https://app.hackthebox.com/challenges/187
Right off the bat, I am not sure if the description is just old and messed up or if it is a clue… I guess we will see.
Doing some recon in this file, we can see the header is regf, suggesting we are working with a registry file.
I will use EZ’s Registry Explorer to work with this.
We can see some data in here, I am going to start off with the pre-defined bookmarks and see if there is anything interesting.
After some poking around, I found this executable in the Run key: SFRCezFfQzRuX2t3M3J5XzRMUjE5aDd9
Throwing this into CyberChef and decoding from base64, we get the flag.
HTB{1_C4n_kw3ry_4LR19h7}
Killian Sherer 