sameer fakhoury
  • Home
  • CTF Writeups
  • Course Summaries
  • Cyber Reports
  • Articles
  • Event Notes
  • About Me
BashCraft

BashCraft

Level
medium
Type
Forensics

Sometimes files appear identical, yet they hold subtle differences beneath the surface. Sometimes what we observe seems one thing, but in reality, it tells a different story. It’s a simple question, but uncovering the answer takes running multiple commands. So, as always — what’s the flag?

image
  1. Unzip home.zip and Navigate to Desktop folder, Changes directory to Desktop.
    2. unzip home.zip

ls home 
KaliSim

cd home/KaliSim/

ls     
Desktop    Downloads  Pictures  Templates
Documents  Music      Public    Videos
    cd Desktop
  2. List all files, including hidden ones, Lists all files and directories with details. a shows hidden files, l gives long listing.
    3. ls -al
  3. View contents of the hidden file, Displays the contents of .hidd3n.txt, which contains a clue about a saved hash.
    4. cat .hidd3n.txt
    SectionOne: You find the initial section to begin the search? As you can see, I have many files, but one of them is very important. I forgot its name and all details. I only remember that I once saved its hash value somewhere on my device, but I forgot where. Please help me retrieve the content of that file.
  4. Move back one directory, Navigates up one level from the current directory.
    5. cd ../
  5. List sizes of all files and directories recursively, Recursively lists all files and folders with their sizes.
    6. ls -alR
  6. Find files greater than 100 bytes, Finds all files (type f) larger than 100 bytes (+100c) in current and subdirectories.
    7. find . -type f -size +100c
    ./KaliSim/Desktop/.hidd3n.txt
./KaliSim/Downloads/pxpJNzpW/Ebb4Wmu8.txt
./KaliSim/.zsh_history
  7. Read the content of the identified .txt file, Displays the content, which appears to be a SHA-256 hash.
    8. cat Downloads/pxpJNzpW/Ebb4Wmu8.txt
  8. (Hash string noted) 29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db is likely a SHA-256 hash, 64 hex characters (32 bytes).
  9. Search for a file matching the SHA-256 hash, Computes sha256sum of all files and searches for a match with grep.
    10. find . -type f -exec sha256sum {} + | grep 29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db
    29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db  ./Music/zGFJYNpB/2jpKQMfq.txt
  10. View the contents of the matching file, Displays encoded content that looks like Base64.
    11. cat Music/zGFJYNpB/2jpKQMfq.txt
    WVVDVEZ7TDBuR19UM3h0X0wwMDAwbkdfTDBuR19UM3h0X0wwbkdfIFNlY3Rpb25Ud286IFNvbWV0aW1lcywgc2l6ZSBtYXR0ZXJz
  11. Decode the Base64 string, Decodes Base64 content to reveal the first part of the flag.
    12. echo "WVVDVEZ7TDBuR19UM3h0X0wwMDAwbkdfTDBuR19UM3h0X0wwbkdfIFNlY3Rpb25Ud286IFNvbWV0aW1lcywgc2l6ZSBtYXR0ZXJz" | base64 -d
    YUCTF{L0nG_T3xt_L0000nG_L0nG_T3xt_L0nG_ SectionTwo: Sometimes, size matters
  12. Check terminal command history, Opens .zsh_history in Sublime Text to review previous commands.
    13. subl .zsh_history
  13. As see we have lot's of commands but if we go down so much we can see we have more content, so we will combine then in one section:
  14. We have brainfuck code so we will decode it by going to:
    dCode_fr BrainfuckdCode_fr Brainfuck
  15. This is the result of the decode: 
    16. I might be hard to notice sometimes, so here a end: Hid33n_#T3xt_is_#hidd3n}
  16. We can now combine the flag and get it
  17. Flag: YUCTF{L0nG_T3xt_L0000nG_L0nG_T3xt_L0nG_Hid33n_#T3xt_is_#hidd3n}

©sameer fakhoury

GitHubLinkedIn
drwxrwxr-x 10 semopurple semopurple  4096 May 15 20:55 .
drwxrwxr-x  3 semopurple semopurple  4096 May 15 21:19 ..
drwxrwxr-x  4 semopurple semopurple  4096 May 15 20:25 Desktop
drwxrwxr-x  5 semopurple semopurple  4096 May 15 20:03 Documents
drwxrwxr-x  5 semopurple semopurple  4096 May 15 20:03 Downloads
drwxrwxr-x  4 semopurple semopurple  4096 May 15 20:03 Music
drwxrwxr-x  5 semopurple semopurple  4096 May 15 20:03 Pictures
drwxrwxr-x  3 semopurple semopurple  4096 May 15 20:03 Public
drwxrwxr-x  3 semopurple semopurple  4096 May 15 20:03 Templates
drwxrwxr-x  4 semopurple semopurple  4096 May 15 20:03 Videos
-rw-rw-r--  1 semopurple semopurple 41885 May 15 21:10 .zsh_history
...
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 4M8GBIyU.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 4mEzc8Tc.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 53IjVsFm.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 5eEaLYrd.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 6357P0uJ.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 6I1EgxJJ.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 7UuVQtxU.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 8PvBGxdl.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 AIgzhrDX.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 bbbJtW0x.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 biUDBAtj.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 BOFyO4XF.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 CCYVYRHv.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 Cllr3Dz9.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 Ctefnj6M.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 dZLjxEBu.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 eF2F6RWU.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 EMT1wm2A.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 eXKHnaXJ.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 fIOFvAOV.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 FrSpnZ5R.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 Gbs1wOHR.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 gpMUTSCW.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 gzQd3nNr.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 H51p0pvG.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 ha1TcvaK.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 hewLuMeg.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 I0MKaHql.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 IGclUD08.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 KI2XAb0e.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 L5zvQz3R.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 LPWUiy0V.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 MkORj1oT.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 mTxuRDzc.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 nNrW8Ihe.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 oFBOkOn1.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 pR7Oe9lu.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 Q6xQKUKE.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 qE3SICqy.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 Rg5dHWKk.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 tBlOhV6N.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 U12jIeZI.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 UvTi3Yz0.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 V1l1V3p7.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 VNrNBGfh.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 vsj24KZB.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 wjMVaC4h.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 WP8Oy3Wa.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 WpCVTagg.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 wx1KY1ZS.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 X3ply31h.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 x7R88IFV.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 xwjGghY9.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 YjcoT5rM.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 YYOB54iU.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 yYqVDWZV.txt
-rw-rw-r-- 1 semopurple semopurple  100 May 15 20:03 ZaVZWXzu.txt
...
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
zzlTEcOTXZuvIWUmuuBLNW4NwBrJLWCaw3sYNDeBOq07T9hEpaYNeb0DLrTG1wFJlXDsF21QtX{29a93a0b0684d3eeeb85942d29f0fa6ec84456b689329391fbe66c7774f726db}
ls
cd ../
cd Videos
mkdir TestFolder
cd ../../
touch TestFile.txt
pwd
rm -rf OldFolder
cp TestFile.txt BackupFile.txt
mv BackupFile.txt Archive/
cat TestFile.txt
echo "Hello World" > Greetings.txt
head -n 5 TestFile.txt
tail -n 10 Logs.log
mkdir Projects
cd Projects
touch README.md
nano README.md
chmod 755 Scripts
./Scripts/run.sh
find . -name "*.log"
grep "error" system.log
tar -czvf archive.tar.gz Documents/
unzip files.zip -d extracted/
df -h
free -m
ps aux | grep ssh
kill -9 1234
history | tail -20
du -sh *
ln -s /usr/bin/python3 python
curl http://example.com
wget https://example.com/file.zip
chmod +x script.sh
./script.sh
date
uptime
whoami
env
export PATH=$PATH:/opt/custom/bin
mount /dev/sdb1 /mnt/usb
umount /mnt/usb
systemctl status apache2
journalctl -xe



















...
...

-[------->+<]>.
-[->++++<]>.+[-
---->+<]>.----.
--.+.++++++++++
++.[---->+<]>++
+.[->+++<]>++.+
++.--[--->+<]>-
.-[--->++<]>--.
-------.--[--->
+<]>---.-------
-------.-[--->+
<]>-.---[->++++
<]>.-----.[--->
+<]>-----.+[---

...

-->+<]>+.+.++++
+.-----------.-
-----.++.--[---
>+<]>-.---[->++
++<]>-.----.--.
--------.[--->+
<]>---.--------
---.++++.------
--.[--->+<]>---
-.-[++>---<]>+.
------------.--

...

-[->++++<]>-.--
--.[--->+<]>---
--.-[--->++<]>-
-.---.+++++++++
++++.----------
---.-[---->+<]>.
--[->+++++<]>.+[
---->+<]>+++.[->
+++<]>+.-[->+++<
]>.+[->+++<]>++.
+++++++++.------
----.[----->+++<
]>--.[-->+<]>+++

...

.++++[->++<]>.--
[-->+++<]>.-----
.[-->+<]>+..++++
[->++<]>.-------
--------.++[->++
+<]>.>-[--->+<]>
-.>-[----->+<]>.
+[--->++<]>.----
.+[->+++<]>.++++
++++++.+++++++++
+.++[->+++<]>.++
[->+++<]>.[->+++
<]>-.+.-----..[-
->+<]>+.++++[->+
+<]>.[--->+<]>++
+.

echo "-[------->+<]>.-[->++++<]>.+[----->+<]>.----.--.+.++++++++++++.[---->+<]>+++.[->+++<]>++.+++.--[--->+<]>-.-[--->++<]>--.-------.--[--->+<]>---.--------------.-[--->+<]>-.---[->++++<]>.-----.[--->+<]>-----.+[----->+<]>+.+.+++++.-----------.------.++.--[--->+<]>-.---[->++++<]>-.----.--.--------.[--->+<]>---.-----------.++++.--------.[--->+<]>----.-[++>---<]>+.------------.---[->++++<]>-.----.[--->+<]>-----.-[--->++<]>--.---.+++++++++
++++.-------------.-[---->+<]>.--[->+++++<]>.+[---->+<]>+++.[->+++<]>+.-[->+++<]>.+[->+++<]>++.+++++++++.----------.[----->+++<]>--.[-->+<]>+++.++++[->++<]>.--[-->+++<]>.-----.[-->+<]>+..++++[->++<]>.---------------.++[->+++<]>.>-[--->+<]>-.>-[----->+<]>.+[--->++<]>.----.+[->+++<]>.++++++++++.++++++++++.++[->+++<]>.++[->+++<]>.[->+++<]>-.+.-----..[-->+<]>+.++++[->++<]>.[--->+<]>+++."