Safe @ HackTheBox
Safe is an “easy” machine on hackthebox, involving a simple buffer overflow and cracking a keepass file.
We use ropstar, get a shell and the user flag.
Using keepass2john we generate a hash file for every image:
keepass2john -k <img> MyPasswords.kdbx > hash
We run rockyou-75.txt against it and find the password “bullshit” rather quickly. Inside the keepass file we find roots password “u3v2249dl9ptv465cogl3cnpo3fyhk”. Now we add our ssh key to “user”, ssh into the box and su to root.