Published: 21st February 2024
Last updated: 21st February 2024
0
This is a straightforward read of a dropper script. It looks like a lot of dropper scripts that you can capture on honeypots and such these days too. In this script, you just need to read the bash commands and solve the base64 decoding puzzle.
In this case, there are four parts to decode and concatenate to create the flag.
I grepped the file looking for "==" which indicates a base64 encoded string. This reveals a few additional lines of bash for comparisons, but the challenge is easy enough that you can manually decode each of the strings using echo -n
The base64 "nuggets" are found in the crontab reinstaller, a line where the decoded fragment is dropped into the bashrc for the current user, and a file checker function.
The flag is HTB{m1n1ng_th31r_t0_m4rs_th3_r3d_pl4n3t}.
Seen something in your logs?