24th October 2021

Write-Up Decode Me!!

In this post, I’m writing a write-up for the machine Forest from Hack The Box. Hackthebox is an online platform to train your ethical hacking skills and penetration testing skills.

About Decode Me!!

This challenge is worth 30 points and is an easy difficulty challenge. The description of this challenge is a very short one: Try find the flag! Nothing more and nothing less, nice and simple.

Take the challenge

I first downloaded the zip file and unzipped it with the password hackthebox. After the extraction of the archive, I have one file decode.txt.

~$ unzip Decode_Me!!.zip 
Archive:  Decode_Me!!.zip
[keys.zip] decode.txt password: 
  inflating: decode.txt 

I do a cat on the file:

~$ cat decode.txt
993gmULBNujjrZCDev3W8kAVaLkXiyHhCL3500188bA=

gAAAAABboRUb0FsuiYBk1tsXRDr6KAzU1xrNSUv7grB-G-dAEeyqj99kUebz466I2VcH5xDa5HEc5KkbgTklQ7tm9JCRPlJtRng1Ns3VEvbrk7B835OINfPnRbc-UIOnnCmW3CgMdMtf5wGLN299AZEzxIvuy71WC5d9xJDchyiORycuzCth95-4nTKphlNQQ2ko3DX72RxWeEjwt3mavnFXqcOCkGxUhJYmFltz_6ND56VGTrXZi_CK5xLODOX4sj1GNwN_CrU3sJ0obTdA2wF5OaDZLbA1GBPfK0PDlC9WxoUf85K0tFXKfqbt3c5YqtqfytNG5gTkbDFM2NjE7BveBf1DP9ca8g==

The first thing that strikes me is that the encryption looks the same as that of another crypto challenge of Hack the Box, called ‘Keys’. I’ve also written a write-up of this: Keys Write-Up. In this challenge the encryption was Fernet. And for the decryption, I wrote a simple python script. I now using again this Python script and fill in the key and message:

from cryptography.fernet import Fernet
key = b"993gmULBNujjrZCDev3W8kAVaLkXiyHhCL3500188bA="
f = Fernet(key, backend=None)
encrypted = b"gAAAAABboRUb0FsuiYBk1tsXRDr6KAzU1xrNSUv7grB-G-dAEeyqj99kUebz466I2VcH5xDa5HEc5KkbgTklQ7tm9JCRPlJtRng1Ns3VEvbrk7B835OINfPnRbc-UIOnnCmW3CgMdMtf5wGLN299AZEzxIvuy71WC5d9xJDchyiORycuzCth95-4nTKphlNQQ2ko3DX72RxWeEjwt3mavnFXqcOCkGxUhJYmFltz_6ND56VGTrXZi_CK5xLODOX4sj1GNwN_CrU3sJ0obTdA2wF5OaDZLbA1GBPfK0PDlC9WxoUf85K0tFXKfqbt3c5YqtqfytNG5gTkbDFM2NjE7BveBf1DP9ca8g=="
message = f.decrypt(encrypted)
print(message)

After running this script, I have got this as the outcome:

RCdgTl45OFs8O3tGMlZVNTRRPythcUw6bVxJNmlYJmYkMEBSeFBfdSldeHFwdW5tM3Fwb2htZmUrTGJnZl9eXSNhYFleV1Z6VFNYUVZVTnJMUVBPTkdrS0QsSEFlKERDPDtfPz5+fTVZOTg3dzUuUjJyMC8oJyZKKikoJyYlfHtBeX53djx6eXhxWTZ0c1VUcG9oLnk=

It looks like this message has been encrypted several times. This key looks like an base64 encoding. The next step is to decode this message.

I placed this message in a separated file decode_me_base64.txt and run the base64 decoder build-in in ParrotOS:

~$ base64 decode_me_base64.txt -d
D'`N^98[<;{F2VU54Q?+aqL:m\I6iX&[email protected]_u)]xqpunm3qpohmfe+Lbgf_^]#a`Y^WVzTSXQVUNrLQPONGkKD,HAe(DC<;_?>~}5Y987w5.R2r0/('&J*)('&%|{Ay~wv<zyxqY6tsUTpoh.y

Ok, I got another unreadable message. What strikes me immediately is the strange composition of the message, this is not just encryption or very special encryption. After some Googling around, I came across some programming languages. Maybe this little piece of text is not encryption but a sort of exotic programming language.

Dante Inferno

I came across the programming language Malbolge I never heard about it. Malbolge is a public domain esoteric programming language invented by Ben Olmstead in 1998, named after the eighth circle of hell in Dante’s Inferno, the Malebolge. It takes me a couple of hours online to find this information.

I now looking for a Malbolge decoder or compiler or something. I found this website: http://malbolge.doleczek.pl/

I pasted in the strange message (or should I say script?) and clicked in ‘Run Program’

And found the flag! What a strange scripting language… The flag: HTB{U_g0t_th1$}.

Do you like this write-up? Please consider spending some respect points: t13nn3s.

T13nn3s

I'm a cybersecurity enthusiast! I'm working as an IT Security Engineer for a company in The Netherlands. I love writing scripts and doing research and pentesting. As a big fan of Hack The Box, I share my write-ups on this blog. I'm blogging because I like to summarize my thoughts and share them with you.

View all posts by T13nn3s →

Leave a Reply

Your email address will not be published. Required fields are marked *