kqjy/GiTxHextech-Challenge-Repo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update writeup.md

Browse Source
This commit is contained in:
Twilight
2024-04-11 22:56:05 +08:00
committed by GitHub
parent e27e514e89
commit 4a8fa630d2
1 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
challenges/misc/Chef/writeup.md
View File

@@ -4,7 +4,8 @@ To crack the password, we can attempt to guess it. However, that can take a long
First, we will run the command ``zip2john TopSecret.zip > myzip`` as seen in the following screenshot. Running this command will covert it into a format that can be cracked using John The Ripper.
![[challenges/misc/Chef/images/cimg-1.png]]
![cimg-1](https://github.com/lenebread/GiTxHextech-Challenge-Repo/blob/e27e514e892e8a00c10214a096b4dc90a3f9957d/challenges/misc/Chef/images/cimg-1.png)
Once done, we can use any wordlist. In this example, we will be using ``rockyou.txt`` which can be found in the ``/usr/share/wordlists/rockyou.txt`` if you are using Kali Linux. You may choose your own wordlist for this challenge. The command will be:
@@ -16,15 +17,17 @@ Command breakdown:
- ``--wordlist=/usr/share/wordlists/rockyou.txt`` - Specifies the wordlist that John The Ripper will use.
- ``myzip`` - Specifies the file that contains the hash that we want to crack.
![[cimg-2]]
![cimg-2](https://github.com/lenebread/GiTxHextech-Challenge-Repo/blob/e27e514e892e8a00c10214a096b4dc90a3f9957d/challenges/misc/Chef/images/cimg-2.png)
After running the command, we can see that the password is ``secret``. We can unzip the file by using the command ``unzip TopSecret.zip`` or right click the file in the File Explorer > Extract Here > Enter the password as seen in the following screenshots.
Extracting the file:
![[cimg-3]]
![cimg-3](https://github.com/lenebread/GiTxHextech-Challenge-Repo/blob/e27e514e892e8a00c10214a096b4dc90a3f9957d/challenges/misc/Chef/images/cimg-3.png)
Entering the password:
![[cimg-4]]
![cimg-4](https://github.com/lenebread/GiTxHextech-Challenge-Repo/blob/e27e514e892e8a00c10214a096b4dc90a3f9957d/challenges/misc/Chef/images/cimg-4.png)
Upon extracting the folder, we can see a file called ``flag.txt``. Opening the text file presents us with the following contents:
@@ -34,7 +37,7 @@ There once lived a chef in the cyber realm. The chef owned 64 bases around the w
The chef is sad that his once world renowned recipe became: VVJLe0d1M19GM2NyRV9GM3BlM2dfRXJQdmMzfQ==
```
![[cimg-5]]
![cimg-5](https://github.com/lenebread/GiTxHextech-Challenge-Repo/blob/e27e514e892e8a00c10214a096b4dc90a3f9957d/challenges/misc/Chef/images/cimg-5.png)
We can see that the flag is most likely the recipe. Reading the lines, we can see that there are some clues as to how we can decrypt the recipe.
@@ -42,8 +45,16 @@ From the word "64 bases" we can assume that base64 is at play. We can confirm th
To decrypt the recipe, we can use a tool called CyberChef (https://gchq.github.io/CyberChef/). Inputting the base64 string on the right and selecting the "From Base64" recipe reveals a part of the flag.
![[cimg-6]]
![cimg-6](https://github.com/lenebread/GiTxHextech-Challenge-Repo/blob/e27e514e892e8a00c10214a096b4dc90a3f9957d/challenges/misc/Chef/images/cimg-6.png)
To further decrypt this, we can use the "ROT13" operator. As we can see in the following screenshot, we managed to obtain the flag in the output. The flag is ``HEX{Th3_S3peR_S3cr3t_ReCip3}``
![[cimg-7]]
![cimg-7](https://github.com/lenebread/GiTxHextech-Challenge-Repo/blob/e27e514e892e8a00c10214a096b4dc90a3f9957d/challenges/misc/Chef/images/cimg-7.png)
#### Glossary:
Base64 is a binary to text encoding scheme that represents the binary data in American Standard Code for information Interexchange (ASCII) string format.
A Caesar Cipher is a type of substitution cipher that shifts letters in a message to make it unreadable.
ROT13 is a type of Caesar Cipher that substitutes the character with the 13th letter after it. An example will be where "A" will be substituted by "N".