/root/.vnc/
, there’s a passwd
file that matches the file secret
:ssh2john id_rsa > id_johnjohn id_john –wordlist=/usr/share/wordlists/rockyou.txt
In orestis home directory there are a few files debug.txt, encrypt.sage and output.txt After some google searching, it turns out to be RSA encryption. RSA encryption relies on three prime numbers P, Q, E (two small and one large)https://crypto.stackexchange.com/questions/19444/rsa-given-q-p-and-e python -c “print format(24604052029401386049980296953784287079059245867880966944246662849341507003750, ‘x’).decode(‘hex’)” 6efc1a5dbb8904751ce6566a305bb8ef
https://intra.redcross.htb/?o=1&page=app
, where o=
is the id filtered on. If I try with a '
in there, https://intra.redcross.htb/?o=1'&page=app
: