HackTheBox Forensic Challenge - Deadly Arthrophod
For any HackTheBox Challenge you need to first look for Files that can be downloaded or Start instances with a given port on docker.hackthebox.eu and for any zip file first password is always hackthebox.
So, I downloaded the zip file for this challenge and opened it with "hackthebox" password.
root@kali:~/Downloads# unzip deadly_arthropod.zip
[deadly_arthropod.zip] deadly_arthropod.pcap password: hackthebox
Now, after researching about pcap I get to know that data can be extracted via tshark tool.
Use below command to extract data and save it in keystroke.txt
root@kali:~/Downloads# tshark -r deadly_arthropod.pcap -Tfields -e usb.capdata > keystroke.txt
Now, remove white spaces from the file and run command.
root@kali:~/Downloads# cat keystrokes.txt | awk 'NF' > pipe;cat pipe > keystrokes.txt
Now, it will give you a Flag with ">" & "<" now remove these symbol and arrange words accordingly. You will find a correct flag.
Please share your comments and If you enjoyed this blog post, share it with a friend! See you guys in next post soon.