You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Source code i got this http://Ip/th1s_1s_h1dd3n/?secret=
Doing this manually take a long time let automate this with help of python, I already created secret.py tap here
death@esther:~$ python3 secret.py
Enter IP:10.10.81.42
Found secret: 73
<html>
<head>
<title>Hidden Directory</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="main">
<h2>Welcome! I have been expecting you!</h2>
<p>To obtain my identity you need to guess my secret! </p>
<!-- It's between 0-99 but I don't think anyone will look here-->
<p>Secret Entered: 73</p>
<p>Urgh, you got it right! But I won't tell you who I am! y2RPJ4QaPF!B</p>
</div>
</body>
</html>
y2RPJ4QaPF!B
Let try steghide maybe this is the passphrase,
death@esther:~$ steghide info thm.jpg
"thm.jpg":
format: jpeg
capacity: 1.0 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
embedded file "hidden.txt":
size: 101.0 Byte
encrypted: rijndael-128, cbc
compressed: yes
steghide extract -sf thm.jpg
We got hidden.txt
death@esther:~$ cat hidden.txt
Fine you found the password!
Here's a username
wbxre
I didn't say I would make it easy for you!
This username looks strange to me let try to decode this
echo -n "wbxre" | tr 'A-Za-z' 'N-ZA-Mn-za-m'
this is Rot13 cypher on cyberchef
joker this is the real username.
I have tried everthing but didn't find anything after help of some resource i found the lab banner contain some information.
death@esther:~$ steghide info banner.jpg
"banner.jpg":
format: jpeg
capacity: 6.6 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
embedded file "password.txt":
size: 83.0 Byte
encrypted: rijndael-128, cbc
compressed: yes
It just a blank entry as passphase,
death@esther:~$ steghide extract -sf banner.jpg
Enter passphrase:
wrote extracted data to "password.txt".
Let take a look at this password.txt
death@esther:~$ cat password.txt
I didn't think you'd find me! Congratulations!
Here take my password
*axA&GF8dP
Let log in with SSH.
Username: joker
Password: *axA&GF8dP
ssh joker@<IP>
death@esther:~$ ssh joker@10.10.81.42
The authenticity of host '10.10.81.42 (10.10.81.42)' can't be established.
ED25519 key fingerprint is SHA256:B0gcnLQ9MrwK4uUZINN4JI6gd+EofSsF2e8c5ZMDrwY.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.81.42' (ED25519) to the list of known hosts.
joker@10.10.81.42's password:
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-170-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
Last login: Sun Jan 5 18:51:33 2020 from 192.168.244.128
joker@ubuntu:~$
