Featured image of post Keeper [Unlocked]
HackTheBox

Keeper [Unlocked]

HTB Machines

Link to the machine

Login.html

Burpsuite -> Send to intruder -> Intruder -> Positions -> Attack type (Cluster bomb)

In the request, highlight the username value and click Add § to mark it as a payload position. Same for the password.

The Payload tab -> Load username txt -> Payload set (2) -> Load pass.txt

Status code 302 «««< HEAD

lnorgaard password

1

 ssh lnorgaard@10.10.11.227

user flag

Unzip

Unzip

Launch python server on ssh session to dl files

Unzip

Dl the keepassXC dmp.

Download this repository :

https://github.com/vdohney/keepass-password-dumper

Put the dmp file in it.

Install dotnet (7.0), on Debian kernel :

https://learn.microsoft.com/en-us/dotnet/core/install/linux-debian

1

 dotnet run KeePassDumpFull.dmp

DB password

Seems to be a dessert : Rødgrød med fløde

try unlock passcodes.kdbx with rødgrød med fløde

PPK key

Copy the key in txt file.

1

 puttygen key.txt -O private-openssh -o id_rsa

Connect :

1

 ssh -i id_rsa root@10.10.11.227

root flag

© 2024 - 2026 Nemo's Website
Built with Hugo
Theme Stack designed by Jimmy