https://app.hackthebox.com/challenges/160
Alright, so in this challenge, we have someone internal doing something they shouldn’t be doing.
Starting off, we see a Mozilla folder, my first thought is this will most likely be browser forensics, but lets see.
We have a couple different sub folders here, but a lot of them are empty.
Once we get to the profiles folder, things get interesting.
Here we can see a lot of good files. I found this page very helpful for this challenge:
Now we will instal DB Browser for SQLite to view the sqlite files.
I poked around a bit just to see what was in there and what all we can see, but ultimately, the places and key4.db files will be what we will be looking at.
Inside of places, we can see a lot of cool information about the browser history.
The key4.db file is encrypted, we can easily view this using nirsoft’s passwordfox tool and selecting our profile folder.
https://www.nirsoft.net/utils/passwordfox.html
Here we can see the site visited, along with the credentials.
Also, I saw this connection in the sqlite files when I was looking at visited sites. It’s very cool to see everything piece together.
HTB{ur_8RoW53R_H157Ory}
Killian Sherer 