Skip to main content
drt.sh
  1. Posts/

HTB: misDIRection [Challenge | MISC]

·533 words·3 mins
htb linux pentesting walkthrough bash command line find awk sort base64
drt
Author
drt
Table of Contents

This was a fun challenge that is more about solving a puzzle than hacking. You could probably write a nice script in python to solve this challenge, but I am a bash person at heart (well, I prefer ZSH, but that’s besides the point). I decided to use the basic tools installed on my Linux box to solve this.

Unzipping the files sends out a large amount of folders. Some have files in them, and some do not. Interestingly enough, each file is empty, but numbered. A quick find and sort revealed that these numbers are unique. I made the assumption that the folder the file was in represented a letter/number and the number of the file was the order in which it was to be read.

SPOILER: I was right…

Solving #

Here’s the steps I took to solve the problem. I recommend giving this a go yourself before jumping to my answer.

  • find all files and the parent folder
  • separate the file and folder into columns
  • sort by the file
  • filter out the ordering number
  • put all rows into a single line
  • decode the base64 string

are you ready

Are you sure?

Going back to my list of steps, here’s the commands used:

  • find all the files: find and only list files with -type f
  • use awk to split on / and only print the folder and file
  • sort by the file column
  • use awk to split on ' ' (a space) and only print the folder (there are other ways to do this, grep -E for example)
  • delete all the \n of every row with tr
  • decode with base64 -d

Piping it all together looks like this:

find . -type f | awk -F'/' '{ print $2 " " $3 }' | sort -n -k2 | awk -F' ' '{ print $1 }' | tr -d '\n' | base64 -d

HTB{f4k3_fl4g_f0r_t3st1ng}

Unexpected Problems #

I helped a friend of mine with this one, since he was following the same pattern as myself, but was getting the wrong flag. He’s running the latest MacOS on one of them fancy new M1 Macbooks. For whatever reason, his system is to be case insensitive.

My exact response to figuring out this case sensitively issue.

To remedy this issue, I suggested using unzip -l to list all the contents in the zip file. That way, he could still view the folders and files directly, and without unzipping them, the folder names would retain their case.

Most of the pipe chain is the same, the only difference is how to obtain and filter the files and folders. I used a regular expression within grep to filter everything out.

unzip -l misDIRection.zip | grep -E '.secret/./.+' | awk -F'/' '{ print $2 " " $3 }' | sort -n -k2 | awk -F' ' '{ print $1 }' | tr -d '\n' | base64 -d

HTB{f4k3_fl4g_f0r_t3st1ng}

References #

Nothing but a shameless plug here. If you’re new to this blog, or Linux in general and want to learn more about some of these commands, check out the links below. I’ll flush out the rest when I have more time.