welcome to my blog i am aathil ducky in this blog post i am going to write blog post for W1seGuy tryhackme challenge
step1
first step scanning network, and i always use rustscan for this purpose , because nmap takes more time to scan the network, thats why i use rustscan then after finding all open ports then i use nmap for deep scanning
rustscan -a 10.10.203.83results
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack
1337/tcp open waste syn-ackthen i use nmap for scanning the services
nmap -sV -vvvv -p22,1337 10.10.203.83nmap scannning results is
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
1337/tcp open waste? syn-ack
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port1337-TCP:V=7.95%I=7%D=5/4%Time=6816BF03%P=x86_64-pc-linux-gnu%r(NUL
SF:L,8F,"This\x20XOR\x20encoded\x20text\x20has\x20flag\x201:\x203a013b0d19
SF:5f281a181d2b3102371d1a7d151d0a2f2704450802050f1e3c1c3d0f461c1c31390414\
SF:nWhat\x20is\x20the\x20encryption\x20key\?\x20")%r(GenericLines,A2,"This
SF:\x20XOR\x20encoded\x20text\x20has\x20flag\x201:\x203a013b0d195f281a181d
SF:2b3102371d1a7d151d0a2f2704450802050f1e3c1c3d0f461c1c31390414\nWhat\x20i
SF:s\x20the\x20encryption\x20key\?\x20Close\x20but\x20no\x20cigar\n")%r(Ge
SF:tRequest,9E,"This\x20XOR\x20encoded\x20text\x20has\x20flag\x201:\x20603
SF:80439160511252c1271083d031240442a2905751e3b7107583c302a3346043072134608
SF:06301b\nWhat\x20is\x20the\x20encryption\x20key\?\x20Nope\x20nope\x20nop
SF:e\n")%r(HTTPOptions,9E,"This\x20XOR\x20encoded\x20text\x20has\x20flag\x
SF:201:\x203c38093c2059112829242d083006241c44272c33291e367431043c3d2f051a0
SF:43d77251a080b352d\nWhat\x20is\x20the\x20encryption\x20key\?\x20Nope\x20
SF:nope\x20nope\n")%r(RTSPRequest,C6,"This\x20XOR\x20encoded\x20text\x20ha
SF:s\x20flag\x201:\x201d3e371d1f781716081b0c0e0e271b3d42190d0c081808550e25
SF:3a030e3a3b0203561a3b0e351412\nWhat\x20is\x20the\x20encryption\x20key\?\
SF:x20No\x20way\x20you\x20got\x20it!\x20Here\x20is\x20your\x20flag\x20THM{
SF:Try_Again}\x20:\)\n")%r(RPCCheck,8F,"This\x20XOR\x20encoded\x20text\x20
SF:has\x20flag\x201:\x20040e7c3e0361275d2b07153e4504072472522e101128437612
SF:3c0a482d262232487506223e7e370e\nWhat\x20is\x20the\x20encryption\x20key\
SF:?\x20")%r(DNSVersionBindReqTCP,9E,"This\x20XOR\x20encoded\x20text\x20ha
SF:s\x20flag\x201:\x202302740b47462b551e4332324d3143037e5a1b5436244b43561b
SF:06401862053e404042053276024a\nWhat\x20is\x20the\x20encryption\x20key\?\
SF:x20Nope\x20nope\x20nope\n")%r(DNSStatusRequestTCP,C6,"This\x20XOR\x20en
SF:coded\x20text\x20has\x20flag\x201:\x203b09270e335e20061b372a391e34371b7
SF:5091e202e2f184622030d131d161d351345361d3925073e\nWhat\x20is\x20the\x20e
SF:ncryption\x20key\?\x20No\x20way\x20you\x20got\x20it!\x20Here\x20is\x20y
SF:our\x20flag\x20THM{Try_Again}\x20:\)\n")%r(Help,9E,"This\x20XOR\x20enco
SF:ded\x20text\x20has\x20flag\x201:\x20207e2535374557042033314e1c0f3300020
SF:b252435581a7d26187a1126120642117e32064e273c3a\nWhat\x20is\x20the\x20enc
SF:ryption\x20key\?\x20Nope\x20nope\x20nope\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernellets try testing post 1337
first i will try to to banner grabbing , port 1337
nc 10.10.203.83 1337when i run this command i got this
❯ nc 10.10.203.83 1337
This XOR encoded text has flag 1: 2d7b7a012448525b14203c4b433b200d07541137385d454935157f4e12010b474e4a210b4b780829
What is the encryption key? when i give encryption key i can be get something , so lets try to decode this
2d7b7a012448525b14203c4b433b200d07541137385d454935157f4e12010b474e4a210b4b780829def find_xor_key_and_decode(encoded_text, known_start, known_end, key_length=5):
# Convert the encoded text to a list of bytes
encoded_bytes = bytes.fromhex(encoded_text)
# Convert known letters to their byte representation
known_start_bytes = known_start.encode()
known_end_byte = known_end.encode()
# Find the first part of the key by XORing known start bytes with the corresponding encoded bytes
key_start = bytes([encoded_bytes[i] ^ known_start_bytes[i] for i in range(len(known_start_bytes))])
# Find the last part of the key by XORing the known end byte with the last byte of the encoded text
key_end = encoded_bytes[-1] ^ known_end_byte[0]
# Assuming the key is repeating and its length is key_length
key = key_start + bytes([key_end])
# Ensure the key length is exactly key_length
key = key[:key_length]
# Decode the entire message using the key
decoded_message = bytes([encoded_bytes[i] ^ key[i % key_length] for i in range(len(encoded_bytes))]).decode('latin1')
return key, decoded_message
# Example usage
encoded_text = input("Enter the encoded text in hexadecimal: ")
known_start = input("Enter the first 4 known letters: ")
known_end = input("Enter the last known letter: ")
key, decoded_message = find_xor_key_and_decode(encoded_text, known_start, known_end)
print("The XOR key is:", key.decode('latin1')) # Use 'latin1' to safely decode bytes to string
print("The decoded message is:", decoded_message)execute this you can got flag.
thank you reading my blog , I will come in my next blog post, bye …
-
Tryhackme W1seGuy walkthrough
welcome to my blog i am aathil ducky in this blog post i am going to write blog post for […]
-
How to Install and Use LocalSend on Arch Linux and Mobile
Introduction Ever tried emailing a file to yourself just to move it between devices? Yeah, me too. I’m Aathil Ducky, […]
-
I created CLI tool for convert image Webp format
wellcome to my blog. in this blog i am going to tell about image to webp converter. i already create […]
-
How to install Brave Browser on arch linux
wellcome to my blogpost after log time i write blog post , its just simple blog post for how to […]
-
aashif-sadha-as-forever
Our Love Began We’ve been together for days , hours, and minutes (as of now).
