Fortress

Room: https://tryhackme.com/room/fortress

If youre reading this, then know you too have been marked by the overlords... Help memkdir /home/veekay/ftp I have been stuck inside this prison for days no light, no escape... Just darkness... Find the backdoor and retrieve the key to the map... Arghhh, theyre coming... HELLLPPPPPmkdir /home/veekay/ftpmkd

python 2.7 byte-compiled strings <*.pyc> uncompyle6 <*.pyc>

• Check service running at port lsof -i:<port> kill -9 <PID>

long_to_bytes(232340432076717036154994)

1337-h4x0r [redacted]

t3mple_0f_y0ur_51n5.php/html

USER letmein:) PASS please

gobuster dir -e -u http://temple.fortress:7331 -w /media/lrb/SecLists/Discovery/Web-Content/raft-large-files-lowercase.txt -t 30

• sha1 in python hashlib.sha1(<>) - print <sha1-hash>.hexdigest()

• urlencode urllib.parse.quote_plus(<>)

• SHA1 collision samples: - https://sha-mbles.github.io/#:~:text=Our%20Chosen-Prefix%20Collision%20Example - https://www.linkedin.com/pulse/using-sha1-collision-attack-solve-bostonkeyparty-ctf-rotimi

'The guards are in a fight with each other... Quickly retrieve the key and leave the temple: \'m0td_f0r_j4x0n.txt

* Escape a bash restricted shell ssh <>@<> 'bash --noprofile'

####################### Task: 1. php code retrieved. Need to bypass checks to get $spot variable's value 2. sha1 hash collision 3. hashes should not contain 000000 in hex