How to solve Illumination (Forensics)[HTB]

Philippe Delteil
Write-ups HackTheBox
2 min readJan 21, 2023

--

Step by step on how to solve this Forensics challenge

Stats of the challenge.

After downloading the zip file and unzipping it, we are left with the following structure:

> tree -a -L 2
.
├── bot.js
├── config.json
└── .git
├── COMMIT_EDITMSG
├── config
├── description
├── HEAD
├── hooks
├── index
├── info
├── logs
├── objects
├── ORIG_HEAD
└── refs
6 directories, 8 files

If we see the config.json file:

> cat config.json 
{"token": "Replace me with token when in use! Security Risk!",
"prefix": "~",
"lightNum": "1337",
"username": "UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ==",
"host": "127.0.0.1"
}

The username says Red Herring, read the JS carefully. Red Herring means this: a clue or piece of information which is or is intended to be misleading or distracting.

So, we will ignore the Red Herring thing.

Since we looked at a .git folder and the problem statement tells us something about using a new CVS, we can think of the typical git (and github) problem where some people push credentials to their repositories. Then they delete them but they don’t delete them from the history.

Let’s pull out our best git commands:

--

--

No responses yet