HackTheBox Crypto Challenge - Keys

For any HackTheBox Challenge you need to first look for Files that can be downloaded or Start instances with a given port on docker.hackthebox.eu and for any zip file first password is always hackthebox.

So, I downloaded the zip file for this challenge and opened it with "hackthebox" password.

root@kali:~/Downloads# unzip keys.zip

Archive: keys.zip

[keys.zip] keys.txt password: hackthebox

Now, cat the file to extract data.

root@kali:~/Downloads# cat keys.txt

hBU9lesroX_veFoHz-xUcaz4_ymH-D8p28IP_4rtjq0=

gAAAAABaDDCRPXCPdGDcBKFqEFz9zvnaiLUbWHqxXqScTTYWfZJcz-WhH7rf_fYHo67zGzJAdkrwATuMptY-nJmU-eYG3HKLO9WDLmO27sex1-R85CZEFCU=

Now, I checked for Base64 but after some research I get to know that it is Fernet symmetric encryption cryptography.

Now, we need to code in python to get the flag

root@kali:~/Downloads# python

Python 2.7.17 (default, Oct 19 2019, 23:36:22)

[GCC 9.2.1 20191008] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> from cryptography.fernet import Fernet

>>> key = hBU9lesroX_veFoHz-xUcaz4_ymH-D8p28IP_4rtjq0=

File "<stdin>", line 1

key = hBU9lesroX_veFoHz-xUcaz4_ymH-D8p28IP_4rtjq0=

^

SyntaxError: invalid syntax

>>> key = 'hBU9lesroX_veFoHz-xUcaz4_ymH-D8p28IP_4rtjq0='

>>> f= Fernet(key)

>>> token = 'gAAAAABaDDCRPXCPdGDcBKFqEFz9zvnaiLUbWHqxXqScTTYWfZJcz-WhH7rf_fYHo67zGzJAdkrwATuMptY-nJmU-eYG3HKLO9WDLmO27sex1-R85CZEFCU='

>>> print(f.decrypt(token))

Flag : HTB{**************}

Please share your comments and If you enjoyed this blog post, share it with a friend! See you guys in next post soon.