https://app.hackthebox.com/challenges/55

Description

During an assessment of a unix system the HTB team found a suspicious directory. They looked at everything within but couldn’t find any files with malicious intent.

Exploitation

Extract the challenge archive to find multiple folders filled with various files.

find .secret -type f | awk -F'/' '{ print $2 " " $3 }' | sort -n -k2 | awk -F' ' '{ print $1 }' | tr -d '\n' | base64 -d

Summary

misDIRection: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.