BlackHole - Hack The Box Challenge
BlackHole it’s a misc challenge from HackTheBox which contains a little bit of stenography and decoding of ciphers
Pre-start
First of all, uncompress zip.
Second, uncompress the archive.zip
.
We’ll found a file, with file
we can find out which type of file is
Steganography
file hawking
Output:
hawking: JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 794x579, components 3
After doing some checks I decided to use steghide to see if there were any hidden files in the archive
Instalation: apt-get install steghide
steghide extract -sf hawking
Output:
Annotate the safe-conduct:
annotate data extracted from/"flag.txt".
I used “hawking” as password, I was just lucky, if it couldn’t have worked i couldn’t have worked i could then have ran stegcracker (A tool used to brute force image passphrase). But luckily it worked.
Decoding
Now we get a file called flag.txt. On opening the file it appears to be base64 encodeded.
I had to decode twice to get something like a flag at the end of the text
I used this commands but if you want , you can use an online tool.
base64 -d flag.txt | base64 -d
Output:
Efqbtqz Iuxxumy Tmiwuzs ime mz Qzsxuet ftqadqfuomx btkeuouef, oaeyaxasuef, mzp mgftad, ita ime pudqofad ar dqeqmdot mf ftq Oqzfdq rad Ftqadqfuomx Oaeyaxask mf ftq Gzuhqdeufk ar Omyndupsq mf ftq fuyq ar tue pqmft. Tq ime ftq Xgomeumz Bdarqeead ar Ymftqymfuoe mf ftq Gzuhqdeufk ar Omyndupsq nqfiqqz 1979 mzp 2009. Tmiwuzs motuqhqp oayyqdoumx egooqee iuft eqhqdmx iadwe ar babgxmd eouqzoq uz ituot tq pueogeeqe tue aiz ftqaduqe mzp oaeyaxask uz sqzqdmx. Tue naaw M Nduqr Tuefadk ar Fuyq mbbqmdqp az ftq Ndufuet Egzpmk Fuyqe nqef-eqxxqd xuef rad m dqoadp-ndqmwuzs 237 iqqwe. Tmiwuzs ime m rqxxai ar ftq Dakmx Eaouqfk, m xurqfuyq yqynqd ar ftq Bazfuruomx Mompqyk ar Eouqzoqe, mzp m dqoubuqzf ar ftq Bdqeupqzfumx Yqpmx ar Rdqqpay, ftq tustqef ouhuxumz mimdp uz ftq Gzufqp Efmfqe. Uz 2002, Tmiwuzs ime dmzwqp zgynqd 25 uz ftq NNO\’e baxx ar ftq 100 Sdqmfqef Ndufaze.
TFN{------------------------}
But this is not the format that hack the box flag normally looks like, so there must be another encryption.
I used an online tool trying to find the cipher:
It was a caesar cipher.
So with this tool , testing shifts I found it to be ROT14, finally obtaining the flag.
Byee