Obscure Challenge

Really enjoy with this challenge. thanks @artikrh for this amazing challenge… Got it feel free to PM me

This challenge was so much fun! Thanks so much to @artikrh!
One of the best so far of all categories! Congrats!
and i noted your easter egg ahahaha, good luck and keep your work :wink:
I just needed a little help on decoding the commands and thanks @m4nu for helping me out on that!
When you get that is easy… Unlikely other challenges, in this one you have to use brute force to finish it.
Hope this will not spoil so much and goodluck. :slight_smile:

Can anyone help me out? I feel like I’m at the very end… I deobfuscated, I get to the last bit, I get p***.***x, but it’s only 78 bytes after I manipulate it, and my “friend” says it has an invalid file signature. If someone wants to PM me I can show what I have.

1 Like

Hello, I need help with this.
Ok, my php is readable.
I found the Ip of the hacker, but now I don’t know what I need do.
I tried run the php file, not successful

I had a lot of fun with this challenge. from the first to the last step.
It was neither difficult nor too easy.
Thank you @artikrh well done!

@Anoraks said:
Hello, I need help with this.
Ok, my php is readable.
I found the Ip of the hacker, but now I don’t know what I need do.
I tried run the php file, not successful

you’re in the right path.
Once you understand how the script works, you have to feed him some data.
Look at the pcap and follow the flow.
Finally you have to force the last step, simple and well known list is enough as usual.

I have done everything that needs to be done in this challenge and still don’t have the flag, so if anyone can pm to tell me what am I missing I would be grateful.

I cracked the h**h, and unsure where to go from here, anyone able to point me in the right direction?

Very cool challenge, longer than some boxes !!

This was the most rewarding HTB challenge I’ve completed. Partially due to learning new skills but also to the lack of concrete hints. It was really fun dissecting exactly what was going on.

Type your comment> @Paradoxxs said:

I cracked the h**h, and unsure where to go from here, anyone able to point me in the right direction?

well better try it on the k##x file
john is your best friend, well maybe other prefer hc. but i found it was actually simple than it seems…

I managed to find a reference to a certain file in the pcap, but I’m not sure how to go from there, can anybody point me in the right direction, please?

This challenge is amazing. Thanks a lot @artikrh ! I really enjoyed it.
DM me if you need a hint.

Just my type of challenge, thanks @artikrh!!
I had the same obsessive vibe “what’s this? and this?” as in video games poking at everything ^^’

@artikrh Thanks a lot! It was really fun doing this challenge.

Lesson learned : reproduce !

Was a struggle but a nice challenge overall !

Edit : @artikrh → thanks for the write-up !!

Initially I thought I wouldn’t the forensics challenges, but this is already my third and once more I had as much fun as if playing a hacking game (it is a hacking game :laughing:)

For anyone who don’t know where to go, R is here, and I surely can help you

Can anybody help me with the password cracking part? I’ve tried bruteforcing using keepass2john on the kdbx file, but I received a “hash.kdbx : Unknown format: File signature invalid” all the time…

P.S. Please let me know if my post spoiled the challenge’s thread, it’s my first time posting in the forums. Thank you.

1 Like

Finally got it!

Took me a while to understand PHP (not one of my strengths…)
For those who are stucked as I was, here are some tips:

  • Understand support.php
  • Investigate PCAP file and find the interesting flow
  • Try to join both steps to get interesting info. I used this tool https://onlinephp.io/ (I am a PHP noob), but you can also use php command or smth like that
  • Once you get a interesting file, try to play with some similar local files just to find which is the difference between those files and the one you have recovered

Feel free to PM me :slight_smile:

Thanks to all who posted here hints, they helped me a lot :wink:

2 Likes

Hello everybody, can someone have an advice for me : I can’t open the file .k**x even with the password. It’s still say that the file is corrupted or that the File signature is invalid. I try different application, to reinstall, re create the file, repair the file, nothing work. If anybody have any idea, thank you very much for your help !