Find the secret flag hackthebox. In this post we take a look at fairly difficult and confusing challenge to find the secret flag. please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning: Hmmm seems to me like the number which is provided as input must be brute forced, the file has to be create and the *** placed in itIs there a way to solve without brute please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning: please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning: I got a key and the message “Are you sure it’s the right one? ”. Look at the last line inside “secret”. Then send a 'POST' request to the same previous page with the decoded key as "key=DECODED_KEY". bin. First we unzip the zip file and we get a binary (executable) file secret_flag. Success! We’ve found the flag! Once you have the secret key, try to decide it's encoding method, and decode it. Completed and pwned this challenge on Hack The Box. Could have done the same thing with a script though. This challenge highlights the importance of understanding obfuscated code and To solve this challenge by yourself, you have to become a VIP member of hackthebox. Embark on the "Dimensional Escape Writeups for HacktheBox 'boot2root' machines. I found the “secret function” but I have no idea with what to call it. We’ll go ahead and paste that line as a command in the adventure, as it belongs to the secret array we were looking for. It’s all in there. I think what tripped me up please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning: please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning:. Maybe this might help somebody out, but this challenge can be done neither by changing the assembly nor by using python. I first went through the ‘obvious’ / ‘visible’ part of the code with disassembler and debugger to find out please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning: please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning: I made a patch on the binary and found the name of the authors. Contribute to Hackplayers/hackthebox-writeups development by creating an account on GitHub. Who in personal correspondence can help me figure out the password conversion algorithm, as well as your method of getting the flag? I will also be glad to any hints in this chat. I think the number has to do with the I don’t know if this helps, but in the end I wrote a tiny Python script to help me tease the final flag out of the “right one”. I finally got it!!! I didn’t do it with a Python script though I did edit the asm code to get it done. Video walkthrough for retired HackTheBox (HTB) Reversing challenge "Find The Secret Flag" [medium]: "Find the secret flag and get the name of the creators of this challenge!" In this walkthrough, we will be going through the Flag Command box on Hack The Box. The idea for the script came from analyzing the code. I got the same problem. I don’t know how to continue further. However, please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning: @trebla said: I think that I have found the name of the creator but I have weird characters between the two names and at the end of the string. By deobfuscating JavaScript code, analyzing its functionality, and decoding encoded strings, we successfully retrieved the secret flag. eu. Try please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :frowning: I also noticed that there is an atoi syscall if a number is passed as an argument, but if you don’t provide it you get directly to the file check. Fantastic challenge! I neither patched the binary nor used a script. Using the original binary and the same argument it was possible to get the flag, but I don’t know why the portal I feel like I’m close but not quite there yet I found the XOR key, and can get the program to spit out some hex that translates to some readable ASCII text. I don’t know if this helps, but in the end I wrote a tiny Python script to help me tease the final flag out of the “right one”. hfk ijdia mju sagphamt uyi mwhlva vxbm yrjvia kmxyc byib