Lost in the Forest
Challenge
You’ve rooted a notable hacker’s system and you’re sure that he has hidden something juicy on there. Can you find his secret?
Solution
We receive a zip file named ‘fs.zip’ which contains a partial root file system of our hacker’s machine. After unzipping we looked for all potentially interesting files:
1
find -type f .
And spotted ‘./home/hkr/Desktop/clue.png’ which is just a picture of a red
herring. Cute. So the other dozens of JPGs are probably also red herrings. Next
we looked for more interesting files and just looked at them individually with
a text editor:
1
vim `find -type f .`
Most were rather uninteresting, but there was a base64 looking string,
./home/hkr/hzpxbsklqvboyou
which might be interesting later. In
.bash_history
there were some interesting commands:
1
2
3
wget https://gist.githubusercontent.com/Glitch-is/bc49ee73e5413f3081e5bcf5c1537e78/raw/c1f735f7eb36a20cb46b9841916d73017b5e46a3/eRkjLlksZp
mv eRkjLlksZp tool.py
./tool.py ../secret > ../hzpxbsklqvboyou
So that script generated the base64 stuff on the desktop. We’ll just write a decode version of the script and decrypt our output.
Flag
1
IceCTF{good_ol_history_lesson}
Flag
IceCTF{good_ol_history_lesson}