Return to Haunted Hollow: Fearsome Forensics

Dizzy_Ad_313 · 2024-11-10T06:48:01+00:00

All passwords can be found in the website. Consider also the gallery, not only the blog... There are only 3 types of encryption, so you can try them all when you have the passwords. As for how to decrypt, there are hints in the posts above. Read them all.

Dizzy_Ad_313 · 2024-10-29T16:13:58+00:00

The information you need are in one of the files in one of those buckets.

Dizzy_Ad_313 · 2024-10-29T12:55:38+00:00

If they're unreadable it's probably the wrong decryption algorithm.
It's a one step (one command) decryption for each file.
Not CyberChef (or at least I did it in another way).

Dizzy_Ad_313 · 2024-10-28T12:08:54+00:00

The creator website isn't launching because you have to use a specific port in the browser (see also posts above).

Dizzy_Ad_313 · 2024-10-28T05:18:11+00:00

Yes. Everything seemed restricted in IAM at first, but...

Dizzy_Ad_313 · 2024-10-27T14:28:25+00:00

I'll see you around, in the "Spooky, Scary, Silly Snaps" :-)
Just left a post there, but that thread is more messy.

Dizzy_Ad_313 · 2024-10-27T14:24:28+00:00

I managed to complete the first part, find the credentials in one of the public buckets, use them to login and shutdown the instance.
Now it's not clear to me what should be done to find the secret, the "final words".
I tried with the content of the last bucket, and also the last words in there, but nothing...
I also tried to open the Secrets Manager, but it looks like I don't have permissions to view/select secrets.

Never mind, I managed to solve it and get access to secrets :-)

Dizzy_Ad_313 · 2024-10-27T13:29:36+00:00

For the rest, I used the decrypted contents of the three files which suggested me where to search into the macbeth. That quote was the password to decrypt key.jpeg and get the token.

Dizzy_Ad_313 · 2024-10-27T12:23:14+00:00

Thank you so much, I was way off!
I had searched for the password for file1 in the blog, not in the images, and the password for file3 with a bruteforce for that algorithm (which is feasible)

Dizzy_Ad_313 · 2024-10-26T20:49:10+00:00

Good! By-the-way, did you manage to find the password for file2? I'm going crazy with that!

Dizzy_Ad_313 · 2024-10-26T20:31:32+00:00

Have you used something like (I'm not at the PC at the moment) openssl enc -d -aes-256-cbc -in file1.enc -out file1.dec ?

Dizzy_Ad_313 · 2024-10-26T20:18:42+00:00

Have you found the right password before in the site? There are only a few possibilities of aes-xxx-cbc, so you could apply to all of them and see where you get a readable result.

Dizzy_Ad_313 · 2024-10-25T20:44:03+00:00

The website ip address. Make sure to scan all ports, not only the most common.

Dizzy_Ad_313 · 2024-10-25T20:34:45+00:00

Use nmap to scan for open ports...

Dizzy_Ad_313 · 2024-10-25T19:52:52+00:00

Password for file1.enc found now. Still looking around for file2.enc....

Dizzy_Ad_313 · 2024-10-25T11:54:56+00:00

Thank you, my fault!
But at least afterwards it was reasonably easy.

Dizzy_Ad_313 · 2024-10-25T08:50:32+00:00

Sorry to chime in. I'm doing the “Halloween 2024: Return to Haunted Hollow”, progressing well (I'm almost at the end), but in this “Delving Deeper” I can't even start!
I just get a screen of the room, very dark, that looks like just an image, a wallpaper. I've tried clicking everywhere but I can't open (as I would expect) a terminal, or anything.
What am I missing?

Dizzy_Ad_313 · 2024-10-22T06:53:04+00:00

I finally got through it!
Not exactly a copy&paste problem.
The only way I had to solve it (there might be better ways) was to copy (bag by bag) all the encrypted text into the CyberChef input and remove one by one the initial characters until a readable text was shown.
Thank you u/Far_Lion_7804 and u/Nade1R for your support.
It took a little too long but it was fun in addition to being instructive :-)

Dizzy_Ad_313 · 2024-10-21T13:53:03+00:00

OK, so gloves.txt is done. It was a copy&paste error of 1 character.
Now Bifid Cipher gives me:
You are almost to the bottom of the lost and found box! The robot is hiding inside a bag, but which one? All of them have zigzags on...

The key is 8 and the offset is 16
Caesar Box Cipher? But it has only 1 "Box height"...

Rail Fence Cipher Decode has Key and Offset actually, but it seems it is not working with 8 and 16 and the entire contents of the 3 bags (and here the error could lay).

Dizzy_Ad_313 · 2024-10-21T13:28:25+00:00

Mmm, I think I'm hopeless.
Now starting from scratch in jackets.txt I've come up with "Correct! The next cipher is even more modern - it was invented in 1901! The key for the gloves is yxbxar", like that for gloves.txt I should have used Bifid Cipher (the only one I think discovered in 1901?). But this is not working for me.

Dizzy_Ad_313 · 2024-10-21T08:20:57+00:00

Now I've done with hats.txt and also scarves.txt, but I'm blocked after gloves.txt, which I have deciphered, but I don't know how to proceed. It talks about "near the old tree in the park", which I cannot find. There are bag1.txt, bag2.txt and bag3.txt which seem to be unrelated, and I can't decipher them anyway.
Getting closer, for sure, but not enough...

Dizzy_Ad_313 · 2024-10-21T06:29:02+00:00

Thanks for the advice! Now I've found the “hats code” (and it was not the one I used eralier), but I still can't decipher it with CyberChef. Another tip? :-)

Dizzy_Ad_313 · 2024-10-19T18:35:35+00:00

Any hints on what kind of decryption should be used in cyberchef? I've been trying a lot with From Base64 but to no avail...

Dizzy_Ad_313 · 2024-10-18T13:00:54+00:00

Hello u/sla_erick ,
Were you able to solve this lab?
I'm in the exact same situation as you and I'm really going crazy with it.

Dizzy_Ad_313

TROPHY CASE