HackTheBox Forensic Challenge - Deadly Arthrophod

For any HackTheBox Challenge you need to first look for Files that can be downloaded or Start instances with a given port on docker.hackthebox.eu and for any zip file first password is always hackthebox.

So, I downloaded the zip file for this challenge and opened it with "hackthebox" password.

root@kali:~/Downloads# unzip deadly_arthropod.zip

Archive: deadly_arthropod.zip

[deadly_arthropod.zip] deadly_arthropod.pcap password: hackthebox

inflating: deadly_arthropod.pcap

Now, after researching about pcap I get to know that data can be extracted via tshark tool.

Use below command to extract data and save it in keystroke.txt

root@kali:~/Downloads# tshark -r deadly_arthropod.pcap -Tfields -e usb.capdata > keystroke.txt

Now, remove white spaces from the file and run command.

root@kali:~/Downloads# cat keystrokes.txt | awk 'NF' > pipe;cat pipe > keystrokes.txt

Now, it will give you a Flag with ">" & "<" now remove these symbol and arrange words accordingly. You will find a correct flag.

Please share your comments and If you enjoyed this blog post, share it with a friend! See you guys in next post soon.