Recovery: THM room, Writeup

Introduction

Getting Past the “You DIDN’T SAY THE MAGIC WORD!”

Flag 0

Flag 1

Flag 2

Reversing the fixutil binary

Flag 3

Part of incorrect LogIncorrectAttempt function in liblogging.so

Flag 4

Part of incorrect LogIncorrectAttempt function in liblogging.so

Flag 5

key=b"AdsipPewFlfkmll"
fil="index.html"
f=open(fil,"rb")
contents=f.read()
for i in range(0,len(contents)):
print(chr(contents[i]^key[i%len(key)]),end='')
roshan@kali:/tmp/ro$ python3 ro.py > ./upload/index.html

--

--

--

Infosec Enthusiast

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Business Is A Tough Gig

The 6 Best Ways to Prevent Your Data From Getting Frozen or Stolen Next Year

One of the first cyberattacks was an ‘art project’ that targeted the Pentagon

Haiku #9 Hackers? Really?

EasyFi — Developments accomplished Over the Course of the Week

Adding the Rocket Vault token to your Metamask wallet

Report: Your software is vulnerable. Fix it!

GARTNER SOAR AND INTUITUS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Roshan Guragain

Roshan Guragain

Infosec Enthusiast

More from Medium

HackTheBox [FORGE]

HackTheBox — Previse Walkthrough

HackTheBox — Shibboleth Writeup

DEVZAT — HackTheBox WriteUp