Safe @ HackTheBox
Safe is an “easy” machine on hackthebox, involving a simple buffer overflow and cracking a keepass file.
User Flag
We use ropstar, get a shell and the user flag.
Root Flag
Using keepass2john we generate a hash file for every image:
1
keepass2john -k <img> MyPasswords.kdbx > hash
We run rockyou-75.txt against it and find the password “bullshit” rather quickly. Inside the keepass file we find roots password “u3v2249dl9ptv465cogl3cnpo3fyhk”. Now we add our ssh key to “user”, ssh into the box and su to root.
This post is licensed under CC BY 4.0 by the author.