shellinabox VS CyberChef

Is it an alternative to shellinabox ?

https://github.com/shellinabox/shellinabox

Shell In A Box (though it hasn't been updated in a few years)

Remind me of ShellInABox, but Apache Guacamole is probably much better supported.

From the GitHub community, nyxnor did an amazing work to rewrite the support of bridges with pluggable transports (OBFS4, MEEK-AZURE and SNOWFLAKE) to make it easier than ever to circumvent censorship. Also, we experimentally added „Shellinabox“ so that user, who are not familiar with SSH can also access the TorBox Main menu with a web browser. However, we are not completely satisfied with that solution yet because browsers are showing warning messages with the self-signed certificate for a secure connection. We are eager to hear your feedback on “Shellinabox”. Do you know better alternatives? For more details about the latest TorBox Version, check out our Blog Post.

shellinabox — A web-based SSH Terminal https://github.com/shellinabox/shellinabox

It's also possible ports 80/443 are also available to your Windows machine. In which case you might use your NoMachine service to listen on that port. If the firewall is not permissive enough, you can use something like shellinabox to HTTP into the Windows machine and perform administration tasks to disable RDP/endable NoMachine on port 3389.

It looks like Telehack is running a Javascript + CSS kit called ShellInABox to allow web browsers to connect via Telnet. The link they provided in the "about" leads to a malfunctioning webpage, looks to be last updated in 2010. However, that project was forked on GitHub, and the most recent update appears to be Jan 2019, so there is a likely-working copy of that software for allowing for that kind of access.

Then we take the encrypted text and use CyberChef to decrypt it.

Let's go to CyberChef and insert our pieces of evidence.

A parameter was changed from '2AMBCgIQBg' to 'CgIIAdgDAQ%3D%3D' which is just the correct base64 encoding they should have been using the entire time.

I don't think this was a hostile action by Google, I think someone just added better input validation for security reasons and it accidently broke the bad requests they were sending.

https://gchq.github.io/CyberChef/#recipe=URL_Decode()From_Ba...

❗This is indeed the flag, but the text is encrypted with Base64. Usually, the presence of padding character "=" indicates that's Base64 type of encoding (but that's only one of the hints). To decrypt it, we can use CyberChef. Copy-paste the text and we either:

It uses a combination of magic bytes (like the `file` command), entropy analysis and character frequency detection to determine whether an output is likely to be of interest to the user.

The file type mechanism is written here[0]. There's a list of all signatures we detect here[1].

[0] https://github.com/gchq/CyberChef/blob/master/src/core/lib/F...

I think this can be deciphered using CyberChef...