{"id":706,"date":"2024-07-01T15:02:21","date_gmt":"2024-07-01T07:02:21","guid":{"rendered":"http:\/\/162.14.82.114\/?p=706"},"modified":"2024-07-01T15:02:21","modified_gmt":"2024-07-01T07:02:21","slug":"hmv-_-hmvlabs-venus21-40","status":"publish","type":"post","link":"http:\/\/162.14.82.114\/index.php\/706\/07\/01\/2024\/","title":{"rendered":"HMV[-_-]HMVLabs-Venus(21-40)"},"content":{"rendered":"<h1>21 iris<\/h1>\n<pre><code class=\"language-Bash\">iris@venus:~$ ls -la\ntotal 60\ndrwxr-x--- 3 root iris  4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root root  4096 Apr  5 06:27 ..\n-rw-r--r-- 1 iris iris   220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 iris iris  3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 iris iris   807 Apr 23  2023 .profile\ndrwxr-xr-x 2 root root  4096 Apr  5 06:28 .ssh\n-rw-r----- 1 root iris 17484 Apr  5 06:28 eloise\n-rw-r----- 1 root iris    31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root iris    16 Apr  5 06:28 irispass.txt\n-rw-r----- 1 root iris   195 Apr  5 06:27 mission.txt\niris@venus:~$ cat flagz.txt\n8===ClrdWOqlZ1vL61zSk9Va===D~~\niris@venus:~$ cat mission.txt\n################\n# MISSION 0x21 #\n################\n\n## EN ##\nUser eloise has saved her password in a particular way.\n\n## ES ##\nLa usuaria eloise ha guardado su password de una forma particular.\niris@venus:~$ catt eloise\n-bash: catt: command not found\niris@venus:~$ cat eloise\n\/9j\/4AAQSkZJRgABAQEAYABgAAD\/4RDSRXhpZgAATU0AKgAAAAgABAE7AAIAAAAEc01MAIdpAAQA\nAAABAAAISpydAAEAAAAIAAAQwuocAAcAAAgMAAAAPgAAAAAc6gAAAAgAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFkAMAAgAAABQAABCY\nkAQAAgAAABQAABCskpEAAgAAAAM4NQAAkpIAAgAAAAM4NQAA6hwABwAACAwAAAiMAAAAABzqAAAA\nCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAMjAyMToxMToxMCAxMDoxODowMwAyMDIxOjExOjEwIDEwOjE4OjAzAAAAcwBNAEwAAAD\/4QsW\naHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLwA8P3hwYWNrZXQgYmVnaW49J++7vycgaWQ9J1c1\nTTBNcENlaGlIenJlU3pOVGN6a2M5ZCc\/Pg0KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczpt\nZXRhLyI+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJk\nZi1zeW50YXgtbnMjIj48cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0idXVpZDpmYWY1YmRkNS1i\nYTNkLTExZGEtYWQzMS1kMzNkNzUxODJmMWIiIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMv\nZWxlbWVudHMvMS4xLyIvPjxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSJ1dWlkOmZhZjViZGQ1\nLWJhM2QtMTFkYS1hZDMxLWQzM2Q3NTE4MmYxYiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUu\nY29tL3hhcC8xLjAvIj48eG1wOkNyZWF0ZURhdGU+MjAyMS0xMS0xMFQxMDoxODowMy44NDk8L3ht\ncDpDcmVhdGVEYXRlPjwvcmRmOkRlc2NyaXB0aW9uPjxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0\nPSJ1dWlkOmZhZjViZGQ1LWJhM2QtMTFkYS1hZDMxLWQzM2Q3NTE4MmYxYiIgeG1sbnM6ZGM9Imh0\ndHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIj48ZGM6Y3JlYXRvcj48cmRmOlNlcSB4bWxu\nczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPjxyZGY6\nbGk+c01MPC9yZGY6bGk+PC9yZGY6U2VxPg0KCQkJPC9kYzpjcmVhdG9yPjwvcmRmOkRlc2NyaXB0\naW9uPjwvcmRmOlJERj48L3g6eG1wbWV0YT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAog\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAg\nICAgICAgICAgICAgICAgICAgICAgICAgPD94cGFja2V0IGVuZD0ndyc\/Pv\/bAEMABwUFBgUEBwYF\nBggHBwgKEQsKCQkKFQ8QDBEYFRoZGBUYFxseJyEbHSUdFxgiLiIlKCkrLCsaIC8zLyoyJyorKv\/b\nAEMBBwgICgkKFAsLFCocGBwqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq\nKioqKioqKioqKv\/AABEIAGYBigMBIgACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUG\nBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR\n8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5\neoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj\n5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQAC\nAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXx\nFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqS\nk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T1\n9vf4+fr\/2gAMAwEAAhEDEQA\/APpGiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAC\niiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK\nKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooo\noAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiig\nAooqrql1PZaRd3Vnbfa7iCF5I7ffs81gCQu7BxnpnBpNpK7Gk27ItUVyvw48dQfEPwbDrsFr9idp\nHimtjL5hidT03YGcjB6DrWRp3xXg1C88aMNMKaX4UDB777Ru+0uoYsoTbxgqRnJ7etOXu3v2v8hL\nXbvb5nT+I\/GPh3wjbpL4k1i108SAlFlf53x12oPmb8BWFovxl+H3iC9W00zxPamdyFRLhHt95PQA\nyKoJPoK86+FHw9tPiLby\/ET4jR\/2ve6lO5tLaZj5MMasVHydCMggKcjA6Emu\/wDE3wW8C+JNJktP\n+EfsdMlIPlXWnW628kbdj8oAb6MCKLOPxb9g0lsd7WL4d8X6H4ra\/XQL77WdPnNvdfuXTy5B1X5l\nGenUZFec\/APxDqpg13wR4hlM954Yufs8U7EkvFuZQOecArx7EDtVb9nn\/j68df8AYcf+bU9L6bWv\n+K\/zFqlrve34P\/I9nkkWKJ5JDhEUsxx0ArK8M+KdH8YaMuq+HLz7ZZM7RiXynjyy9RhwD+lX9R\/5\nBd1\/1xf\/ANBNeWfs0f8AJG4P+v2f+YpR1cl2Sf4jloovu\/0PWJ5o7a3knmbbHEpd2xnAAyTWLo3j\nXQPEHhebxFpF\/wDaNKhEhkuPJkTaEGW+VlDcD2q\/rf8AyL+of9esv\/oBrxj4Nf8AJsGrf9cr\/wD9\nANQ5NKb7K5SV3Bd3Y9GuPip4NtfDOn+IZ9YKaTqMrQ210bSba7gkEEbMryp+8B0NdeDkZHIrwPwp\n4THjP9kKDS0QNdLHcXFrntKk8jKPx5X\/AIFXffBXxQPFXwp0m4kk33Vmn2O5GckPHwM+5XafxrZx\ntKUe35f8P+hnfRPvf71\/wDqfEnibR\/COiyat4ivVsrGNlVpSjPyxwAFUEk\/QU678R6Rp\/h1dd1C\/\nitNNaJZRcXGYxtYZXhsHJyOMZ7Yryr4tr\/wm\/wAUPCPw+hy1skv9qamAMgRrkKD9QHH\/AANag+Im\nnx+PPj14a8EX+86JYWTahdW8bbVkb5gAcdsKo9QGbGM1mrtLzbt6Jav8\/uLdk9ei1+ey\/L7zvPDv\nxc8C+KtUXTdD8QwT3j\/chkikhMh9F8xV3H2GTXZMyohd2CqoyWJwAK8c+Mvwv8NQ\/Dm91nw7o9po\n+qaMou7e40+FYGwpBYNtAzxkgnkEDnrUPxG17WPEX7LcWs2O8TXtpbvfmHr5ZIEvTtnr7ZzxmiUl\nytrdW\/Hr\/mCV5Jd7\/gdZf\/HH4b6bfNaXPim2aVTgm3hlmT\/vtFK\/rXW6J4g0jxJp4vtB1G21C2Jx\n5lvIGCn0OOh9jzXnXw\/8P\/B\/V\/DVlbaDYeH9Tl8hTIt1FFLd7sclw43g5z6D04qfwz8KrrwT8Wrn\nWvCs9taeF9Qttt3ppkfcJRnBRcYwDyMtxuYAYq+Wz5WRe6ujtT4v0NfGI8Km+\/4nTQfaBa+S\/wDq\n\/wC9v27fwzmtqvC9Y1bTtF\/a4ivNZv7XT7YaJtM91MsSAkHA3MQM16h\/wsfwR\/0OXh\/\/AMGkH\/xV\nStYp+v5tFP4mvT8ky3YeLdE1TxNqPh+xvfN1TTFVru38p18sMAR8xAU9R0Jq9qmrafomnyX2sXtv\nY2kf357iQIg9OT39q8e+GeoWeqftFeP73TLuC8tZbe3Mc9vIJEcbUHDDIPIIrM\/ssfHH40a1b63P\nM3hXws4gjs45CgnmyVJJHPJV8kc4CgY60ldqPdq7B2TlfZOx38fx1+G0t99lXxTAJM43NBMqf99l\nNv45rurS8ttQs4ruwuIrq2mXdHNC4dHHqGHBFcvL8KPAM2mmxfwhpAhKbNyWqrLj\/roAHz75zXmX\ng63uPhF8dh4Gt7ma48OeIITc2STPkwSAN+uUKn1BQnpVKzfL1E7pc3Y97oryrxX8dbDwf4+v\/DOo\n6Lcztb28b20lrJ5kl1K+3bEI9oA+8Tkt\/DwCSBWfpH7QRPimz0bxn4M1PwuL9wltPdFiGJOAWVo0\nIXOBkZxn8aUfetbqOXu7npmr+LdE0HWdL0rVb3yL3VpDFZReU7eawwCMqCF+8OpFbNeIfHHU7TRf\nib8OdT1KYQWlpdTTTSEZ2qpjJOB1+lSJ+0YtrewT+IPBGt6RoF1IFttWmRiJAejbSgGMc4VmOOma\nI+9G\/W7X+QSun8l+p7UzKiF3YKqjJYnAArgr\/wCOPw302+a0ufFNs0qnBNvDLMn\/AH2ilf1rO+PN\n1fXHwQ1G50CVpIZhE00kBzutmILEEfwkEZ9s9qg+H\/h\/4P6v4asrbQbDw\/qcvkKZFuoopbvdjkuH\nG8HOfQenFCTbfkDaSXmei6J4g0jxJp4vtB1G21C2Jx5lvIGCn0OOh9jzXP8Aif4seCvBusf2V4k1\nr7He+WsvlfZZpPlOcHKIR2PesHwz8KrrwT8WrnWvCs9taeF9Qttt3ppkfcJRnBRcYwDyMtxuYAYr\nn9S0jTdb\/a0a01rTrXULb+wQ\/k3cCypuB4O1gRmh6uNuv6J\/5Bsnfp+tv8zqoPj78M7iZYo\/E6Bm\nOAZLO4RfxZowB+Nd9ZX1rqVjFeafcxXVtMu+KaFw6OPUEcGubvfhh4EvLGa3n8I6JHHIhVnhsYon\nUeodQCp9wRXlfwG1yXw\/8PvHDws2oaXoVzNPZK0mPMCozFQ3OAQqngdWJ70XWt+iv\/X3js21bq7H\nv9FeLQ\/tCvqeg2lz4a8E6pruovH5l5aWLNJHZDcwAeVYz8xC5xtHB61btP2h9D1LwtDd6TpGoX+v\nTSNCmg2y+ZPvUZJyoJ2Y\/i2568cHB38hLU9eorzH4e\/GeHxn4muPDes6BeeHNbiQyLaXTFt4ABI5\nVSGwc4K9O9enU7NCTuFFFFIYUUUUAFFFFABRRRQAUUUUAFFFFAHhWja4vwo8ZfEfSLldll5Da\/pq\nkYVt3DKP+Bsi\/wDAav8AgvwXeN+zVqVrtZ9X8RWdxfSE53SSSqSgP1UL+dZXx50e08UfEbwd4fsJ\nj\/at8zwXccRyVtNysS302sR9DXvEEMdtbxwQKEjiUIijooAwBUqN6TXly\/Jf0vuKbtUX\/gX3\/wBP\n7zzL9nrXbTVvhDp1nDIv2rS2e3uYc\/NGd7MpI9CD\/P0r06SRIo2klZURAWZmOAAOpJryXxL8FbuL\nxPP4n+GfiGTwzqtwd08AXNvOxOSSB0yeSCGGewrJuPhX8VvF8Q0\/x98QbYaUx\/ew6ZFgzL3U4jjB\n\/HcB1wauUnN32ZCioadA+CEq+Ifij8QPFdkrf2dc3Qgt5O0vzMcj8Ap9twqz8ASltr\/xB053H2mH\nW3ZozwQu5wD+YNeo+FvC+l+DfDltomhQGK0txxuOWdj1dj3Ynn+WBgV594z+D+q3PjGXxh8OfEbe\nH9buFxcxuCYbg8cnGcdASCrAkA4BpaRaS2St+T\/ND1ldvdu\/5r8j0jxBexad4a1O9uCFit7SWVyT\njgITXlXwJ1Wx8K\/s\/Q6xr9wtnYLczSNMylgqmTYOACfvcVRuvhV8V\/GKDTviB4\/tP7IJBlh02LDS\njP3SBHGCPruAODg16jc+BdGm+Hb+DI4mh0trT7KoUgso7Pk9Wz82fWlrFSkt2l\/mPSTinsn\/AMAu\nXmo2mp+C7jUrGYS2dzp7zxS4IDI0ZIbnkcHvXkXwcUr+y\/qhI4aG\/I9xtI\/pVaH4Q\/Fm00c+FbTx\n\/ZJ4YIMQ+RvPER6qPkyB22iTGOOlepad4Ht9A+F0nhDRHGBYy26Szcb5HVsu2AcZZieOlKa92bj1\nVl3HF+9BPo7swP2fP+SHaF9bj\/0fJWD4FCeAPjv4o8KTN5Wn65GNW0\/cflB5LqPT+P8ACMV3Xwt8\nJ33gj4cab4f1WW3mu7Qy73tmZozukZxgsAejDtWB8YPhrq\/jgaVf+FL210\/WLAyxGe4dkDQyIVZc\nqrHPpx3NaVZfvHKOu6+\/\/g2ZEFePK\/X8f8rr5mZ8G4m8V+LvFXxHuUYJqNybHTtx6W8eBkfXan4q\naivnGm\/te6e9x8qaloZjhYnALAsSP\/HD+deleDfDcHhDwbpmg220rZQLGzqMB36u34sSfxrnvif8\nM08f2djc2GoPpOuaXIZbG\/jByp4O04wcZAORyCPqCnaMopaqOn4NX\/G4K8k76N\/53X5WJ\/jFexWH\nwd8SyzkBXsXhXJxln+QfqwrmfD\/jXTPhv8FfBZ8TWl49vfwR25eKJWWIuNwMm5hhcE9M9DxWOfhD\n8RPGN7aW\/wAVPGVrfaJayCU2enrtM5HZsRxgf7x3EZOMda9U8V+DNH8Y+E5vD2qwbbN1URmHCtAV\n+6ycYBH5Y46Glayb3vb7l\/nce7S7X+92\/wAjlPEHwB+HviFpJhpB02eXnztNlMQH0TmMf981y3h8\na38KvjJo\/gw6\/d674f1yBzbw3jbpbMqDjB9Pl7YByeMilt\/hr8ZPDEK6b4P+IVlLpkfEQ1GLLovZ\nRuikwB6Bse1dJ4C+Elzofih\/FvjXXZPEPiNkKRysCI7YEYITPXgkDgAAnA7046O62FK7i09zjfFX\nhbR\/GH7VkeleI7P7ZZNowkMXmvHllDYOUIP612\/\/AAz58Mf+hZ\/8n7n\/AOOVO\/gHVG+PcfjcT2f9\nmrpv2Qxb287fg8427cc\/3vwr0KpirRXz\/Njd3J\/L8keF\/CXQtO8NfHzx1pGiW\/2axtbeBYYt7PtB\nCk8sSTyT1NO+Ddwnhz4u+PvCupusN7c332y2VzzMmXbjPX5XU\/TJ7V2nhnwLqei\/F\/xV4qup7R7H\nWY4kt443YyqVCg7gVAHQ9CaZ8RfhJp\/jq7ttWs7+fQ\/EFmMQalafewOgYAgnHYggj9KcW1GDfaz+\n+4NJykvO6\/r7z0GvC\/FNzF4n\/at8L6fpuZjoVs0t7IhyIzhm2n06oPq+KmbwJ8c7lDYXPxF0+OwY\nbDPDFifb65EIbPvvz712\/wAN\/hdpXw4sbj7LPLqGp3pDXmoXAw8p64A52rkk4yTk8k8YcUuZTfT8\nxSfuuPc4ewtYLj9sjU5J4ld7fSFkiLD7jbI1yPfDMPxqb9pxR\/whOhSYG9dZi2tjkfI\/Q\/gK6ey8\nA6pbfHrUPGzz2Z02504WqRB284OAnJG3bj5T\/F6Uvxi8Bap8QfDenafo09pBLa6gl07XbsqlQrAg\nbVbn5hSjpGHk1\/6Vf8invL0\/9tt+ZyHxstbS++KHwyttTRZLWa\/ZZEcZVwXi4PqCeK7\/AOLdvZ3H\nwh8SpqCoYVsJHXd2dRlCPfcFxWD8VfhZefEXXfDMqXUFvYaa8n2wmVkm2tswYsKRuG0nkjtXNX\/w\ng+JPiqSPRvG3j6K88MwyA7beLbcTqp43jYBnjqzPg881Nuanybav8QT5ZKfZL9TR8I\/EHT\/A3wM8\nGXHiq2vZYL9fsgkijV1jG5tpfcy4XYO2eBWz4g+APw98QtJMNIOmzy8+dpspiA+icxj\/AL5rpdf8\nA6D4i8C\/8Ind2vlabHEkcAiOGt9gwjITnke+c85zk15lb\/DX4yeGIV03wf8AEKyl0yPiIajFl0Xs\no3RSYA9A2Park1KbduuhMU4wS8tRPD41v4VfGTR\/Bh1+713w\/rkDm3hvG3S2ZUHGD6fL2wDk8ZFZ\nXjnwzqXiz9pxtN0XxFd+Hbn+xUk+22gbftBOV+V0ODn17V3XgL4SXOh+KH8W+Nddk8Q+I2QpHKwI\njtgRghM9eCQOAACcDvWgPAupj48Hxr59p\/Zp0v7H5W9vO35znG3bj\/gWfalbWPNra\/5Owfzcvl+a\nucdJ8AfEt\/GbbXPizr2oWMnEtsyyYcenzTMPzBrsdQ8H6T4G+COv6JoMLJbRaVdMzyHc8rmJsux7\nk\/gOgAAGK76srxRpk2t+EdX0q0aNJ76xmt42kJChnQqCSATjJ9DUzu4SS6mlOynFvozhf2draG3+\nCWkyQxKj3Ek8krAcu3msuT+CgfhXO\/BK0t1+L\/xPmWCMSxal5cbhRlVaWYkD0BKr+Qr0P4W+E77w\nR8ONN8P6rLbzXdoZd72zM0Z3SM4wWAPRh2rK+HngDVPCXjfxprGpXFnLb69ei4tVgdi6LvkbDgqA\nDhx0J71tJr2ra7P81+hkl+6t5r82ct4pAT9r7weUG0vpUm8jjd8tx19a9srzzW\/AGqal8dfD\/jSC\n4s103TLJ7eaJ3YTMxEoyoC7SP3g6sO9eh1C+BL1\/Nly1nddl+QUUUUhBRRRQAUUUUAFFFFABRRRQ\nAU2RFkjZHGVYEEeoNOopNXVmBwPgP4M+Ffh7qtxqWjLd3F7MpRZryRXMKHqqBVUDPqcn3rvqKKq4\nBRRRSAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAC\niiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK\nKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooo\noAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiig\nAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP\n\/9k=\niris@venus:~$ cat irispass.txt\nkYjyoLcnBZ9EJdz\niris@venus:~$ cat eloise | base64 -d\n\ufffd\ufffd\ufffd\ufffdJFIF``\ufffd\ufffd\ufffdExifMM;sML\ufffdJ\ufffd\ufffd\ufffd\n>\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd85\ufffd\ufffd85\ufffd\n\ufffd2021:11:10 10:18:032021:11:10 10:18:03sML\ufffd\ufffd\nhttp:\/\/ns.adobe.com\/xap\/1.0\/&lt;?xpacket begin=&#039;\ufeff&#039; id=&#039;W5M0MpCehiHzreSzNTczkc9d&#039;?&gt;\n&lt;x:xmpmeta xmlns:x=&quot;adobe:ns:meta\/&quot;&gt;&lt;rdf:RDF xmlns:rdf=&quot;http:\/\/www.w3.org\/1999\/02\/22-rdf-syntax-ns#&quot;&gt;&lt;rdf:Description rdf:about=&quot;uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b&quot; xmlns:dc=&quot;http:\/\/purl.org\/dc\/elements\/1.1\/&quot;\/&gt;&lt;rdf:Description rdf:about=&quot;uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b&quot; xmlns:xmp=&quot;http:\/\/ns.adobe.com\/xap\/1.0\/&quot;&gt;&lt;xmp:CreateDate&gt;2021-11-10T10:18:03.849&lt;\/xmp:CreateDate&gt;&lt;\/rdf:Description&gt;&lt;rdf:Description rdf:about=&quot;uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b&quot; xmlns:dc=&quot;http:\/\/purl.org\/dc\/elements\/1.1\/&quot;&gt;&lt;dc:creator&gt;&lt;rdf:Seq xmlns:rdf=&quot;http:\/\/www.w3.org\/1999\/02\/22-rdf-syntax-ns#&quot;&gt;&lt;rdf:li&gt;sML&lt;\/rdf:li&gt;&lt;\/rdf:Seq&gt;\n                        &lt;\/dc:creator&gt;&lt;\/rdf:Description&gt;&lt;\/rdf:RDF&gt;&lt;\/x:xmpmeta&gt;\n........\niris@venus:~$<\/code><\/pre>\n<p>\u53d1\u73b0\u4f3c\u4e4e\u662f\u4e00\u4e2a\u7167\u7247\uff0c\u5c1d\u8bd5\u8fdb\u884c\u8bc6\u522b\uff0c\u4f7f\u7528<code>cyberchef<\/code>\uff0cbase64\u89e3\u7801\u4ee5\u540e\u70b9\u4e00\u4e0b\u9b54\u672f\u68d2\u5f97\u5230\u5bc6\u7801\uff1a<\/p>\n<pre><code class=\"language-text\">yOUJlV0SHOnbSPm<\/code><\/pre>\n<h1>22 eloise<\/h1>\n<pre><code class=\"language-Bash\">eloise@venus:~$ ls -la\ntotal 36\ndrwxr-x--- 2 root   eloise 4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root   root   4096 Apr  5 06:27 ..\n-rw-r--r-- 1 eloise eloise  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 eloise eloise 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 eloise eloise  807 Apr 23  2023 .profile\n-rw-r----- 1 root   eloise   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root   eloise   50 Apr  5 06:28 hi\n-rw-r----- 1 root   eloise  194 Apr  5 06:27 mission.txt\neloise@venus:~$ cat hi\n00000000: 7576 4d77 4644 5172 5157 504d 6547 500a\neloise@venus:~$ cat flagz.txt\n8===57CzBLKaEq2N8YBFRu31===D~~\neloise@venus:~$ cat mission.txt\n################\n# MISSION 0x22 #\n################\n\n## EN ##\nUser lucia has been creative in saving her password.\n\n## ES ##\nLa usuaria lucia ha sido creativa en la forma de guardar su password.\neloise@venus:~$ xxd hi\n00000000: 3030 3030 3030 3030 3a20 3735 3736 2034  00000000: 7576 4\n00000010: 6437 3720 3436 3434 2035 3137 3220 3531  d77 4644 5172 51\n00000020: 3537 2035 3034 6420 3635 3437 2035 3030  57 504d 6547 500\n00000030: 610a                                     a.\neloise@venus:~$ xxd -h\nUsage:\n       xxd [options] [infile [outfile]]\n    or\n       xxd -r [-s [-]offset] [-c cols] [-ps] [infile [outfile]]\nOptions:\n    -a          toggle autoskip: A single &#039;*&#039; replaces nul-lines. Default off.\n    -b          binary digit dump (incompatible with -ps,-i,-r). Default hex.\n    -C          capitalize variable names in C include file style (-i).\n    -c cols     format &lt;cols&gt; octets per line. Default 16 (-i: 12, -ps: 30).\n    -E          show characters in EBCDIC. Default ASCII.\n    -e          little-endian dump (incompatible with -ps,-i,-r).\n    -g bytes    number of octets per group in normal output. Default 2 (-e: 4).\n    -h          print this summary.\n    -i          output in C include file style.\n    -l len      stop after &lt;len&gt; octets.\n    -n name     set the variable name used in C include output (-i).\n    -o off      add &lt;off&gt; to the displayed file position.\n    -ps         output in postscript plain hexdump style.\n    -r          reverse operation: convert (or patch) hexdump into binary.\n    -r -s off   revert with &lt;off&gt; added to file positions found in hexdump.\n    -d          show offset in decimal instead of hex.\n    -s [+][-]seek  start at &lt;seek&gt; bytes abs. (or +: rel.) infile offset.\n    -u          use upper case hex letters.\n    -v          show version: &quot;xxd 2022-01-14 by Juergen Weigert et al.&quot;.\neloise@venus:~$ xxd -r hi\nuvMwFDQrQWPMeGP<\/code><\/pre>\n<h1>23 lucia<\/h1>\n<pre><code class=\"language-Bash\">lucia@venus:~$ ls -la\ntotal 36\ndrwxr-x--- 2 root  lucia 4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root  root  4096 Apr  5 06:27 ..\n-rw-r--r-- 1 lucia lucia  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 lucia lucia 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 lucia lucia  807 Apr 23  2023 .profile\n-rw-r----- 1 root  lucia 1998 Apr  5 06:28 dict.txt\n-rw-r----- 1 root  lucia   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root  lucia  397 Apr  5 06:27 mission.txt\nlucia@venus:~$ cat flagz.txt\n8===5Sr2pqeVTmn8RaaPmTPE===D~~\nlucia@venus:~$ cat mission.txt\n################\n# MISSION 0x23 #\n################\n\n## EN ##\nThe user isabel has left her password in a file in the \/etc\/xdg folder but she does not remember the name, however she has dict.txt that can help her to remember.\n\n## ES ##\nLa usuaria isabel ha dejado su password en un fichero en la carpeta \/etc\/xdg pero no recuerda el nombre, sin embargo tiene dict.txt que puede ayudarle a recordar.\nlucia@venus:~$ head -n 10 dict.txt\n\ns\nhack\nhacker\nhandler\nhanlder\nhappening\nhead\nheader\nheaders\nlucia@venus:~$ ls \/etc\/xdg\nls: cannot open directory &#039;\/etc\/xdg&#039;: Permission denied\n<\/code><\/pre>\n<p>\u53ea\u80fd\u5c1d\u8bd5\u8fdb\u884c\u7206\u7834\u4e86\uff0c\u8fd9\u91cc\u6211\u6ca1\u5199\u51fa\u6765\uff0c\u6211\u770b\u4e86\u522b\u7684\u5e08\u5085\u5199\u7684\u811a\u672c\uff0c\u5b66\u4e60\u4e00\u4e0b\uff1a<\/p>\n<pre><code class=\"language-Bash\">while IFS= read -r line; do readlink -e \/etc\/xdg\/$line; done&lt;dict.txt<\/code><\/pre>\n<ul>\n<li>IFS=     \u4e0d\u4f1a\u5bf9\u8f93\u5165\u884c\u8fdb\u884c\u5206\u5272<\/li>\n<li>-r       \u4e0d\u89e3\u91ca\u53cd\u659c\u6760<\/li>\n<li>readlink \u7528\u4e8e\u89e3\u6790\u7b26\u53f7\u94fe\u63a5\u5e76\u8fd4\u56de\u76ee\u6807\u6587\u4ef6\u7684\u8def\u5f84\u3002<\/li>\n<li>-e       \u8fd4\u56de\u7edd\u5bf9\u8def\u5f84<\/li>\n<\/ul>\n<pre><code class=\"language-Bash\">lucia@venus:~$ while IFS= read -r line; do readlink -e \/etc\/xdg\/$line; done&lt;dict.txt\n\/etc\/xdg\n\/etc\/xdg\/readme\nlucia@venus:~$ cat \/etc\/xdg\/readme\nH5ol8Z2mrRsorC0<\/code><\/pre>\n<h1>24 isabel<\/h1>\n<pre><code class=\"language-Bash\">lucia@venus:~$ su isabel\nPassword:\nisabel@venus:\/pwned\/lucia$ cd ~\nisabel@venus:~$ ls -la\ntotal 180\ndrwxr-x--- 2 root   isabel   4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root   root     4096 Apr  5 06:27 ..\n-rw-r--r-- 1 isabel isabel    220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 isabel isabel   3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 isabel isabel    807 Apr 23  2023 .profile\n-rw-r----- 1 root   isabel 150544 Apr  5 06:28 different.txt\n-rw-r----- 1 root   isabel     31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root   isabel    245 Apr  5 06:27 mission.txt\nisabel@venus:~$ cat flagz.txt\n8===Md2CU83GtVfouhm9U0AS===D~~\nisabel@venus:~$ cat mission.txt\n################\n# MISSION 0x24 #\n################\n\n## EN ##\nThe password of the user freya is the only string that is not repeated in different.txt\n\n## ES ##\nLa password de la usuaria freya es el unico string que no se repite en different.txt\nisabel@venus:~$ head different.txt -n 10\n3e73c17ede4b9b4\n3e73c17ede4b9b4\nfb834b364abb5eb\nfb834b364abb5eb\n36771e2733ec17c\n36771e2733ec17c\n47949b26a7c452a\n47949b26a7c452a\n371cedbb4a4e593\n371cedbb4a4e593\nisabel@venus:~$ cat different.txt | uniq -c\n      2 3e73c17ede4b9b4\n      2 fb834b364abb5eb\n      2 36771e2733ec17c\n      .......\nisabel@venus:~$ cat different.txt | uniq -c | sort -n\n      1 EEDyYFDwYsmYawj\n      2 00010b0765c11cc\n      2 00205d587090943\n      2 00213023c9abfbe\n      2 002b4e53be7876f\n      2 0034acdf29fb163\n      .......\n<\/code><\/pre>\n<p>\u627e\u5230\u4e86\u90a3\u4e2a\u5bc6\u7801 <code>EEDyYFDwYsmYawj<\/code><\/p>\n<pre><code class=\"language-Bash\">isabel@venus:~$ su -l freya\nPassword:\nfreya@venus:~$<\/code><\/pre>\n<h1>25 freya<\/h1>\n<pre><code class=\"language-Bash\">freya@venus:~$ ls -la\ntotal 32\ndrwxr-x--- 2 root  freya 4096 Apr  5 06:27 .\ndrwxr-xr-x 1 root  root  4096 Apr  5 06:27 ..\n-rw-r--r-- 1 freya freya  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 freya freya 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 freya freya  807 Apr 23  2023 .profile\n-rw-r----- 1 root  freya   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root  freya  262 Apr  5 06:27 mission.txt\nfreya@venus:~$ cat flagz.txt\n8===m1rRSv2pdm3sBGmgidul===D~~\nfreya@venus:~$ cat mission.txt\n################\n# MISSION 0x25 #\n################\n\n## EN ##\nUser alexa puts her password in a .txt file in \/free every minute and then deletes it.\n\n## ES ##\nLa usuaria alexa pone su password en un fichero .txt en la carpeta \/free cada minuto y luego lo borra.\nfreya@venus:~$ while true; do cat \/free\/* 2&gt;\/dev\/null; done\nmxq9O3MSxxX9Q3S\nmxq9O3MSxxX9Q3S\nmxq9O3MSxxX9Q3S\nmxq9O3MSxxX9Q3S\nmxq9O3MSxxX9Q3S\nmxq9O3MSxxX9Q3S\n.......\nfreya@venus:~$ su -l alexa\nPassword:\nalexa@venus:~$<\/code><\/pre>\n<h1>26 alexa<\/h1>\n<pre><code class=\"language-Bash\">alexa@venus:~$ ls -la\ntotal 32\ndrwxr-x--- 2 root  alexa 4096 Apr  5 06:27 .\ndrwxr-xr-x 1 root  root  4096 Apr  5 06:27 ..\n-rw-r--r-- 1 alexa alexa  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 alexa alexa 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 alexa alexa  807 Apr 23  2023 .profile\n-rw-r----- 1 root  alexa   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root  alexa  172 Apr  5 06:27 mission.txt\nalexa@venus:~$ cat flagz.txt\n8===12ALP3eLlJ1GrTBxwJQM===D~~\nalexa@venus:~$ cat mission.txt\n################\n# MISSION 0x26 #\n################\n\n## EN ##\nThe password of the user ariel is online! (HTTP)\n\n## ES ##\nEl password de la usuaria ariel esta online! (HTTP)\nalexa@venus:~$ curl http:\/\/127.0.1\n33EtHoz9a0w2Yqo<\/code><\/pre>\n<h1>27 ariel<\/h1>\n<pre><code class=\"language-Bash\">ariel@venus:~$ ls -la\ntotal 44\ndrwxr-x--- 2 root  ariel  4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root  root   4096 Apr  5 06:27 ..\n-rw-r--r-- 1 ariel ariel   220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 ariel ariel  3526 Apr 23  2023 .bashrc\n-rw-r----- 1 root  ariel 12288 Apr  5 06:28 .goas.swp\n-rw-r--r-- 1 ariel ariel   807 Apr 23  2023 .profile\n-rw-r----- 1 root  ariel    31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root  ariel   254 Apr  5 06:27 mission.txt\nariel@venus:~$ cat flagz.txt\n8===lqTeJ1msxhNjNJCptxmZ===D~~\nariel@venus:~$ cat mission.txt\n################\n# MISSION 0x27 #\n################\n\n## EN ##\nSeems that ariel dont save the password for lola, but there is a temporal file.\n\n## ES ##\nParece ser que a ariel no le dio tiempo a guardar la password de lola... menosmal que hay un temporal!\nariel@venus:~$ vim -h\nVIM - Vi IMproved 9.0 (2022 Jun 28, compiled May 04 2023 10:24:44)\n\nUsage: vim [arguments] [file ..]       edit specified file(s)\n   or: vim [arguments] -               read text from stdin\n   or: vim [arguments] -t tag          edit file where tag is defined\n   or: vim [arguments] -q [errorfile]  edit file with first error\n\nArguments:\n   --                   Only file names after this\n   -v                   Vi mode (like &quot;vi&quot;)\n   -e                   Ex mode (like &quot;ex&quot;)\n   -E                   Improved Ex mode\n   -s                   Silent (batch) mode (only for &quot;ex&quot;)\n   -d                   Diff mode (like &quot;vimdiff&quot;)\n   -y                   Easy mode (like &quot;evim&quot;, modeless)\n   -R                   Readonly mode (like &quot;view&quot;)\n   -Z                   Restricted mode (like &quot;rvim&quot;)\n   -m                   Modifications (writing files) not allowed\n   -M                   Modifications in text not allowed\n   -b                   Binary mode\n   -l                   Lisp mode\n   -C                   Compatible with Vi: &#039;compatible&#039;\n   -N                   Not fully Vi compatible: &#039;nocompatible&#039;\n   -V[N][fname]         Be verbose [level N] [log messages to fname]\n   -D                   Debugging mode\n   -n                   No swap file, use memory only\n   -r                   List swap files and exit\n   -r (with file name)  Recover crashed session\n   -L                   Same as -r\n   -A                   Start in Arabic mode\n   -H                   Start in Hebrew mode\n   -T &lt;terminal&gt;        Set terminal type to &lt;terminal&gt;\n   --not-a-term         Skip warning for input\/output not being a terminal\n   --ttyfail            Exit if input or output is not a terminal\n   -u &lt;vimrc&gt;           Use &lt;vimrc&gt; instead of any .vimrc\n   --noplugin           Don&#039;t load plugin scripts\n   -p[N]                Open N tab pages (default: one for each file)\n   -o[N]                Open N windows (default: one for each file)\n   -O[N]                Like -o but split vertically\n   +                    Start at end of file\n   +&lt;lnum&gt;              Start at line &lt;lnum&gt;\n   --cmd &lt;command&gt;      Execute &lt;command&gt; before loading any vimrc file\n   -c &lt;command&gt;         Execute &lt;command&gt; after loading the first file\n   -S &lt;session&gt;         Source file &lt;session&gt; after loading the first file\n   -s &lt;scriptin&gt;        Read Normal mode commands from file &lt;scriptin&gt;\n   -w &lt;scriptout&gt;       Append all typed commands to file &lt;scriptout&gt;\n   -W &lt;scriptout&gt;       Write all typed commands to file &lt;scriptout&gt;\n   -x                   Edit encrypted files\n   --startuptime &lt;file&gt; Write startup timing messages to &lt;file&gt;\n   --log &lt;file&gt;         Start logging to &lt;file&gt; early\n   -i &lt;viminfo&gt;         Use &lt;viminfo&gt; instead of .viminfo\n   --clean              &#039;nocompatible&#039;, Vim defaults, no plugins, no viminfo\n   -h  or  --help       Print Help (this message) and exit\n   --version            Print version information and exit\nariel@venus:~$ vim -r .goas.swp\nThats my little DIc with my old and current passwOrds:\n--&gt;ppkJjqYvSCIyAhK\n--&gt;cOXlRYXtJWnVQEG\n--rxhKeFKveeKqpwp\n--&gt;RGBEMbZHZRgXZnu\n--&gt;IaOpTdAuhSjGZnu\n--&gt;NdnszvjulNellbK\n--&gt;GBUguuSpXVjpxLc\n--&gt;rSkPlPhymYcerMJ\n--&gt;PEOppdOkSqJZweH\n--&gt;EKvJoTBYlwtwFmv\n--&gt;d3LieOzRGX5wud6\n--&gt;mYhQVLDKdJrsIwG\n--&gt;DabEJLmAbOQxEnD\n--&gt;LkWReDaaLCMDlLf\n--&gt;cbjYGSvqAsqIvdg\n--&gt;QsymOOVbzSaKmRm\n--&gt;bnQgcXYamhSDSff\n--&gt;VVjqJGRrnfKmcgD<\/code><\/pre>\n<p>\u6309<code>gg<\/code>\u53ef\u4ee5\u5230\u9875\u9762\u9876\u90e8\u7b2c\u4e00\u4e2a\u5b57\u7b26\u4e0a\u9762\u53bb\uff0c\u4f7f\u7528<code>dd<\/code>\u5373\u53ef\u5220\u9664\u6539\u884c\uff0c\u6309<code>dw<\/code>\u53ef\u4ee5\u5220\u9664\u5355\u8bcd\uff0c\u6309<code>.<\/code>\u53ef\u4ee5\u6267\u884c\u4e0a\u4e00\u4e2a\u547d\u4ee4\uff0c\u5982\u6b64\u5373\u53ef\u5220\u9664\u6389\u6240\u6709\u7684<code>--&gt;<\/code>\u548c\u7a7a\u767d\u884c\uff0c\u7136\u540e\u6309<\/p>\n<pre><code class=\"language-Bash\">:w \/tmp\/pass\n:q!<\/code><\/pre>\n<p>\u8fdb\u884c\u4fdd\u5b58\uff0c\u540e\u9762\u53ef\u4ee5\u5c1d\u8bd5\u8fdb\u884c\u7206\u7834\uff0c\u6211\u4f7f\u7528hydra\u8fdb\u884c\u7206\u7834\u7684\uff0c\u4e5f\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528bash\u811a\u672c\u8fdb\u884c\u7206\u7834\uff1a<\/p>\n<pre><code class=\"language-Bash\">hgbe02@pwn:~\/temp$ hydra -l lola -P pass ssh:\/\/venus.hackmyvm.eu:5000\nHydra v9.2 (c) 2021 by van Hauser\/THC &amp; David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\nHydra (https:\/\/github.com\/vanhauser-thc\/thc-hydra) starting at 2024-07-01 01:44:04\n[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n[DATA] max 16 tasks per 1 server, overall 16 tasks, 18 login tries (l:1\/p:18), ~2 tries per task\n[DATA] attacking ssh:\/\/venus.hackmyvm.eu:5000\/\n[5000][ssh] host: venus.hackmyvm.eu   login: lola   password: d3LieOzRGX5wud6\n1 of 1 target successfully completed, 1 valid password found\nHydra (https:\/\/github.com\/vanhauser-thc\/thc-hydra) finished at 2024-07-01 01:44:14<\/code><\/pre>\n<p>\u4e0b\u9762\u9644\u4e0a\u5927\u4f6c\u5199\u7684\u811a\u672c\uff0c\u5f88\u4f18\u96c5\uff1a<\/p>\n<pre><code class=\"language-Bash\">while IFS= read -r line; do echo $line | timeout 2 su lola 2&gt;\/dev\/null; if [ $? -eq 0 ]; then echo $line; break; fi; done &lt; \/tmp\/dict.txt<\/code><\/pre>\n<h1>28 lola<\/h1>\n<pre><code class=\"language-Bash\">lola@venus:~$ ls -la\ntotal 36\ndrwxr-x--- 2 root lola 4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root root 4096 Apr  5 06:27 ..\n-rw-r--r-- 1 lola lola  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 lola lola 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 lola lola  807 Apr 23  2023 .profile\n-rw-r----- 1 root lola   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root lola  272 Apr  5 06:27 mission.txt\n-rw-r----- 1 root lola 1438 Apr  5 06:28 pages.txt\nlola@venus:~$ cat flagz.txt\n8===TMYRw853hx8yKRocFMgM===D~~\nlola@venus:~$ cat mission.txt\n################\n# MISSION 0x28 #\n################\n\n## EN ##\nThe user celeste has left a list of names of possible .html pages where to find her password.\n\n## ES ##\nLa usuaria celeste ha dejado un listado de nombres de posibles paginas .html donde encontrar su password.\nlola@venus:~$ cat pages.txt\n\nnew-servers\nserver-updates\nSenSage_LEO\n1355485668\n25101\nReal-Time Communication\nulist\nVGVsbmV0\n15915\nmumbo\nplanet-icon\nDealTime_57c\n121616253\n708303201\nsuppliers_logos\nimagesPage\nbar-left\nwebdev-logo\nh-line\n34552\n479800180\n1080410073\nsymm\n1665300941\ntime-date\nimage-effects\n1412058599\n1166197595\n1115392848\n1083085151\nDotster_47c\nagi\ngrotius\nprimers\ndecades\nupfront\nsitecredits\nSSC\nKids-Software\nProjector-Accessories\nInk\nMicrophones\nSatellite-Radio\nexistingcustomers\nmedia-types\njunkbuster\nsymankr\ncareer-opportunities\ncorner_ur\ncorner_ul\nfindlaw\nclassaction\nFactsheets\nComets\nsymantch\ndark_grey\nSunbelt\npenguin_log\ncswift\neref\nsymantecpress\nsymanbr\nh_consumerassistanceheader\nh_homeb\nh_parentsb\nh_privacyb\nh_consumerassistanceb\nh_consumerfaqsb\nh_mainheader\ndmasponsorship\nconsumerfaqs\nsymantde\npc_dots\nci_4958157\nthemonitor\nColumbus\nglo\nregan\nGR2006120500981\nuscode49\nuscode39\nuscode20\nDEFAULT\nuscode12\ntoxins\nferris\nJan07\n000109\nefpa\nfunders\nbadads\ncivicactions\niraq_plans\naskthepilot215\nmail_cover\n081606\n092306\nbook_review\nconsumerprotection\nfacta\n050518\nIWC\nahead\nshah\nrockertraining\nrespiratory\n197442_1\nxCH-computer_accessories\nxCH-computer_memory\nxCH-networking\nxCH-components\nxCH-inputdevices\nxPP-Monitors\nxPP-PC_Desktops\nxCH-hardware\n116044\n20061226\nlogo_eseminars\ncebolla\nlogo_pcmag\n1999-02\npcmagnetwork\n40305\nbreastcancer\ninfocusRel\nkey2\nxCH-software\ncheck_prices\nrev_snapshot\nca-library\npubs1\nbullet_P1\nbullet_B1\nspectral\nlola@venus:~$ while IFS= read -r line; do curl -s http:\/\/127.0.1\/$line ; done &lt; pages.txt 2&gt;\/dev\/null | grep -v &#039;&lt;&#039;\n33EtHoz9a0w2Yqo\n33EtHoz9a0w2Yqo<\/code><\/pre>\n<p>\u4f46\u662f\u65e0\u6cd5\u6b63\u5e38\u8fdb\u884c\u5207\u6362\u7528\u6237\uff0c\u53ef\u80fd\u662f\u5154\u5b50\u6d1e\uff0c\u91cd\u65b0\u6539\u4e86\u4e00\u4e0b\uff1a<\/p>\n<pre><code class=\"language-Bash\">lola@venus:~$ while IFS= read -r line; do curl -s http:\/\/127.0.0.1\/$line.html ; done &lt; pages.txt 2&gt;\/dev\/null | grep -v &#039;\n&lt;&#039;\nVLSNMTKwSV2o8Tn<\/code><\/pre>\n<h1>29 celeste<\/h1>\n<pre><code class=\"language-Bash\">celeste@venus:~$ ls -la\ntotal 32\ndrwxr-x--- 2 root    celeste 4096 Apr  5 06:27 .\ndrwxr-xr-x 1 root    root    4096 Apr  5 06:27 ..\n-rw-r--r-- 1 celeste celeste  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 celeste celeste 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 celeste celeste  807 Apr 23  2023 .profile\n-rw-r----- 1 root    celeste   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root    celeste  179 Apr  5 06:27 mission.txt\nceleste@venus:~$ cat flagz.txt\n8===TrdsvMy99slFZtd4Cy4Q===D~~\nceleste@venus:~$ cat mission.txt\n################\n# MISSION 0x29 #\n################\n\n## EN ##\nThe user celeste has access to mysql but for what?\n\n## ES ##\nLa usuaria celeste tiene acceso al mysql, pero para que?\nceleste@venus:~$ mysql -uceleste -pVLSNMTKwSV2o8Tn\nWelcome to the MariaDB monitor.  Commands end with ; or \\g.\nYour MariaDB connection id is 1341\nServer version: 10.11.6-MariaDB-0+deb12u1 Debian 12\n\nCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.\n\nType &#039;help;&#039; or &#039;\\h&#039; for help. Type &#039;\\c&#039; to clear the current input statement.\n\nMariaDB [(none)]&gt; show databases;\n+--------------------+\n| Database           |\n+--------------------+\n| information_schema |\n| venus              |\n+--------------------+\n2 rows in set (0.002 sec)\n\nMariaDB [(none)]&gt; use venus;\nReading table information for completion of table and column names\nYou can turn off this feature to get a quicker startup with -A\n\nDatabase changed\nMariaDB [venus]&gt; show tables;\n+-----------------+\n| Tables_in_venus |\n+-----------------+\n| people          |\n+-----------------+\n1 row in set (0.001 sec)\n\nMariaDB [venus]&gt; select * from people;\n+-----------+---------------+--------------------------------+\n| id_people | uzer          | pazz                           |\n+-----------+---------------+--------------------------------+\n|         1 | nuna          | ixpfdsvcxeqdW                  |\n|         2 | nona          | ixpvcxvcxeqdW                  |\n|         3 | manue         | ixpfdsfdseqdW                  |\n|         4 | samoa         | ixperrewrweqdW                 |\n|         5 | dsaewq        | ixpefdsfsqdW                   |\n|         6 | fdsfewrew     | ixpedvcxv4qdW                  |\n|         7 | koiuoiudsadas | ixpredsfdeqdW                  |\n|         8 | vcxfdsfew     | ixp342432eqdW                  |\n|         9 | dasd          | ixpeiuyiuyqdW                  |\n|        10 | helen         | uytuytjhgixpeqdW               |\n|        11 | tudou         | ijhgjghxpeqfdfsfddW            |\n|        12 | fdsoiurew     | ixpfdsfsdsvcxvcxeqdW           |\n|        13 | inan          | imbnmnbxpeqdW                  |\n|        14 | zkret         | ixpeqkjhkhjkdW                 |\n|        15 | cjhcx         | i432423xpeqdW                  |\n|        16 | sfdfdsml      | ixpeqdsfsdfdsfW                |\n|        17 | svcxvcxml     | 432423ixpeqdW                  |\n|        18 | xml           | ixpejhgjhgqdW                  |\n|        19 | pdf           | ixperewrewrewqdW               |\n|        20 | txt           | ixpeuytuytqdW                  |\n|        21 | vcxvcx        | ixpefdsfdsfdfdsqdW             |\n|        22 | dsadsa        | ixpeqdjhkjhW                   |\n|        23 | lel           | ixpvcxvcxvcxeqdW               |\n|        24 | lul           | ixpeqdmnbmnbmnbmW              |\n|        25 | dog           | ixperewrewrewqdW               |\n|        26 | cat           | ixvcxvdsfsdvpeqdW              |\n|        27 | pet           | ixiufohsyuoirewpeqdW           |\n|        28 | pzzz          | ixvcxvcxvpeqdW                 |\n|        29 | ls            | ixpehgfdhdhqdW                 |\n|        30 | vi            | ixpetrvvrqdW                   |\n|        31 | tmux          | iuovcxoiujvcxixpeqdW           |\n|        32 | screen        | ixpeqrewregfdgdW               |\n|        33 | yes           | ixpebvcgdfgqdW                 |\n|        34 | nop           | ixpefdsqdW                     |\n|        35 | haha          | 8===xKmPDsJSKpHLzkqKXyjx===D~~ |\n|        36 | love          | ixpegfdgqdW                    |\n|        37 | dsadsa        | fdsvcxvcxixpeqdW               |\n|        38 | d4t4          | erwerewreixpeqdW               |\n|        39 | nna           | gdfgdixpeqdW                   |\n|        40 | nin           | aaafdixpeqdW                   |\n|        41 | tre           | fdsafixpeqdW                   |\n|        42 | tfas          | igfdgfdgxpeqdW                 |\n|        43 | zcxc          | ixfdgdfgpeqdW                  |\n|        44 | yuio          | ixpgbvcbvcbeqdW                |\n|        45 | jhgyurtrt     | treterterixpeqdW               |\n|        46 | lodsa         | itreterxpeqdW                  |\n|        47 | zarah         | ixpvcbvcbeqdW                  |\n|        48 | zkkad         | ixpedfgvbcxbvcqdW              |\n|        49 | bvher         | vcxvcxgfdgfdixpeqdW            |\n|        50 | dsadsa        | ixpeqergdfwer32dW              |\n|        51 | ch4rm         | ixpeewf23qdW                   |\n|        52 | Aza           | ixpjhgjgheqdW                  |\n|        53 | avij          | ixpegfdgdfgqdW                 |\n|        54 | crom          | ixpefdbvvcbrqdW                |\n|        55 | bubu          | ixpetretretqdW                 |\n|        56 | bebe          | ixpeghfgfdqdW                  |\n|        57 | baba          | ixpeffesfqdW                   |\n|        58 | bael          | ixpesdvsdvsdqdW                |\n|        59 | vaze          | ixpe23r23rf23qdW               |\n|        60 | upper         | ixpe43r43rqdW                  |\n|        61 | loz           | ixpeqddfsdW                    |\n|        62 | mind          | ixpfsdfsdfsdeqdW               |\n|        63 | mymy          | ixpevcxvqdW                    |\n|        64 | ina           | ixpee23e32rqdW                 |\n|        65 | ein           | ixpejytjytjhgjqdW              |\n|        66 | n1n4          | ixpehgjghjhghgqdW              |\n|        67 | where         | ixljkgjgpeqdW                  |\n|        68 | you           | ixpeqdhggjhgjW                 |\n|        69 | are           | ixVCXVCXVCXVCXdW               |\n|        70 | what          | ixpeqhgjggdW                   |\n|        71 | dsaqqqqqq     | ixpeqVCXVCXdW                  |\n|        72 | h0j3n         | ixpemnbmbnmghqdW               |\n|        73 | nana          | ixpeqVSDFWCdW                  |\n|        74 | nina          | ixpeqdWuvC5N9kG                |\n|        75 | nunu          | ixpeSFDSFDSVCXqdW              |\n|        76 | fdse          | ixpeDFSWEF2qdW                 |\n|        77 | dsar          | ixpeF43F3F34qdW                |\n|        78 | yop           | ixpeqdWCSDFDSFD                |\n|        79 | loco          | ixpeF43F34F3qdW                |\n|        80 | zaza          | ixpeYUTHNYGTHYTqdW             |\n|        81 | jhon          | ixpeFDSJYTUJTYqdW              |\n|        82 | tell          | ixpeHYTTqdW                    |\n|        83 | ma            | uyixptje4FSFWEFqdW             |\n|        84 | mum           | jghixpeqdW                     |\n|        85 | nanaa         | 432432ixpeqdW                  |\n|        86 | nnnniinn      | irewxpeqdW                     |\n|        87 | iourewoiure   | rewixpeqdW                     |\n|        88 | lkjfdsoiu     | dsaixpeqdW                     |\n|        89 | vcxnoj        | dasdasixpeqdW                  |\n|        90 | ioyuwer       | ixpeqdvcxvcxW                  |\n|        91 | kaka          | ixpeqdW                        |\n|        92 | nini          | ixpeqdvcxW                     |\n|        93 | zong          | ixpeqdWfdsfsdf                 |\n|        94 | nana          | ixpefdsafdsqdW                 |\n|        95 | ninna         | ixpeqOPUIFDSFDSdW              |\n+-----------+---------------+--------------------------------+\n95 rows in set (0.001 sec)<\/code><\/pre>\n<p>\u627e\u5230\u4e00\u4e2aflag\uff0c\u540d\u4e3a<code>haha<\/code>\u7684flag =&gt; <code>8===xKmPDsJSKpHLzkqKXyjx===D~~<\/code><br \/>\n\u5176\u4ed6\u957f\u5ea6\u4e0d\u4e00\uff0c\u7b5b\u9009\u51fa\u957f\u5ea6\u572815\u4e2a\u5b57\u7b26\u7684\u5bc6\u7801\uff0c\u8fd9\u662f\u5927\u591a\u6570\u7528\u6237\u7684\u5bc6\u7801\uff1a<\/p>\n<pre><code class=\"language-Bash\">MariaDB [venus]&gt; select * from people where length(pazz) = 15;\n+-----------+----------+-----------------+\n| id_people | uzer     | pazz            |\n+-----------+----------+-----------------+\n|        16 | sfdfdsml | ixpeqdsfsdfdsfW |\n|        44 | yuio     | ixpgbvcbvcbeqdW |\n|        54 | crom     | ixpefdbvvcbrqdW |\n|        58 | bael     | ixpesdvsdvsdqdW |\n|        74 | nina     | ixpeqdWuvC5N9kG |\n|        77 | dsar     | ixpeF43F3F34qdW |\n|        78 | yop      | ixpeqdWCSDFDSFD |\n|        79 | loco     | ixpeF43F34F3qdW |\n+-----------+----------+-----------------+\n8 rows in set (0.005 sec)<\/code><\/pre>\n<p>\u5c1d\u8bd5\u8fdb\u884c\u7206\u7834\uff1a<\/p>\n<pre><code class=\"language-Username\">sfdfdsml\nyuio\ncrom\nbael\nnina\ndsar\nyop\nloco<\/code><\/pre>\n<pre><code class=\"language-Password\">ixpeqdsfsdfdsfW\nixpgbvcbvcbeqdW\nixpefdbvvcbrqdW\nixpesdvsdvsdqdW\nixpeqdWuvC5N9kG\nixpeF43F3F34qdW\nixpeqdWCSDFDSFD\nixpeF43F34F3qdW<\/code><\/pre>\n<p>\u4f46\u662f\u6ca1\u6709\u7206\u7834\u51fa\u6765\uff0c\u4e0d\u77e5\u9053\u4e3a\u5565\uff0c\u5c1d\u8bd5\u770b\u4e00\u4e0b\u662f\u5426\u5b58\u5728\u7528\u6237\uff0c\u53d1\u73b0nina\u662f\u5b58\u5728\u7684\uff0c\u5c1d\u8bd5\u767b\u5f55\uff0c\u6210\u529f\uff01<\/p>\n<h1>30 nina<\/h1>\n<pre><code class=\"language-Bash\">celeste@venus:~$ su -l nina\nPassword:\nnina@venus:~$ ls -la\ntotal 32\ndrwxr-x--- 2 root nina 4096 Apr  5 06:27 .\ndrwxr-xr-x 1 root root 4096 Apr  5 06:27 ..\n-rw-r--r-- 1 nina nina  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 nina nina 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 nina nina  807 Apr 23  2023 .profile\n-rw-r----- 1 root nina   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root nina  197 Apr  5 06:27 mission.txt\nnina@venus:~$ cat flagz.txt\n8===VwICIymoA1DczWJau1sG===D~~\nnina@venus:~$ cat mission.txt\n################\n# MISSION 0x30 #\n################\n\n## EN ##\nThe user kira is hidding something in http:\/\/localhost\/method.php\n\n## ES ##\nLa usuaria kira esconde algo en http:\/\/localhost\/method.php\nnina@venus:~$ curl -i -s http:\/\/localhost\/method.php\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:26:32 GMT\nContent-Type: text\/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\n\nI dont like this method!\nnina@venus:~$ curl -s -i -X POST http:\/\/localhost\/method.php\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:27:14 GMT\nContent-Type: text\/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\n\nI dont like this method!\nnina@venus:~$ curl -s -i -X HEAD http:\/\/localhost\/method.php\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:28:42 GMT\nContent-Type: text\/html; charset=UTF-8\nConnection: keep-alive\n\n^C\nnina@venus:~$ curl -s -i -X PUT http:\/\/localhost\/method.php\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:29:00 GMT\nContent-Type: text\/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\n\ntPlqxSKuT4eP3yr<\/code><\/pre>\n<p>\u66f4\u8fdb\u4e00\u6b65\u7684\u5c1d\u8bd5\uff1a<\/p>\n<pre><code class=\"language-Bash\">nina@venus:~$ curl -s -i -X DELETE http:\/\/localhost\/method.php\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:30:03 GMT\nContent-Type: text\/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\n\nI dont like this method!\nnina@venus:~$ curl -s -i -X CONNECT http:\/\/localhost\/method.php\nHTTP\/1.1 405 Not Allowed\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:30:15 GMT\nContent-Type: text\/html\nContent-Length: 157\nConnection: close\n\n&lt;html&gt;\n&lt;head&gt;&lt;title&gt;405 Not Allowed&lt;\/title&gt;&lt;\/head&gt;\n&lt;body&gt;\n&lt;center&gt;&lt;h1&gt;405 Not Allowed&lt;\/h1&gt;&lt;\/center&gt;\n&lt;hr&gt;&lt;center&gt;nginx\/1.22.1&lt;\/center&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;\nnina@venus:~$ curl -s -i -X OPTIONS http:\/\/localhost\/method.php\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:30:31 GMT\nContent-Type: text\/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\n\nI dont like this method!\nnina@venus:~$ curl -s -i -X TRACE http:\/\/localhost\/method.php\nHTTP\/1.1 405 Not Allowed\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:30:44 GMT\nContent-Type: text\/html\nContent-Length: 157\nConnection: close\n\n&lt;html&gt;\n&lt;head&gt;&lt;title&gt;405 Not Allowed&lt;\/title&gt;&lt;\/head&gt;\n&lt;body&gt;\n&lt;center&gt;&lt;h1&gt;405 Not Allowed&lt;\/h1&gt;&lt;\/center&gt;\n&lt;hr&gt;&lt;center&gt;nginx\/1.22.1&lt;\/center&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;\nnina@venus:~$ curl -s -i -X PATCH http:\/\/localhost\/method.php\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:31:01 GMT\nContent-Type: text\/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\n\n8===tPGClekAvQKSYthnLiwz===D~~I dont like this method!<\/code><\/pre>\n<p>\u54c8\u54c8\uff0cnice\uff01\uff01\uff01\uff01\u5feb\u5938\u6211\uff01\uff01\uff01<\/p>\n<h1>31 kira<\/h1>\n<pre><code class=\"language-Bash\">nina@venus:~$ su -l kira\nPassword:\nkira@venus:~$ ls -la\ntotal 32\ndrwxr-x--- 2 root kira 4096 Apr  5 06:27 .\ndrwxr-xr-x 1 root root 4096 Apr  5 06:27 ..\n-rw-r--r-- 1 kira kira  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 kira kira 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 kira kira  807 Apr 23  2023 .profile\n-rw-r----- 1 root kira   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root kira  191 Apr  5 06:27 mission.txt\nkira@venus:~$ cat flagz.txt\n8===rJun2WyeuGIvabWQvJko===D~~\nkira@venus:~$ cat mission.txt\n################\n# MISSION 31 #\n################\n\n## EN ##\nThe user veronica visits a lot http:\/\/localhost\/waiting.php\n\n## ES ##\nLa usuaria veronica visita mucho http:\/\/localhost\/waiting.php\nkira@venus:~$ curl -s -i http:\/\/localhost\/waiting.php\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:41:23 GMT\nContent-Type: text\/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\n\nIm waiting for the user-agent PARADISE.\nkira@venus:~$ curl -s -i http:\/\/localhost\/waiting.php -A &quot;PARADISE&quot;\nHTTP\/1.1 200 OK\nServer: nginx\/1.22.1\nDate: Sun, 30 Jun 2024 18:41:46 GMT\nContent-Type: text\/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\n\nQTOel6BodTx2cwX<\/code><\/pre>\n<h1>32 veronica<\/h1>\n<pre><code class=\"language-Bash\">kira@venus:~$ su -l veronica\nPassword:\nveronica@venus:~$ ls -la\ntotal 32\ndrwxr-x--- 2 root     veronica 4096 Apr  5 06:27 .\ndrwxr-xr-x 1 root     root     4096 Apr  5 06:27 ..\n-rw-r--r-- 1 veronica veronica  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 veronica veronica 3559 Apr  5 06:28 .bashrc\n-rw-r--r-- 1 veronica veronica  807 Apr 23  2023 .profile\n-rw-r----- 1 root     veronica   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root     veronica  228 Apr  5 06:27 mission.txt\nveronica@venus:~$ cat flagz.txt\n8===iSSeKzoDXsKy8WPuqNPg===D~~\nveronica@venus:~$ cat mission.txt\n################\n# MISSION 0x32 #\n################\n\n## EN ##\nThe user veronica uses a lot the password from lana, so she created an alias.\n\n## ES ##\nLa usuaria veronica usa mucho la password de lana, asi que ha creado un alias.\nveronica@venus:~$ alias\nalias lanapass=&#039;UWbc0zNEVVops1v&#039;\nalias ls=&#039;ls --color=auto&#039;<\/code><\/pre>\n<h1>33 lana<\/h1>\n<pre><code class=\"language-Bash\">veronica@venus:~$ su -l lana\nPassword:\nlana@venus:~$ ls -la\ntotal 44\ndrwxr-x--- 2 root lana  4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root root  4096 Apr  5 06:27 ..\n-rw-r--r-- 1 lana lana   220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 lana lana  3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 lana lana   807 Apr 23  2023 .profile\n-rw-r----- 1 root lana    31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root lana   161 Apr  5 06:27 mission.txt\n-rw-r----- 1 root lana 10240 Apr  5 06:28 zip.gz\nlana@venus:~$ cat flagz.txt\n8===um3Hno2AsjFjuLWsfmDj===D~~\nlana@venus:~$ cat mission.txt\n################\n# MISSION 0x33 #\n################\n\n## EN ##\nThe user noa loves to compress her things.\n\n## ES ##\nA la usuaria noa le gusta comprimir sus cosas.\nlana@venus:~$ gunzip -h\nUsage: gzip [OPTION]... [FILE]...\nCompress or uncompress FILEs (by default, compress FILES in-place).\n\nMandatory arguments to long options are mandatory for short options too.\n\n  -c, --stdout      write on standard output, keep original files unchanged\n  -d, --decompress  decompress\n  -f, --force       force overwrite of output file and compress links\n  -h, --help        give this help\n  -k, --keep        keep (don&#039;t delete) input files\n  -l, --list        list compressed file contents\n  -L, --license     display software license\n  -n, --no-name     do not save or restore the original name and timestamp\n  -N, --name        save or restore the original name and timestamp\n  -q, --quiet       suppress all warnings\n  -r, --recursive   operate recursively on directories\n      --rsyncable   make rsync-friendly archive\n  -S, --suffix=SUF  use suffix SUF on compressed files\n      --synchronous synchronous output (safer if system crashes, but slower)\n  -t, --test        test compressed file integrity\n  -v, --verbose     verbose mode\n  -V, --version     display version number\n  -1, --fast        compress faster\n  -9, --best        compress better\n\nWith no FILE, or when FILE is -, read standard input.\n\nReport bugs to &lt;bug-gzip@gnu.org&gt;.\nlana@venus:~$ gunzip -d zip.gz\n\ngzip: zip.gz: not in gzip format\nlana@venus:~$ file zip.gz\nzip.gz: POSIX tar archive (GNU)\nlana@venus:~$ cat zip.gz\npwned\/lana\/zip0000644000000000000000000000002014603715036012326 0ustar  rootroot9WWOPoeJrq6ncvJ<\/code><\/pre>\n<h1>34 noa<\/h1>\n<pre><code class=\"language-Bash\">lana@venus:~$ su -l noa\nPassword:\nnoa@venus:~$ ls -la\ntotal 36\ndrwxr-x--- 2 root noa  4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root root 4096 Apr  5 06:27 ..\n-rw-r--r-- 1 noa  noa   220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 noa  noa  3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 noa  noa   807 Apr 23  2023 .profile\n-rw-r----- 1 root noa    31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root noa   159 Apr  5 06:27 mission.txt\n-rw-r----- 1 root noa  3818 Apr  5 06:28 trash\nnoa@venus:~$ cat flagz.txt\n8===HUNGevKdeKwcCvJru1CC===D~~\nnoa@venus:~$ cat mission.txt\n################\n# MISSION 0x34 #\n################\n\n## EN ##\nThe password of maia is surrounded by trash\n\n## ES ##\nLa password de maia esta rodeada de basura\nvenus:~$ file trash\ntrash: data\nnoa@venus:~$ strings trash\nb;pK\n*&amp;dv\n |.-\nwsG9\nD55-\n\\|gu\n1q#^\nYV!)}\nf}nP\nT735\n5GOj&#039;\ng3-5v)S~hK\n{Xu7\nO;rTl,\n]Bokc\n04`0\nX:Uf\n;Vtr3\n`vr)\nk`      I\n&lt;(;pQ\n@$LiJ\nu7TI\n*Q{r%\n;%gzDB\nb%\/*\n3g?d\n=I+&quot;\nxfFN\n\\nh1hnDPHpydEjoEN\n!       2L~8\nJmN8\n@%`j\n,       ^,\ne&amp;xvN2\n_cKn\n.c|0\n)|hd&amp;\nhl(p\nfEr:\nOdBb\n?OsP\ndnN9\nJ7e(\nJL6(\nwI;%vz\napPD\na5qi\n|otr\n4TTm\ntoyi\n*f|F\n.%J`t\nnoa@venus:~$ strings trash | grep -E &#039;^.{15,}$&#039;\n\\nh1hnDPHpydEjoEN<\/code><\/pre>\n<ul>\n<li><code>-E<\/code>   \u6b63\u5219<\/li>\n<li><code>^<\/code>    \u884c\u7684\u5f00\u59cb<\/li>\n<li><code>.<\/code>    \u8868\u793a\u4efb\u610f\u5b57\u7b26<\/li>\n<li>{15,}  \u6570\u91cf\u4e0b\u9650\u4e3a15<\/li>\n<li><code>$<\/code>    \u884c\u5c3e<\/li>\n<\/ul>\n<h1>35 maia<\/h1>\n<pre><code class=\"language-Bash\">noa@venus:~$ su -l maia\nPassword:\nmaia@venus:~$ ls -la\ntotal 36\ndrwxr-x--- 2 root maia 4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root root 4096 Apr  5 06:27 ..\n-rw-r--r-- 1 maia maia  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 maia maia 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 maia maia  807 Apr 23  2023 .profile\n-rw-r----- 1 root maia   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root maia   16 Apr  5 06:28 forget\n-rw-r----- 1 root maia  317 Apr  5 06:27 mission.txt\nmaia@venus:~$ cat flagz.txt\n8===nu8IDScKFAXVcnFutKtG===D~~\nmaia@venus:~$ cat mission.txt\n################\n# MISSION 0x35 #\n################\n\n## EN ##\nThe user gloria has forgotten the last 2 characters of her password ... They only remember that they were 2 lowercase letters.\n\n## ES ##\nLa usuaria gloria ha olvidado los 2 ultimos caracteres de su password... Solo recuerdan que eran 2 letras minusculas.\nmaia@venus:~$ cat forget\nv7xUVE2e5bjUc??\n\nhgbe02@pwn:~\/temp$ for a in {a..z}; do for b in {a..z}; do echo &quot;v7xUVE2e5bjUc$a$b&quot; &gt;&gt; pass; done; done\nhgbe02@pwn:~\/temp$ head -n 20 pass\nv7xUVE2e5bjUcaa\nv7xUVE2e5bjUcab\nv7xUVE2e5bjUcac\nv7xUVE2e5bjUcad\nv7xUVE2e5bjUcae\nv7xUVE2e5bjUcaf\nv7xUVE2e5bjUcag\nv7xUVE2e5bjUcah\nv7xUVE2e5bjUcai\nv7xUVE2e5bjUcaj\nv7xUVE2e5bjUcak\nv7xUVE2e5bjUcal\nv7xUVE2e5bjUcam\nv7xUVE2e5bjUcan\nv7xUVE2e5bjUcao\nv7xUVE2e5bjUcap\nv7xUVE2e5bjUcaq\nv7xUVE2e5bjUcar\nv7xUVE2e5bjUcas\nv7xUVE2e5bjUcat\nhgbe02@pwn:~\/temp$ hydra -l gloria -P pass ssh:\/\/venus.hackmyvm.eu:5000\nHydra v9.2 (c) 2021 by van Hauser\/THC &amp; David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\nHydra (https:\/\/github.com\/vanhauser-thc\/thc-hydra) starting at 2024-07-01 03:14:16\n[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n[DATA] max 16 tasks per 1 server, overall 16 tasks, 676 login tries (l:1\/p:676), ~43 tries per task\n[DATA] attacking ssh:\/\/venus.hackmyvm.eu:5000\/\n[STATUS] 98.00 tries\/min, 98 tries in 00:01h, 579 to do in 00:06h, 16 active\n[STATUS] 103.33 tries\/min, 310 tries in 00:03h, 367 to do in 00:04h, 16 active\n[5000][ssh] host: venus.hackmyvm.eu   login: gloria   password: v7xUVE2e5bjUcxw\n[STATUS] 96.57 tries\/min, 676 tries in 00:07h, 1 to do in 00:01h, 2 active\n1 of 1 target successfully completed, 1 valid password found\nHydra (https:\/\/github.com\/vanhauser-thc\/thc-hydra) finished at 2024-07-01 03:21:19<\/code><\/pre>\n<h1>36 gloria<\/h1>\n<pre><code class=\"language-Bash\">maia@venus:~$ su -l gloria\nPassword:\ngloria@venus:~$ ls -la\ntotal 36\ndrwxr-x--- 2 root   gloria 4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root   root   4096 Apr  5 06:27 ..\n-rw-r--r-- 1 gloria gloria  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 gloria gloria 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 gloria gloria  807 Apr 23  2023 .profile\n-rw-r----- 1 root   gloria   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root   gloria 1713 Apr  5 06:28 image\n-rw-r----- 1 root   gloria  222 Apr  5 06:27 mission.txt\ngloria@venus:~$ cat flagz.txt\n8===RZIkEtaEp18tLslTopJj===D~~\ngloria@venus:~$ cat mission.txt\n################\n# MISSION 0x36 #\n################\n\n## EN ##\nUser alora likes drawings, that&#039;s why she saved her password as ...\n\n## ES ##\nA la usuaria alora le gustan los dibujos, por eso ha guardado su password como...\ngloria@venus:~$ file image\nimage: ASCII text\ngloria@venus:~$ cat image\n\n##########################################################\n##########################################################\n##########################################################\n##########################################################\n########              ##########  ##              ########\n########  ##########  ##    ##  ####  ##########  ########\n########  ##      ##  ##  ##  ######  ##      ##  ########\n########  ##      ##  ####  ########  ##      ##  ########\n########  ##      ##  ##        ####  ##      ##  ########\n########  ##########  ##        ####  ##########  ########\n########              ##  ##  ##  ##              ########\n########################  ####  ##########################\n########    ##  ####    ####  ##  ##      ##    ##########\n############    ######  ##    ##      ##          ########\n########    ##    ##  ##  ##            ####  ##  ########\n##############      ##  ##    ######  ##    ####  ########\n############    ##      ##  ########    ##  ##  ##########\n########################    ####    ##  ##  ####  ########\n########              ##    ####            ##  ##########\n########  ##########  ######  ##########  ####  ##########\n########  ##      ##  ####  ##      ######        ########\n########  ##      ##  ##    ##  ######  ##  ####  ########\n########  ##      ##  ####          ##    ##  ##  ########\n########  ##########  ##      ####  ##  ##################\n########              ##  ##                    ##########\n##########################################################\n##########################################################\n##########################################################\n##########################################################<\/code><\/pre>\n<p>\u62ff\u5fae\u4fe1\u626b\u4e00\u4e0b\u5f97\u5230\u5bc6\u7801\uff1a<code>mhrTFCoxGoqUxtw<\/code><\/p>\n<h1>37 alora<\/h1>\n<pre><code class=\"language-Bash\">gloria@venus:~$ su -l alora\nPassword:\nalora@venus:~$ ls -la\ntotal 384\ndrwxr-x--- 2 root  alora   4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root  root    4096 Apr  5 06:27 ..\n-rw-r--r-- 1 alora alora    220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 alora alora   3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 alora alora    807 Apr 23  2023 .profile\n-rw-r----- 1 root  alora     31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root  alora    176 Apr  5 06:27 mission.txt\n-rw-r----- 1 root  alora 360448 Apr  5 06:28 music.iso\nalora@venus:~$ cat flagz.txt\n8===NSe78N2lM7IbvHzvrC0G===D~~\nalora@venus:~$ cat mission.txt\n################\n# MISSION 0x37 #\n################\n\n## EN ##\nThe user julie has created an iso with her password.\n\n## ES ##\nLa usuaria julie ha creado una iso con su password.\nalora@venus:~$ file music.iso\nmusic.iso: ISO 9660 CD-ROM filesystem data &#039;CDROM&#039;\nalora@venus:~$ strings music.iso\nCD001\nLINUX                           CDROM\n\n                        GENISOIMAGE ISO 9660\/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON\/J.SCHILLING (C) 2006-2007 CDRKIT TEAM\n                       2024040506284600\n2024040506284600\n0000000000000000\n2024040506284600\n\nCD001\nMUSIC.ZIP;1RR\nmusic.zipPX$\nRRIP_1991ATHE ROCK RIDGE INTERCHANGE PROTOCOL PROVIDES SUPPORT FOR POSIX FILE SYSTEM SEMANTICSPLEASE CONTACT DISC PUBLISHER FOR SPECIFICATION SOURCE.  SEE PUBLISHER IDENTIFIER IN PRIMARY VOLUME DESCRIPTOR FOR CONTACT INFORMATION.\npwned\/alora\/music.txtUT\nsjDf4i2MSNgSvOv\npwned\/alora\/music.txtUT<\/code><\/pre>\n<p>\u5f97\u5230\u5bc6\u7801\uff0c\u5c1d\u8bd5\u5e38\u89c4\u505a\u6cd5\u6302\u8f7d\u8bd5\u8bd5\uff1a<\/p>\n<pre><code class=\"language-Bash\">alora@venus:~$ mkdir \/tmp\/temp_music\nalora@venus:~$ mount -o loop music.iso \/tmp\/temp_music\nmount: \/tmp\/temp_music: mount failed: Operation not permitted.\nalora@venus:~$ sudo mount -o loop music.iso \/tmp\/temp_music\n[sudo] password for alora:\nalora is not in the sudoers file.\nThis incident has been reported to the administrator.\n\n# \u4f20\u5230\u672c\u5730\u673a\u5668\u4e2d\nhgbe02@pwn:~\/temp$ mkdir \/tmp\/music\nhgbe02@pwn:~\/temp$ sudo mount -o loop music.iso \/tmp\/music\n[sudo] password for hgbe02:\nmount: \/tmp\/music: WARNING: source write-protected, mounted read-only.\nhgbe02@pwn:~\/temp$ unzip \/tmp\/music\/music.zip -d tmp\nArchive:  \/tmp\/music\/music.zip\n extracting: tmp\/pwned\/alora\/music.txt\nhgbe02@pwn:~\/temp$ cat \/tmp\/pwned\/a;ora\/music.txt\ncat: \/tmp\/pwned\/a: No such file or directory\n-bash: ora\/music.txt: No such file or directory\nhgbe02@pwn:~\/temp$ cat tmp\/pwned\/alora\/music.txt\nsjDf4i2MSNgSvOv\nhgbe02@pwn:~\/temp$ sudo umount \/tmp\/music<\/code><\/pre>\n<p>\u8fd9\u91cc\u4e0b\u8f7d\u5230\u672c\u5730\uff0c\u6211\u662f\u7528\u7684termius\uff0c\u7136\u540e<code>SFTP<\/code>\u4f20\u8fc7\u6765\u7684\u3002<\/p>\n<h1>38 julie<\/h1>\n<pre><code class=\"language-Bash\">alora@venus:~$ su -l julie\nPassword:\njulie@venus:~$ ls -la\ntotal 48\ndrwxr-x--- 2 root  julie 4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root  root  4096 Apr  5 06:27 ..\n-rw-r--r-- 1 julie julie  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 julie julie 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 julie julie  807 Apr 23  2023 .profile\n-rw-r----- 1 root  julie 4802 Apr  5 06:28 1.txt\n-rw-r----- 1 root  julie 4802 Apr  5 06:28 2.txt\n-rw-r----- 1 root  julie   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root  julie  192 Apr  5 06:27 mission.txt\njulie@venus:~$ cat flagz.txt\n8===Iwe1QpxTcx0A8Uusqjfe===D~~\njulie@venus:~$ cat mission.txt\n################\n# MISSION 0x38 #\n################\n\n## EN ##\nThe user irene believes that the beauty is in the difference.\n\n## ES ##\nLa usuaria irene cree que en la diferencia esta lo bonito.\njulie@venus:~$ diff 1.txt 2.txt\n174c174\n&lt; 8VeRLEFkBpe2DSD\n---\n> aNHRdohjOiNizlU<\/code><\/pre>\n<p>\u4fe9\u90fd\u6709\u53ef\u80fd\uff0c\u5c1d\u8bd5\u4e00\u4e0b\u662f\u5426\u53ef\u4ee5\u8fdb\u884c\u5207\u6362\u3002<\/p>\n<h1>39 irene<\/h1>\n<pre><code class=\"language-Bash\">julie@venus:~$ su -l irene\nPassword:\nirene@venus:~$ ls -la\ntotal 44\ndrwxr-x--- 2 root  irene 4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root  root  4096 Apr  5 06:27 ..\n-rw-r--r-- 1 irene irene  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 irene irene 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 irene irene  807 Apr 23  2023 .profile\n-rw-r----- 1 root  irene   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root  irene 1704 Apr  5 06:28 id_rsa.pem\n-rw-r----- 1 root  irene  451 Apr  5 06:28 id_rsa.pub\n-rw-r----- 1 root  irene  178 Apr  5 06:27 mission.txt\n-rw-r----- 1 root  irene  256 Apr  5 06:28 pass.enc\nirene@venus:~$ cat flagz.txt\n8===c9hgLkLGzsNw7mB3VEr4===D~~\nirene@venus:~$ cat mission.txt\n################\n# MISSION 0x39 #\n################\n\n## EN ##\nThe user adela has lent her password to irene.\n\n## ES ##\nLa usuaria adela le ha dejado prestada su password a irene.\n\nirene@venus:~$ openssl pkeyutl -decrypt -inkey id_rsa.pem -in pass.enc\nnbhlQyKuaXGojHx<\/code><\/pre>\n<h1>40 adela<\/h1>\n<pre><code class=\"language-Bash\">irene@venus:~$ su -l adela\nPassword:\nadela@venus:~$ ls -la\ntotal 36\ndrwxr-x--- 2 root  adela 4096 Apr  5 06:28 .\ndrwxr-xr-x 1 root  root  4096 Apr  5 06:27 ..\n-rw-r--r-- 1 adela adela  220 Apr 23  2023 .bash_logout\n-rw-r--r-- 1 adela adela 3526 Apr 23  2023 .bashrc\n-rw-r--r-- 1 adela adela  807 Apr 23  2023 .profile\n-rw-r----- 1 root  adela   31 Apr  5 06:27 flagz.txt\n-rw-r----- 1 root  adela  213 Apr  5 06:27 mission.txt\n-rw-r----- 1 root  adela   44 Apr  5 06:28 wtf\nadela@venus:~$ cat flagz.txt\n8===86XGXQefUeV2eEdrUzxx===D~~\nadela@venus:~$ cat mission.txt\n################\n# MISSION 0x40 #\n################\n\n## EN ##\nUser sky has saved her password to something that can be listened to.\n\n## ES ##\nLa usuaria sky ha guardado su password en algo que puede ser escuchado.\nadela@venus:~$ cat wtf\n.--. .- .--. .- .--. .- .-. .- -.. .. ... .<\/code><\/pre>\n<p>\u4f7f\u7528<code>cyberchef<\/code>\u8fdb\u884c\u89e3\u5bc6\uff0c\u662f\u83ab\u65af\u5bc6\u7801\uff1a<code>PAPAPARADISE<\/code>\uff0c\u5c0f\u5199\u5373\u4e3a<code>papaparadise<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>21 iris iris@venus:~$ ls -la total 60 drwxr-x&#8212; 3 root [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,18],"tags":[],"class_list":["post-706","post","type-post","status-publish","format-standard","hentry","category-ctf-and-protest","category-web"],"_links":{"self":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/comments?post=706"}],"version-history":[{"count":1,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/706\/revisions"}],"predecessor-version":[{"id":707,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/706\/revisions\/707"}],"wp:attachment":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/media?parent=706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/categories?post=706"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/tags?post=706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}