Write-up

Step-by-step guide on the approach taken to pwn the machine.

Objective

The goal of this machine is to "find the flag."

Reconnaissance

The first thing we do is visit the URL provided by HackTheBox:

<URL_OF_THE_MACHINE>

Once we access it, we find ourselves in what appears to be a game interface. Our first action is to try if it's a console by running a simple ping command.

ping <IP>

But it doesn't work. Next, we try typing help to see if we get any useful commands.

Exploring the game

After typing help, we see a list of available commands. We decide to press "start" and see what happens.

Unfortunately, it seems like we made the wrong choice. Let's inspect the page source and see if there's something we missed.

Inspecting the Source Code

We use the browser’s Inspect Element tool and head to the Network tab to see if we can find any interesting data or hidden elements.

In the "options" section, we notice something curious. There’s a secret hidden down below. We decide to use this secret as input in the game.

The Flag

By entering this secret message, we instantly find the flag.

PreviousFlag Command NextTechnical Report

Last updated 5 months ago