¦

This box has me pulling my hair out. I have no idea how to get the initial foothold

Type your comment> @N30C0UNT said:

This box has me pulling my hair out. I have no idea how to get the initial foothold

me too :frowning:

Fun machine, got root!

Spoiler Removed

Is it just me, or did the first step/foothold take longer than rooting the box, lol. Great box!!! But I did lose a patch of hair on my head because of the frustration of this box.

is the key in sqlite_test_page.php ?

Can anyone help me for the initial foothold? Iā€™ve got some interesting error messages, but canā€™t find any attack vectorsā€¦

This machine is awesome! Havenā€™t ā€œgottenā€ root yet, but I have my notes written and know what I need to do once Iā€™m off work, so consider this box pwned!

Thanks for the box @no0ne and @Adamm, it was legit!

Type your comment> @nitrow said:

Can anyone help me for the initial foothold? Iā€™ve got some interesting error messages, but canā€™t find any attack vectorsā€¦

same boat :slight_smile:

This was honestly the best HTB box Iā€™ve done so far. I had a lot of fun going through the box. Every step was super logical there was no guessing involved. Thanks for creating such an amazing box @no0ne and @Adamm ! Hope you create more boxes in the future.

Passed the login and i can see some things i probably shouldnā€™t but nothing much and in-depth. Any pointers would be welcomeā€¦

edit : NVM I got it :slight_smile:

edit: nvm