Created
January 24, 2021 15:09
-
-
Save husniadil/85a65025db5fa84f239e73afbb659b04 to your computer and use it in GitHub Desktop.
Hack The Box: Eternal Loop
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Solve https://app.hackthebox.eu/challenges/56 | |
| # Eternal Loop | |
| # Can you find a way out of this loop? | |
| # Usage: ./solve.sh | |
| # crack last zip file | |
| zip2john 6969.zip > hash | |
| john hash --fork=4 -w=/usr/share/wordlists/rockyou.txt 2>/dev/null | |
| PASSWORD=`john --show hash | grep -m1 6969.zip | cut -d: -f2` | |
| # extract last zip file | |
| unzip -o -P $PASSWORD 6969.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Solve https://app.hackthebox.eu/challenges/56 | |
| # Eternal Loop | |
| # Can you find a way out of this loop? | |
| # Usage: ./solve.sh | |
| DATABASE_FILENAME=DoNotTouch | |
| HTB_TABLE="" | |
| for TABLE_NAME in $(sqlite3 $DATABASE_FILENAME .tables) | |
| do | |
| sqlite3 $DATABASE_FILENAME "SELECT * FROM $TABLE_NAME;" | grep 1>/dev/null 'HTB' && HTB_TABLE=$TABLE_NAME | |
| done | |
| sqlite3 $DATABASE_FILENAME "SELECT * FROM $HTB_TABLE;" | grep 'HTB' | sed -e 's/.*HTB/HTB/g' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Solve https://app.hackthebox.eu/challenges/56 | |
| # Eternal Loop | |
| # Can you find a way out of this loop? | |
| # Usage: ./solve.sh | |
| # extract original file | |
| ORIGINAL_FILENAME="Eternal Loop.zip" | |
| ORIGINAL_PASSWORD=hackthebox | |
| unzip -o -P $ORIGINAL_PASSWORD "$ORIGINAL_FILENAME" | |
| # extract contents | |
| FILENAME=`unzip -l "$ORIGINAL_FILENAME" | awk '{print $4}' | grep .zip` | |
| while : | |
| do | |
| NEXT_FILENAME=`unzip -l $FILENAME | awk '{print $4}' | grep .zip` | |
| PASSWORD=`echo $NEXT_FILENAME | sed "s/\.zip//g"` | |
| unzip -o -P $PASSWORD $FILENAME | |
| FILENAME=$NEXT_FILENAME | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Solve https://app.hackthebox.eu/challenges/56 | |
| # Eternal Loop | |
| # Can you find a way out of this loop? | |
| # Usage: ./solve.sh | |
| echo Extracting files... | |
| sh extract-loop.sh 1>/dev/null | |
| echo Decrypting... | |
| sh extract-6969.sh 1>/dev/null | |
| echo Finding flag... | |
| sh extract-flag.sh | |
| echo Done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment