💡 I got extremely lucky and managed to finish this very quickly, my advice is just to not be intimidated at all,
there are a lot of files.
- Looking at even just the file names, it becomes clear that you are working with some type of
browser data dump- Determining the exact browser used could help you to sort through the data in a manageable way using open-source software or smth
- It’s a little obvious from the
moztags but its Firefox (doesn't really matter)
- I hate
JSONfiles, I will not touch them yet - I actually just don’t recognize any of the file types besides
sqliteso I focus on that
Now I really respect people who used a real terminal for this, but my favorite browser-based SQLite Viewer is by INLOOPX
First file I viewed was formhistory.sqlite, it was the first one in the list (besides favicon which I know, from past knowledge, that it probably just has image data)
- Looking for significant details like
loginsorpasswords
SELECT * FROM 'moz_formhistory' LIMIT 0,30
The name Rick Ash is noteworthy along with the username ashrick and the password r0llr1ck0202!
Using these details, I just casually combed through some of the SQLite tables until something was found in places.sqlite
SELECT * FROM 'moz_places' LIMIT 30,30
Bingo, navigating to ashrick’s pastebin account, you will find a password protected file
Using the password from earlier, r0llr1ck0202!, you can see the details of the pastebin with the flag
Hello Boss,
I'll start transferring the documents as discussed earlier. For now, keep this secret: HTB{br0ws3r_f0r3ns1cs_iz_ez!}