HackTheBox ChromeMiner Writeup
Explore the basics of cybersecurity in the ChromeMiner Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
Downloading the executable and decompiling it with ILSpy reveals the URL /c2VjcmV0/archive.zip?k=ZGlzY3VyZG5pdHJ1
Deobfuscating the JavaScript downloaded from that endpoint allows us to craft the final payload and analyze its functionality.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
(async () => {
const secretKey = "_NOT_THE_SECRET_";
const hexEncodedData = "E242E64261D21969F65BEDF954900A995209099FB6C3C682C0D9C4B275B1C212BC188E0882B6BE72C749211241187FA8";
const hexToBytes = (hex) => new Uint8Array(hex.match(/../g).map(byte => parseInt(byte, 16)));
const textEncoder = new TextEncoder();
const keyData = textEncoder.encode(secretKey);
const importedKey = await crypto.subtle.importKey(
"raw",
keyData,
{ name: "AES-CBC" },
false,
["decrypt"]
);
const iv = keyData;
const encryptedData = hexToBytes(hexEncodedData);
const decryptedData = await crypto.subtle.decrypt(
{ name: "AES-CBC", iv: iv },
importedKey,
encryptedData
);
const decodedData = new TextDecoder("utf-8").decode(decryptedData);
console.log("Decrypted Data (Flag):", decodedData);
})();
Summary
The ChromeMine Challenge on Hack The Box introduces the fundamentals of .NET decompilation, Chrome extension analysis, and JavaScript deobfuscation. By analyzing a malicious executable with tools like ILSpy, you uncover a base64-encoded URL pointing to a ZIP file containing a Chrome extension. Extracting and deobfuscating the extension’s background.js script reveals obfuscated functionality, such as cryptographic operations and encoded payloads. This challenge provides hands-on experience in reversing malware, unpacking Chrome extensions, and analyzing obfuscated JavaScript to retrieve the HTB flag.