misDIRection is a miscellaneous challenge in hackthebox, the zipped file contains a hidden folder with many subdirectories, and not every subdirectories have a file, the filenames are all unique numbers and a total of 36 of them, there are no contents within the files. This is a clueless challenge to be honest…, I depended on guessing and a bit of intuition to get the flag.

Strategy to own this challenge

  1. Unzip the contents unzip misdirection.zip, the output is important, I copied and pasted the output into a text file.
    the output looks like this:
  2. Check if the files have contents ls -lAhR . > dir_file.lst, I realized the files within the directories are all empty, a sample with file 6 showed that the file is empty as well. Partial output of the ls -lAhR looks like this:
    total 0
    -rw-r--r-- 1 root root 0 May  3  2018 6
    total 0
    -rw-r--r-- 1 root root 0 May  3  2018 22
    -rw-r--r-- 1 root root 0 May  3  2018 30
    total 0
    -rw-r--r-- 1 root root 0 May  3  2018 34
    total 0
    total 0
    total 0
    -rw-r--r-- 1 root root 0 May  3  2018 16
    total 0
    total 0
    total 0
    total 0
    -rw-r--r-- 1 root root 0 May  3  2018 36
    total 0
  3. With a graphical text editor, I remove the unzip outputs that have “creating: .secret/Z/” and so on, so that I only see those with “extracting: .secret/X/17” because I want to remove things that do not have filename.
  4. Sort the edit contents according to the filename, the filenames are actually numbers and there is no content within the file, so I sorted from 1 until 36 and the end result is like this (yes manual sorting, if you know a script to help you do this would be good.):
  5. By the time I sorted all these manually I was brainfucked, the sorted content clearly shows a message, but remember for the challenges there will be a flag that looks like HTB{something_else}, so I wrote a script to make out the message row by row, I do not want to get my brain fuck again:
    file = "/root/htb/misdirection/sorted.txt"
    secret = ""
    with open(file, "r") as f:
        data = f.read()
    for item in data.split():
        secret += item[0]

    The product of the script is this:

  6. Use python3 ../tools/misdirection.py | base64 --decode | tee flag.txt, cat the contents of flag.txt and I got my HTB flag.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s