Blackhole (HTB) Challenge

Hello Guys today we are gonna be tackling a challenge from hack the box called blackhole. It’s in the misc category and contains a little bit of stenography and decoding of ciphers. That being said lets jump in

I downloaded the zip file from hack the box and extracted the contents of the zip file using the password hackthebox this password is provided by Hack The Box so no need to sweat. We get another Zip archive

I ran file command on it and obviously it was a Zip archive data, at least v2.0 to extract. I tried to unzip it and luckily it had no password.

I got one file. Again i ran file command against the file and it turned out to be a JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 794x579, components 3

I decided to open the image and it turned out to be an image of Stephen Hawking

Looks like a stenography challenge from here. Ran strings command on the file and got nothing useful. Also binwalk showed that no other files were embedded on the image. The only option left was to run steghide.

I ran steghide using the following command

steghide extract -sf hawking

Then when is asked for the passphrase i used hawking. This was purely a guessing game. If it could not have worked i could not have worked i could then have ran stegcracker (A tool used to brute force image passphrase). But luckily it worked

Now we get a file called flag.txt. On opening the file it appears to be base64 encodeded.

I decoded using the command

base64 -d flag.txt | base64 -d

I base64 decoded the file twice to get a bunch of gibberish and something that looks like a cipher at the end of the file

TFN{Z3hqD_x3F_fT3_n4eFmDp5_S3f_K0g_p0iZ}

But this is not the format that hack the box flag normally looks like. What came to my mind was that this was a cipher. But which one ??????

It’s really hard to differentiate between cipher and that one i use an online tool (i’ll leave a link below) that automates the process

And after analyzing the text it turned out to be a Caesar cipher

After Knowing what cipher text it was, it was time to decode it. I recommend this online tool for decoding ciphers. It has really worked for me every time i’ll leave a link below

At -14 shift we get decode the text to plain engish.

Wow now it’s time to get the flag, submit it and increase our rank in the score board

Boom we have our flag of course i can’t show you the whole flag so that you can reproduce my steps when doing the challenge for yourself rather than copy pasting the flag. That’s it for now guys till next time take care

Penetration Tester/Analytical Chemist who Loves Cybersecurity. GitHub(https://github.com/musyoka101), ExploitDB(https://www.exploit-db.com/?author=10517)