Security Blog, Rants, Raves, Write-ups, and Code
fs0ciety
| Name: | fs0ciety |
|---|---|
| Hint: | We believe that there is an SSH Password inside password protected 'ZIP' folder. Can you crack the 'ZIP' folder and get the SSH password? |
| Base Points: | Easy - Retired [0] |
| Rated Difficulty: |  |
 |
stefano118  |
| Creator: | subzer0x0  |
We start again with the file unzipping with the standard Hack the Box challenge password. Inside, we find another ZIP appropriately named fsociety. It asks for another password when we try to open it. So, let's run it through fcrackzip with our favorite 'rockyou.txt' wordlist.
$ fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt fsociety.zip
PASSWORD FOUND!!!!: pw == justdoit
Step one done. Unzip fsociety.zip with the password 'justdoit' and open the sshcreds_datacenter.txt, which has:
*****************************************************************************************
Encrypted SSH credentials to access Blume ctOS :
MDExMDEwMDEgMDExMDAxMTAgMDEwMTExMTEgMDExMTEwMDEgMDAxMTAwMDAgMDExMTAxMDEgMDEwMTExMTEgMDExMDAwMTEgMDEwMDAwMDAgMDExMDExMTAgMDEwMTExMTEgMDAxMDAxMDAgMDE
xMDExMDEgMDAxMTAwMTEgMDExMDExMDAgMDExMDExMDAgMDEwMTExMTEgMDExMTAxMTEgMDExMDEwMDAgMDEwMDAwMDAgMDExMTAxMDAgMDEwMTExMTEgMDExMTAxMDAgMDExMDEwMDAgMDAxMT
AwMTEgMDEwMTExMTEgMDExMTAwMTAgMDAxMTAwMDAgMDExMDAwMTEgMDExMDEwMTEgMDEwMTExMTEgMDExMDEwMDEgMDExMTAwMTEgMDEwMTExMTEgMDExMDAwMTEgMDAxMTAwMDAgMDAxMTAwM
DAgMDExMDEwMTEgMDExMDEwMDEgMDExMDExMTAgMDExMDAxMTE=
*****************************************************************************************
That looks like Base64. We can decode it either through CLI or at https://www.base64decode.org/ Decoding it provides this output:
$ echo sshcreds_datacenter.txt | base64 -d
01101001 01100110 01011111 01111001 00110000 01110101
01011111 01100011 01000000 01101110 01011111 00100100
01101101 00110011 01101100 01101100 01011111 01110111
01101000 01000000 01110100 01011111 01110100 01101000
00110011 01011111 01110010 00110000 01100011 01101011
01011111 01101001 01110011 01011111 01100011 00110000
00110000 01101011 01101001 01101110 01100111
Obviously, this is binary. Decoding it at the below URL provides the flag.
https://codebeautify.org/binary-to-text
HTB{if_y0u_c@n_$m3ll_wh@t_th3_r0ck_is_c00king}
©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity
(GET WRITTEN PERMISSION PEOPLE!!)
Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
Contact the external sites for answers to questions regarding its content.
This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.