$ cat config.json
{
"token": "Replace me with token when in use! Security Risk!",
"prefix": "~",
"lightNum": "1337",
"username": "UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ==",
"host": "127.0.0.1"
}
$ echo UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ== |base64 -d
Red Herring, read the JS carefully
$ cat bot.js
//Discord.JS
const Discord = require("discord.js");
const client = new Discord.Client();
const fs = require("fs");
var config = JSON.parse(fs.readFileSync("./config.json"));
//Node-Hue-API
var hue = require("node-hue-api"),
HueApi = hue.HueApi,
lightState = hue.lightState;
//Display command results in console
var displayResult = function(result) {
console.log(JSON.stringify(result, null, 2));
};
//Function taken from campushippo.com
var rgbToHex = function (rgb) {
var hex = Number(rgb).toString(16);
if (hex.length < 2) {
hex = "0" + hex;
}
return hex;
};
//Function taken from campushippo.com
var fullColorHex = function(r,g,b) {
var header = "0x"
var red = rgbToHex(r);
var green = rgbToHex(g);
var blue = rgbToHex(b);
return header+red+green+blue;
};
//Declarations
var host = config.host,
username = config.username,
api = new HueApi(host, username),
state = lightState.create(),
prefix = config.prefix,
lightNum = config.lightNum;
//Bot code
client.on("ready", () => {
console.log(Logged in as ${client.user.tag}!);
});
client.on("message", message => {
if (message.author.bot) return; //Ignore bot messages
if (message.content.indexOf(prefix) !== 0) return; //Ensure prefix is at the beginning
const args = message.content.slice(prefix.length).trim().split(/ +/g); //Split command into arguments
const command = args.shift().toLowerCase();
switch (command) {
case "light.off" : //Turn light off
api.setLightState(lightNum, state.off())
.then(displayResult)
.done();
message.channel.send("Light Off!");
break;
case "light.on" : //Turn light on
api.setLightState(lightNum, state.on())
.then(displayResult)
.done();
message.channel.send("Light On!");
break;
case "light.rgb" : //Change light colour
let r = args[0];
let g = args[1];
let b = args[2];
api.setLightState(lightNum, state.on().rgb(r, g, b))
.then(displayResult)
.done();
const embed = new Discord.RichEmbed()
.setTitle('Light Colour Change')
.setColor(fullColorHex(r, g, b))
.setDescription(`Red Value: ${r}. Green Value: ${g}. Blue Value: ${b}`);
message.channel.send(embed);
break;
case "light.switch" : //Switch to different light
let num = args[0];
lightNum = num;
//fs.writeFile("./config.json", JSON.stringify(config))
message.channel.send(`Light Number switched to ${lightNum}`);
}
});
client.login(Buffer.from(config.token, 'base64').toString('ascii')) //Login with secret token
$ sudo apt install nodejs
$ sudo apt install npm
kali@kali:~/0.htb/challenges/Forensics/Illumination/Illumination.JS$ node bot.js
internal/modules/cjs/loader.js:818
throw err;
^
Error: Cannot find module 'discord.js'
Require stack:
/home/kali/0.htb/challenges/Forensics/Illumination/Illumination.JS/bot.js
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15)
at Function.Module._load (internal/modules/cjs/loader.js:667:27)
at Module.require (internal/modules/cjs/loader.js:887:19)
at require (internal/modules/cjs/helpers.js:74:18)
at Object. (/home/kali/0.htb/challenges/Forensics/Illumination/Illumination.JS/bot.js:2:17)
at Module._compile (internal/modules/cjs/loader.js:999:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
at Module.load (internal/modules/cjs/loader.js:863:32)
at Function.Module._load (internal/modules/cjs/loader.js:708:14)
at Function.executeUserEntryPoint as runMain {
code: 'MODULE_NOT_FOUND',
requireStack: [
'/home/kali/0.htb/challenges/Forensics/Illumination/Illumination.JS/bot.js'
]
}
found .git folder
kali@kali:~/0.htb/challenges/Forensics/Illumination/Illumination.JS$ ls -la
total 20
drwx------ 3 kali kali 4096 May 30 2019 .
drwxr-xr-x 3 kali kali 4096 Feb 12 11:50 ..
-rw-r--r-- 1 kali kali 2635 May 30 2019 bot.js
-rw-r--r-- 1 kali kali 199 May 30 2019 config.json
drwx------ 7 kali kali 4096 May 30 2019 .git
tried some git commands git status, git show, git log etc and found this b64 code.
$ git status
On branch master
Changes not staged for commit:
(use "git add …" to update what will be committed)
(use "git restore …" to discard changes in working directory)
modified: bot.js
modified: config.json
no changes added to commit (use "git add" and/or "git commit -a")
$ git show
commit edc5aabf933f6bb161ceca6cf7d0d2160ce333ec (HEAD -> master)
Author: SherlockSec dan@lights.htb
Date: Fri May 31 14:16:43 2019 +0100
Added some whitespace for readability!
diff --git a/bot.js b/bot.js
index e582ba9..f04294b 100644
--- a/bot.js
+++ b/bot.js
@@ -12,15 +12,20 @@ var hue = require("node-hue-api"),
//Display command results in console
var displayResult = function(result) {
+
console.log(JSON.stringify(result, null, 2));
};
//Function taken from campushippo.com
var rgbToHex = function (rgb) {
+
var hex = Number(rgb).toString(16);
if (hex.length < 2) {
+
hex = "0" + hex;
}
+
return hex;
};
@@ -54,18 +59,21 @@ client.on("message", message => {
const command = args.shift().toLowerCase();
switch (command) {
+
case "light.off" : //Turn light off
api.setLightState(lightNum, state.off())
.then(displayResult)
.done();
message.channel.send("Light Off!");
break;
+
case "light.on" : //Turn light on
api.setLightState(lightNum, state.on())
.then(displayResult)
.done();
message.channel.send("Light On!");
break;
+
case "light.rgb" : //Change light colour
let r = args[0];
let g = args[1];
@@ -79,6 +87,7 @@ client.on("message", message => {
.setDescription(Red Value: ${r}. Green Value: ${g}. Blue Value: ${b});
message.channel.send(embed);
break;
+
case "light.switch" : //Switch to different light
let num = args[0];
lightNum = num;
(END)
$ git log
commit edc5aabf933f6bb161ceca6cf7d0d2160ce333ec (HEAD -> master)
Author: SherlockSec dan@lights.htb
Date: Fri May 31 14:16:43 2019 +0100
Added some whitespace for readability!
commit 47241a47f62ada864ec74bd6dedc4d33f4374699
Author: SherlockSec dan@lights.htb
Date: Fri May 31 12:00:54 2019 +0100
Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!
commit ddc606f8fa05c363ea4de20f31834e97dd527381
Author: SherlockSec dan@lights.htb
Date: Fri May 31 09:14:04 2019 +0100
Added some more comments for the lovely contributors! Thanks for helping out!
commit 335d6cfe3cdc25b89cae81c50ffb957b86bf5a4a
Author: SherlockSec dan@lights.htb
Date: Thu May 30 22:16:02 2019 +0100
Moving to Git, first time using it. First Commit!
"Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!"
$ git show 47241a47f62ada864ec74bd6dedc4d33f4374699
commit 47241a47f62ada864ec74bd6dedc4d33f4374699
Author: SherlockSec dan@lights.htb
Date: Fri May 31 12:00:54 2019 +0100
Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!
diff --git a/config.json b/config.json
index 316dc21..6735aa6 100644
--- a/config.json
+++ b/config.json
@@ -1,6 +1,6 @@
{
"token": "SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30=",
"token": "Replace me with token when in use! Security Risk!",
"prefix": "~",
"lightNum": "1337",
"username": "UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ==",
check the token:
SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30=
$ echo SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30=|base64 -d
HTB{v3rsi0n_c0ntr0l_am_I_right?}