RingZer0-149 - Sysadmin Linux Part 5
Sysadmin Linux Part 5 - Level 7
Decrypting a file
This time we’re looking to decrypt a file located in the folder of the user oracle
The file is called encflag.txt.enc
I’ll go to my usual tools file
and strings
file encflag.txt.enc
encflag.txt.enc: ASCII text
strings encflag.txt.enc
U2FsdGVkX1+dCl4WEHNJKBqA8a4fQeheOgA7oiNmjwlJQvGaQAgqcIsGRIcbdHKF
heSs51JRSEmOLqVyGvoxDA==
The entropy of the result of strings seems pretty damn good. I would say it’s some kind of encryption
If we try to decode in base64
echo U2FsdGVkX1+dCl4WEHNJKBqA8a4fQeheOgA7oiNmjwlJQvGaQAgqcIsGRIcbdHKF | base64 -d
Salted__�
^sI(���A�^:;�#fIB��*p�D�*
We’re getting a bunch of non printable character and the word salted. That is not a good sign.
We need to find another way to decrypt it.
Let’s search the system for the keyword “encflag.txt.enc”
cd /
grep -ri --exclude-dir={dev,proc,usr} "encflag.txt.enc" | less
home/oracle/.bashrc:alias reveal=“openssl enc -aes-256-cbc -a -d -in encflag.txt.enc -k ’lp6PWgOwDctq5Yx7ntTmBpOISc’”
On my grep request i’m excluding /dev/, /proc/ and /usr/ because the dev and proc aren’t file where we’ll find the name of the file.
Our search revealed that we have an alias command called reveal.
cd
reveal
FLAG-IaFOjjFWazycSg0lbVO3T8ZTvz
We have a flag!