Insider
| Name: | Insider |
|---|---|
| Hint: | A potential insider threat has been reported, and we need to find out what they accessed. Can you help? |
| Base Points: | Easy - Retired [0] |
| Rated Difficulty: |  |
|
HTB-Bot  |
| Creator: | felamos  |
Download and unzip the file and check the hint:
Hint: A potential insider threat has been reported, and we need to find out what they accessed. Can you help?
Files: 113 files inside a Mozilla folder
If we look in the Mozilla/Firefox/Profiles/2542z9mo.default-release folder (it's the first profile), we find a logins.json file with an encrypted username and password. Some simple Google-Fu brings us to https://github.com/unode/firefox_decrypt. Clone into that and run it against that first 2542z9mo.default-release profile.
┌──(kali㉿kali)-[~/Desktop/HTB/Insider/firefox_decrypt]
└─$ python3 firefox_decrypt.py -f json /2542z9mo.default-release
2022-01-29 12:24:16,199 - WARNING - profile.ini not found in /2542z9mo.default-release
2022-01-29 12:24:16,199 - WARNING - Continuing and assuming '/2542z9mo.default-release' is a profile location
[
{
"url": "http://acc01:8080",
"user": "admin",
"password": "HTB{ur_8RoW53R_H157Ory}"
}
]
Well that was easy.
