Intro
Biohazard is a room created by Deskel and is rated as medium on the Try Hack Me platform.
This is the room description:

Hope I survive it. Let’s kick it off with a NMap Scan.
Service Fingerprinting

The Puzzle Begins
I can see the main page, and scrolling a little lower i was able to access another page.

As said in the puzzle, a gunshot was heard and there’s a question: Where's the room?
I viewed the page source and found the answer: diningRoom
.

I access the dining room page, open the emblem page, and get back to the dining room page and refresh it. After refreshing the page, an input field shows up.
I paste the generated emblem code and get redirected to another page where I’m told nothing happened.
Hm… ok… I view the page source afterwards and find a base64 encoded text. Decoding it I get the name of another room.

Tea Room
This is inside the tea room.

Reading the text I’m recommended to visit the art room. I visit the art room and check the map. It seems that there are multiple rooms I’ll have to check.
Bar Room
The first thing I visit is the bar room, and i can unlock the door using the lockpick flag.

I unlock the room.

Reading the file it seems that the string is base32 encoded. I copy it and decode it online.

I get redirected to the Secret Bar Room. I access and copy the gold emblem, but here’s the trick, I paste the emblem I found in the Dining Room. Therefore, I get redirected to a page that gives me a name: rebecca
. Something is fishy here…
Going back to the Dining Room i input the the gold emblem there and get what it seems to be a Caesar Cipher but after a little research I realized it was a Vigenere Cipher and the key was rebecca.

I decode it and this is the output:

Accessing the page I received the key.

Dining Room 2F
I’m done with this room. Time to move to the next one. Therefore i access the Dining Room 2F. Viewing the source code of the page I notice a comment that looks like Caesar Cipher.

Decoding it I find out that I have to visit another page.

I visit the first dining room and access the above mention html page. Thus accessing the page i get a new flag.

Crest Hunting
I survived so far, time to get to the next room: Tiger Status Room
.

I insert the flag I found above into the input field and press submit. This redirects me to another page where I have to decode some strings and combine them.

I guess that’s what i should have found in this room. Let’s get to the next one: gallery room.

Taking a look at the notes I find the second crest. Let’s enter into the Study Room.

Since I don’t have any helmet symbol I’ll get back at it later.
Access the armor room and paste your shield key. Reading the note i come across the 3rd crest.

Let’s get to the attic. Paste the shield key and read the note. I found the 4th crest!

Getting FTP Access
Time to decode the crests(don’t forget we have to combine them):
- Crest 1: base64 -> base32
- Crest 2: base32 -> base58
- Crest 3: base64 -> binary -> hex
- Crest 4: base58 -> hex
The combined text is: RlRQIHVzZXI6IGh1bnRlciwgRlRQIHBhc3M6IHlvdV9jYW50X2hpZGVfZm9yZXZlcg==
. And the decoded text is: FTP user: hunter, FTP pass: you_cant_hide_forever
.
Logging in FTP I find out the following:

Steganography & Getting Another Key
I downloaded the files.Reading the content of the important text file there is a message from Barry.

The first and the third image has files embedded and the second one has a comment in the EXIF data. The tools used are:
- Steghide
- Exiftool
- Binwalk
The complete string is: cGxhbnQ0Ml9jYW5fYmVfZGVzdHJveV93aXRoX3Zqb2x0
. The result decoding it is: plant42_can_be_destroy_with_vjolt
. This is the password we can use to decrypt the gpg file.

Back to Study
Since I have the helmet key, I go back to the Study Room and unlock it. Therefore i download the archive and extract its content.

Hoooray! Finally! I have a user. I move to the hidden room: hidden closet
.
Hidden Closet Room
Paste the helmet key into the input field and examine the wolf medal.

Yes! Finally! I get to have access to the SSH.
Besides the SSH Pass there is 1 more file which when accessed you might think it’s a Caesar Cipher, but in fact it’s a Vigenere Cipher. Again! But since I don’t have the cipher key, i cannot decrypt it. Yet!
User Access & Flag

I find a text file in a hidden directory. Let’s read it.

I have the key to decrypt the Vigenere Cipher now.

Time to change the user!

Accessing weasker home directory I find a note.

Privilege Escalation & Root Flag
I try to list my sudo privileges, in case there is any, and this was the output:

This means I can run any command as root(umbrella_corp). Let’s grab the root flag!
