Biohazard - TryHackMe

TryHackMe | Biohazard

Welcome to Biohazard room, a puzzle-style CTF. Collecting the item, solving the puzzle and escaping the nightmare is your top priority.

Can you survive until the end?If you have any question, do not hesitate to DM me on the discord channel.

Setup

➜  TryHackMe nmap -A -vv 10.10.211.65

21/tcp open  ftp     syn-ack vsftpd 3.0.3

22/tcp open  ssh     syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 c9:03:aa:aa:ea:a9:f1:f4:09:79:c0:47:41:16:f1:9b (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM1/tmq8Lrur25evbyyI7/+nxDlhbVbMMiRfz5a0eI7Sq9yODJGCVNMPJGKOwtgA/BlPi7V3TKyYJVeH1QOzP8mPLVgfYom6ovelJiLiR6VrO4dqxx+G3ir+tj/OOSc4MpmdnqCvQKtAeJ4e5bbWakFihXyy14yi++oOzqp2VDlqMNN+d2k0uSAx1rDbngwP3UvRfE1E1TaSYhljnb9kvWRxBABhpdkUjbcRLwxBAQFBm9Vm+yQYPurC9YJ1BUlJzOFesYnbS27bG1vVCcuPQN3YjcljVCXBdd0qIvZdYlez4+mVUcJJh1iWl83sfgo+wZRmfHsedjdL1eWNrkt+ed
|   256 2e:1d:83:11:65:03:b4:78:e9:6d:94:d1:3b:db:f4:d6 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNy83txF27peDYxMhrPqfipXwZtBNY9H4fww7f2FRCkt09tEcp5f5BKhOE4cNo033XYpmaowy1r4qgFpIqKjf64=
|   256 91:3d:e4:4f:ab:aa:e2:9e:44:af:d3:57:86:70:bc:39 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhTmk6F06eyLfM0j07nUcnqMqGdgOfFqsp3eLdbwwn0

80/tcp open  http    syn-ack Apache httpd 2.4.29 ((Ubuntu))
| http-methods:
|_  Supported Methods: POST OPTIONS HEAD GET
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Beginning of the end
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

#1 How many open ports?

There is 3 ports open
21 - FTP
22 - SSH
80 - HTTP

#2 What is the team name in operation

STARS alpha team

Collect all necessary items and advanced to the next level. The format of the Item flag:

Item_name{32 character}

Some of the doors are locked. Use the item flag to unlock the door.

Tips: It is better to record down all the information inside a notepad

#1 What is the emblem flag

emblem{fec832623ea498e20bf4fe1821d58727}

#2 What is the lock pick flag

Well if you input the emblem flag that doesn’t work let’s try something else..

Its seems that this is some base64 encoding let’s decode the message

lock_pick{037b35e2ff90916a9abf99129c8e1837}

#3 What is the music sheet flag

Location:

/diningRoom/
/teaRoom/
/artRoom/
/barRoom/
/diningRoom2F/
/tigerStatusRoom/
/galleryRoom/
/studyRoom/
/armorRoom/
/attic/

music_sheet{362d72deaf65f5bdc63daece6a1f676e}

#4 What is the gold emblem flag

gold_emblem{58a8c41a9d08b8a4e38d02a4d7ff4843}

#6 What is the blue gem flag

CyberChef

blue_jewel{e1d457e96cac640f863ec7bc475d48aa}

Crests puzzle

Crest 1 :

crest 1:
S0pXRkVVS0pKQkxIVVdTWUpFM0VTUlk9
Hint 1: Crest 1 has been encoded twice
Hint 2: Crest 1 contanis 14 letters
Note: You need to collect all 4 crests, combine and decode to reavel another path
The combination should be crest 1 + crest 2 + crest 3 + crest 4. Also, the combination is a type of encoded base and you need to decode it

CyberChef

RlRQIHVzZXI6IG # 11 letters

Crest 2 :

crest 2:
GVFWK5KHK5WTGTCILE4DKY3DNN4GQQRTM5AVCTKE
Hint 1: Crest 2 has been encoded twice
Hint 2: Crest 2 contanis 18 letters
Note: You need to collect all 4 crests, combine and decode to reavel another path
The combination should be crest 1 + crest 2 + crest 3 + crest 4. Also, the combination is a type of encoded base and you need to decode it

CyberChef

h1bnRlciwgRlRQIHBh # 18 letters

Crest 3 :

crest 3:
MDAxMTAxMTAgMDAxMTAwMTEgMDAxMDAwMDAgMDAxMTAwMTEgMDAxMTAwMTEgMDAxMDAwMDAgMDAxMTAxMDAgMDExMDAxMDAgMDAxMDAwMDAgMDAxMTAwMTEgMDAxMTAxMTAgMDAxMDAwMDAgMDAxMTAxMDAgMDAxMTEwMDEgMDAxMDAwMDAgMDAxMTAxMDAgMDAxMTEwMDAgMDAxMDAwMDAgMDAxMTAxMTAgMDExMDAwMTEgMDAxMDAwMDAgMDAxMTAxMTEgMDAxMTAxMTAgMDAxMDAwMDAgMDAxMTAxMTAgMDAxMTAxMDAgMDAxMDAwMDAgMDAxMTAxMDEgMDAxMTAxMTAgMDAxMDAwMDAgMDAxMTAwMTEgMDAxMTEwMDEgMDAxMDAwMDAgMDAxMTAxMTAgMDExMDAwMDEgMDAxMDAwMDAgMDAxMTAxMDEgMDAxMTEwMDEgMDAxMDAwMDAgMDAxMTAxMDEgMDAxMTAxMTEgMDAxMDAwMDAgMDAxMTAwMTEgMDAxMTAxMDEgMDAxMDAwMDAgMDAxMTAwMTEgMDAxMTAwMDAgMDAxMDAwMDAgMDAxMTAxMDEgMDAxMTEwMDAgMDAxMDAwMDAgMDAxMTAwMTEgMDAxMTAwMTAgMDAxMDAwMDAgMDAxMTAxMTAgMDAxMTEwMDA=
Hint 1: Crest 3 has been encoded three times
Hint 2: Crest 3 contanis 19 letters
Note: You need to collect all 4 crests, combine and decode to reavel another path
The combination should be crest 1 + crest 2 + crest 3 + crest 4. Also, the combination is a type of encoded base and you need to decode it

CyberChef

c3M6IHlvdV9jYW50X2h

Crest 4 :

crest 4:
gSUERauVpvKzRpyPpuYz66JDmRTbJubaoArM6CAQsnVwte6zF9J4GGYyun3k5qM9ma4s
Hint 1: Crest 2 has been encoded twice
Hint 2: Crest 2 contanis 17 characters
Note: You need to collect all 4 crests, combine and decode to reavel another path
The combination should be crest 1 + crest 2 + crest 3 + crest 4. Also, the combination is a type of encoded base and you need to decode it

CyberChef

pZGVfZm9yZXZlcg==

Resolution of the puzzle :

Concatenate all the crests and you will get the final decoded message 😎

RlRQIHVzZXI6IGh1bnRlciwgRlRQIHBhc3M6IHlvdV9jYW50X2hpZGVfZm9yZXZlcg==

#7 What is the FTP username

Username : hunter

#8 What is the FTP password

Password : you_cant_hide_forever

After gaining access to the FTP server, you need to solve another puzzle.

#1 Where is the hidden directory mentioned by Barry

/hidden_closet/

#2 Password for the encrypted file

➜  TryHackMe steghide extract -sf 001-key.jpg
Enter passphrase:
wrote extracted data to "key-001.txt".

➜  TryHackMe cat key-001.txt
cGxhbnQ0Ml9jYW

----

➜  TryHackMe exiftool 002-key.jpg

Comment                         : 5fYmVfZGVzdHJveV9

----

➜  TryHackMe binwalk -e 003-key.jpg

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
1930          0x78A           Zip archive data, at least v2.0 to extract, uncompressed size: 14, name: key-003.txt
2124          0x84C           End of Zip archive, footer length: 22

➜  _003-key.jpg.extracted cat key-003.txt
3aXRoX3Zqb2x0

Concatenate all the key and you will get the flag 😈

cGxhbnQ0Ml9jYW5fYmVfZGVzdHJveV93aXRoX3Zqb2x0

CyberChef

plant42_can_be_destroy_with_vjolt

#3 What is the helmet key flag

Decode the gpg file with the password that we decode earlier.

➜  TryHackMe gpg --decrypt helmet_key.txt.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
helmet_key{458493193501d2b94bbab2e727f8db4b}

Done with the puzzle?

There are places you have explored before but yet to access.

wpbwbxr wpkzg pltwnhro, txrks_xfqsxrd_bvv_fy_rvmexa_ajk

Well after some times, its seems that we don’t have the key to decode the vigenère encoded message let’s see if there is other hidden directory on the website.

➜  TryHackMe tar -xf doom.tar.gz

➜  TryHackMe cat eagle_medal.txt
SSH user: umbrella_guest

SSH password: T_virus_rules

#3 Who the STARS bravo team leader

Enrico

Time for the final showdown. Can you escape the nightmare?

#1 Where you found Chris

jailcell

#2 Who is the traitor

Weasker

CyberChef

weasker login password, stars_members_are_my_guinea_pig

#4 The name of the ultimate form

Tyrant

#5 The root flag

flag: 3c5794a00dc56c35f2bf096571edf3bf

Biohazard - TryHackMe

Setup

#1 How many open ports?

#2 What is the team name in operation

#1 What is the emblem flag

#2 What is the lock pick flag

#3 What is the music sheet flag

#4 What is the gold emblem flag

#6 What is the blue gem flag

Crests puzzle

Crest 1 :

Crest 2 :

Crest 3 :

Crest 4 :

Resolution of the puzzle :

#7 What is the FTP username

#8 What is the FTP password

#1 Where is the hidden directory mentioned by Barry

#2 Password for the encrypted file

#3 What is the helmet key flag

#1 What is the SSH login username

#2 What is the SSH login password

#3 Who the STARS bravo team leader

#1 Where you found Chris

#2 Who is the traitor

#3 The login password for the traitor

#4 The name of the ultimate form

#5 The root flag