Over the wire Natas Level 8

Over the wire Natas Level 8

Objective:

Get password for Level 9

Solution:

So here we get a input box that checks to see if it’s the right key to get the correct password

We can see if the source code that the input we give is compared to a hardcoded string before it gives out the password

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) {

return bin2hex(strrev(base64_encode($secret)));

so it takes our input, base64encodes it, reverses the string, then converts to HEX

so theoretically we if we take the hard coded secret and run it through that sequence backwards we should have the value needed to match.

I wrote a little python script to do the encoding for me

import base64

string = '3d3d516343746d4d6d6c315669563362'

print("The String is: ",string, "Length is :", len(string))

unhex = bytes.fromhex(string).decode('utf-8')

print("Un hexed is: ",unhex, "Length is: ",len(unhex))

reversestring = unhex[::-1]

print("reversed is: ",reversestring,"Length is: ",len(reversestring))

base64string = base64.b64decode(reversestring).decode('utf-8')

print("decdoed is: ", base64string, "Lenght is: ", len(base64string))

Here is the output

The String is: 3d3d516343746d4d6d6c315669563362 Length is : 32

Un hexed is: ==QcCtmMml1ViV3b Length is: 16

reversed is: b3ViV1lmMmtCcQ== Length is: 16

decdoed is: oubWYf2kBq Lenght is: 10

Let’s try this oubWYf2kBq as the as they key to get the next password

Access granted. The password for natas9 is W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

Comments

HacktheBox - Retired - Frolic

HacktheBox - Retired - Frolic Recon Let's start out with a threader3000 scan Some interesting results here Port 22 and 445 aren't uncommon… but 1880 and 9999 are.. Let's let nmap run through these ports Option Selection: 1 nmap -p22,445,1880,9999 -sV -sC -T4 -Pn -oA 10.10.10.111 10.10.10.111 Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-05 16:17 EDT Nmap scan report for 10.10.10.111 Host is up (0.060s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 87:7b:91:2a:0f:11:b6:57:1e:cb:9f:77:cf:35:e2:21 (RSA) | 256 b7:9b:06:dd:c2:5e:28:44:78:41:1e:67:7d:1e:b7:62 (ECDSA) |_ 256 21:cf:16:6d:82:a4:30:c3:c6:9c:d7:38:ba:b5:02:b0 (ED25519) 445/tcp open netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP) 1880/tcp open http Node.js (Express middlewar...

Hack The Box - Retired - Laboratory

HackTheBox - Laboratory - Retired Starting off with a quick scan using threader6000 /opt/threader3000/threader6000.py 10.10.10.216 Ports 22,80,443 came back. Run nmap against these ports. nmap -p22,80,443 -sV -sC -T4 -Pn -oN 10.10.10.216 10.10.10.216 nmap -p22,80,443 -sV -sC -Pn -T4 -oN 10.10.10.216 10.10.10.216 Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-13 17:43 EDT Nmap scan report for laboratory.htb (10.10.10.216) Host is up (0.060s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 25:ba:64:8f:79:9d:5d:95:97:2c:1b:b2:5e:9b:55:0d (RSA) | 256 28:00:89:05:55:f9:a2:ea:3c:7d:70:ea:4d:ea:60:0f (ECDSA) |_ 256 77:20:ff:e9:46:c0:68:92:1a:0b:21:29:d1:53:aa:87 (ED25519) 80/tcp open http Apache httpd 2.4.41 |_...

A collection of online Security CTF and Learning sites

Hellbound Hackers Embedded Security CTF Arizona Cyber Warfare Range Over The Wire - Bandit Pico CTF 2018 Hack The Box.eu Root Me: Challenges/Forensic RingZero CTF Vulnerable By Design - Vulnerable VMs Murder Mystery SQL Challenge Incident Response Challenge Authentication Lab Walkthroughs Defcon CTF Archives Matrix Holiday Hack Cyber Defenders | Blue Team and CTF Crypto Hack - learning Crypto Video Learning Zero to Hero Pentesting by The Cyber Mentor

circusmonkey404's Security Site

Search This Blog