🌟
Noel's Cyberkshetra Blogspace
LinkedIn ProfileGithub ProfilePersonal Blogspot
  • Welcome to my Gitbooks Page
  • 💽Let's Defend Blue Team Walkthroughs
    • SOC164 - Suspicious Mshta Behavior Alert
    • SOC147 - SSH Scan Activity Alert
    • SOC146  -  Phishing Mail Detected Alert
    • SOC145 - Ransomware Detected Alert
    • SOC144  -  New scheduled task created Alert
    • SOC143 - Password Stealer Detected Alert
    • SOC141  -  Phishing URL Detected Alert
    • SOC141 - Phishing URL Detected Alert
    • SOC137 — Malicious File/Script Download Attempt: A Walkthrough
    • SOC109  -  Emotet Malware Detected Alert
    • SOC104 - Malware Detected Alert
    • SOC101  -  Phishing Mail Detected Alert
    • HTTP Basic Auth: Let's Defend DFIR Challenge
    • ShellShock Attack: Let’s Defend Challenge
    • 2021’s 0-Day MSHTML: Let's Defend Lab
  • 🤺BTLO Walkthroughs
    • BTLO: Network Analysis-Web Shell Challenge
    • BTLO: Suspicious USB Stick Challenge
  • 💒WiCYS CyberStart
    • Chapter 1 - Amsterdam A Running Start
      • WiCYS CyberStart (Amsterdam) Challenge 1
      • WiCYS CyberStart (Amsterdam) Challenge 2
      • WiCYS CyberStart (Amsterdam) Challenge 3
      • WiCYS CyberStart (Amsterdam) Challenge 4
    • Chapter 2 - Tokyo Patterns of Behaviour
      • WiCYS CyberStart (Tokyo) Challenge 1
      • WiCYS CyberStart (Tokyo) Challenge 2
      • WiCYS CyberStart (Tokyo) Challenge 3
      • WiCYS CyberStart (Tokyo) Challenge 4
    • Chapter 3 - Barcelona In the thick of it
      • WiCYS CyberStart (Barcelona) Challenge 1
      • WiCYS CyberStart (Barcelona) Challenge 2
      • WiCYS Cyberstart (Barcelona) Challenge 3
      • WiCYS CyberStart (Barcelona) Challenge 4
  • 📕Technical Cyber articles
    • An in-depth analysis of an Intrusion Prevention System
    • DevSecOps-Making a difference from traditional DevOps
    • CVE - 2020–1472 (Zerologon Vulnerability)-Exploitation & Remediation
    • Computer Forensics Acquisition
    • Cyber Hygiene Tips
    • Hack your System - Linux Edition
    • Markovian Parallax Denigrate-Breaking the cipher
    • SIEM-Incorporating Incident Response into Network Security
    • Social Engineering-A leading cause for vulnerability occurrence
    • Report Writing in Digital & Multimedia Forensics
    • Zero-Day Vulnerabilities: A short overview
    • Zero Trust Network Access-A solution to Network Security
  • 🧑‍💻Hack The Box : Starting Point Machines
    • Meow
    • Fawn
    • Dancing
    • Redeemer
Powered by GitBook
On this page
  • Briefing L02 C01
  • 610enC0de’d Password
  • Flag Capture
  • Scoreboard
  1. WiCYS CyberStart
  2. Chapter 2 - Tokyo Patterns of Behaviour

WiCYS CyberStart (Tokyo) Challenge 1

Hex text

PreviousChapter 2 - Tokyo Patterns of BehaviourNextWiCYS CyberStart (Tokyo) Challenge 2

Last updated 3 years ago

Hello fellow Cyberstart gamers!

Having touched base 2 on our CyberStart journey, in Tokyo, it's time again to solve some security challenges. We are handed an appreciation letter and an overview of the challenges on the horizon

Briefing L02 C01

610enC0de’d Password

Agents believe they have found a server belonging to a gang called the Yakoottees. If we can get access to it who knows what information we can gather on them! So far the Yakoottees have been very successful hiding their activities by encoding everything they do. We’ve found their server but don’t have the password and so can’t login. Can you help, intern?

Tip: Login to the server to get the flag.

Proceeding to the challenge, we are met with this terminal screen

At first glance, this text looks like it has been encoded in hex form. Our job is to now decode it, to gain access to Yakoottees’ server.

Flag Capture

This is our output

The cleartext looks a bit messy, doesn't it? Let’s clean it up

From our research, it is found that ‘?’ is represented as \x63 in hex code

I was able to find just 2 instances of \x63, but it did not make the output any cleaner

From the jumbled decoded text, we can decipher the password (by removing question marks)

Password = 4f1b252055

Using it to login onto the server

Flag — cA3drVNxuDvgmcN5gs5i

We are in, and the challenge is conquered!

Scoreboard

Onward Ahoy!

For that, I would suggest you use this . Others were not able to decode the hex-encoded text and you will see why. Copy-paste the hex code and decode it

💒
resource