Sysadmin Linux Part 5 - Level 7

Decrypting a file

This time we’re looking to decrypt a file located in the folder of the user oracle
The file is called encflag.txt.enc
I’ll go to my usual tools file and strings

file encflag.txt.enc 

encflag.txt.enc: ASCII text

strings encflag.txt.enc 

U2FsdGVkX1+dCl4WEHNJKBqA8a4fQeheOgA7oiNmjwlJQvGaQAgqcIsGRIcbdHKF
heSs51JRSEmOLqVyGvoxDA==

The entropy of the result of strings seems pretty damn good. I would say it’s some kind of encryption
If we try to decode in base64

echo U2FsdGVkX1+dCl4WEHNJKBqA8a4fQeheOgA7oiNmjwlJQvGaQAgqcIsGRIcbdHKF | base64 -d

Salted__�
^sI(���A�^:;�#fIB��*p�D�*

We’re getting a bunch of non printable character and the word salted. That is not a good sign.
We need to find another way to decrypt it.

Let’s search the system for the keyword “encflag.txt.enc”

cd /
grep -ri --exclude-dir={dev,proc,usr} "encflag.txt.enc" | less

home/oracle/.bashrc:alias reveal=“openssl enc -aes-256-cbc -a -d -in encflag.txt.enc -k ’lp6PWgOwDctq5Yx7ntTmBpOISc’”

On my grep request i’m excluding /dev/, /proc/ and /usr/ because the dev and proc aren’t file where we’ll find the name of the file.

Our search revealed that we have an alias command called reveal.

cd
reveal 

FLAG-IaFOjjFWazycSg0lbVO3T8ZTvz

We have a flag!