S3cr3t_R3c1p3

August left Chris in America.

Can’t use John, rsa is broken, Text file is not understandable at all.

Hey guys, challenge creator here.

To keep things fair, I’ll drop the hints I posted in all the other channels here aswell.

  1. It’s a forensic challenge. No need to calculate p, q and whatnot.
  2. The Challenge “story line” should have been a hint for the tool to use.
  3. Ask yourself: What can bad guys do to “hide” their tracks? Keep 1. in mind while you do so.

Hope that get you guys a boost.

I hope I don’t waste your time on this. Either way - it’s a learning experience for me aswell.

Have fun!
x41

Type your comment> @x41 said:

Hey guys, challenge creator here.

To keep things fair, I’ll drop the hints I posted in all the other channels here aswell.

  1. It’s a forensic challenge. No need to calculate p, q and whatnot.
  2. The Challenge “story line” should have been a hint for the tool to use.
  3. Ask yourself: What can bad guys do to “hide” their tracks? Keep 1. in mind while you do so.

Hope that get you guys a boost.

I hope I don’t waste your time on this. Either way - it’s a learning experience for me aswell.

Have fun!
x41

Why do you think that its a good idea to guess stuff from a vague description?

The names and descriptions in 90% of all challenges / boxes are some sort of hint. I’ll make less use of it next time, if you guys don’t like that.

The challenge is, technically, easier than it seems. It just seems to be way out of HTB’s comfort zone.

Type your comment> @x41 said:

The names and descriptions in 90% of all challenges / boxes are some sort of hint. I’ll make less use of it next time, if you guys don’t like that.

The challenge is, technically, easier than it seems. It just seems to be way out of HTB’s comfort zone.

Yeah but those 90% of challenges/boxes are also solvable without the hints from their names and description.

Obviously the challenge is easy and its just about guessing the thing.

My 50 cents to it. I hope it’s not too much spoiler. If so, please feel free to delete it.

Your recipe has two ingredients. The first one should be obvious because of RSA. For the 2nd one think of buying some balloons for a party and what you need to do with them before the party starts (= reversing what evil guys often do in their code for example to not being detected by some SIEM or perimeter rules).

Last, but not least: ignore the markers.

Waw what a waste of time.

Sorry to hear that.

Do we need to decrypt a random key?

It’s not an encryption. Otherwise it would have been in the crypto section.
It’s not stego either. Because we have a section for that on HTB.
So what could it be that would “sort of” fit forensic?

I don’t know but someones going to come knocking if I keep googling Meth-Cook

I’m still thinking how this could be a forensic challenge. Mods definitely need relook. Challenges getting worse these days.

Type your comment> @MrR3boot said:

I’m still thinking how this could be a forensic challenge. Mods definitely need relook. Challenges getting worse these days.

Truth to be told - It was hard to find a propper category for that. We might need a SOC / Blue-Team or whatever category for stuff like this.

I am sorry that you didn’t like the challenge. Maybe you could drop me your thought what it was that made the challenge so bad in your eyes.

Beside that - I gave the Mods a rundown on what I want to accomplish with this challenge and expected that they will try to solve the challenge and see if it makes remotely sense to another brain that doesn’t know the answer already. If a challenge isn’t working as intended - it should be rejected. 100%.

In this case the mods where sitting on my challenge for over a year before releasing it. So plenty of time to make some QA.

I’ll take your feedback as a learning exercise. Feel free to leave me some DMs so I can do better next time. Nobody got time for shitty challenges. :wink:

Cheers!
x41

Very easy one.

There is no reason whatsoever to believe that Cook encrypted the file. It is not implausible that public key is a public knowledge in this story and anybody could have encrypted this file. Poor chap was only trying to protect their private key. It is a setup.

Fantastic challenge! Thank you @x41 for it and @v1p3r0u5 for the genial party stuff hint here.

Thanks @Humi7. Glad you liked it. =)

i have an idea on how to cook it or maybe bake it but chef must let me know where to put what. right!?