Valentine Special Challenge | Tryhackme Writeup/Walkthrough | by Md Amiruddin
This is a writeup/walkthrough of Tryhackme room “Valentine Special Challenge” by Md Amiruddin
Room link : https://tryhackme.com/jr/valentinespecialchallenge
Task 1 : Tools Required
Setting Up John The Ripper
If you’re using Parrot OS, Kali Linux or TryHackMe’s own AttackBox- you should already have Jumbo John installed. You can double check this by typing john
into the terminal. You should be met with a usage guide for john, with the first line reading: "John the Ripper 1.9.0-jumbo-1" or similar with a different version number. If not, you can use sudo apt install john
to install it.
Cracking a Password Protected Zip File using John The Ripper
We can use John to crack the password on password protected Zip files.
Example Usage
zip2john zipfile.zip > ziphash.txt
For cracking use this command
john --wordlist=/usr/share/wordlists/rockyou.txt ziphash.txt
Symmetric encryption
A symmetric encryption algorithm uses the same key for encryption and decryption. Consequently, the communicating parties need to agree on a secret key before being able to exchange any messages.
We can decrypt a file using OpenSSL using the following command:
Note: you have to provide the secret key in order to decrypt it.
openssl aes-256-cbc -d -in encrypted_message -out message.txt
Install ExifTool
To install the ExifTool component, execute the following command:
sudo apt-get update && sudo apt-get install -y libimage-exiftool-perl
Task 2 : Challenge
Recently lordofficial has fallen in love with a cybergirl and she has send one love letter to him. In order to accept the valentine date request he needs to crack that love letter so, you are all requested to help him in order to accept her valentine request.
Answer the questions below :
Crack the password of love letter zip file using rockyou.txt wordlist.
What is the password for the love_letter.zip file?
Command used
┌─[lordofficial@parrot]─[~]
└──╼ $zip2john love_letter.zip > hash.txt
┌─[lordofficial@parrot]─[~]
└──╼ $john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
This is how we got our Answer 1.
2. What city is this person in?
Now we will use exif tool.
command used :
┌─[lordofficial@parrot]─[~]
└──╼ $exiftool valentine.jpg
This is how we got our Answer 2.
3. What is the Description of valentine.jpg file ?
This is how we got our Answer 3.
4. Decrypt the file
valentine_message
encrypted (using AES256-CBC) with the key using openssl.What is the key to decrypt the file?
this looks suspicious so, we will use lordofficial@1377 to decrypt the valentine_message and it works.
command used :
┌─[lordofficial@parrot]─[~]
└──╼ $openssl aes-256-cbc -d -in valentine_message -out original_message.txt
enter aes-256-cbc decryption password:lordofficial@1377
This is how we got our Answer 4.
5. what is the hint you got after decrypting the valentine_message ?
Open the original_meassag.txt to read the hint.
This is how we got our Answer 5.
6. Decode the hint. what is the deoded hint ?
command used
echo '{decoded-hint}' | base64 --decode
This is how we got our Answer 6.
7. What is the Final flag ?
Go to the web browser and type the decoded hint and it will give your final flag.
This is how we got our Answer 7 final flag.