{"id":1936,"date":"2025-10-24T16:08:39","date_gmt":"2025-10-24T20:08:39","guid":{"rendered":"https:\/\/www.peteonsoftware.com\/?p=1936"},"modified":"2025-10-24T16:08:39","modified_gmt":"2025-10-24T20:08:39","slug":"hack-the-box-walkthrough-the-puppet-master","status":"publish","type":"post","link":"https:\/\/www.peteonsoftware.com\/index.php\/2025\/10\/24\/hack-the-box-walkthrough-the-puppet-master\/","title":{"rendered":"Hack the Box Walkthrough: The Puppet Master"},"content":{"rendered":"

\"AnThis time, we’re going to be back in a Hack the Box challenge called The Puppet Master<\/a>. Its description is “An anonymous source has shared a photograph of an unidentified military armored vehicle during field operations. Your mission is to conduct a comprehensive OSINT analysis to identify this vehicle and its specifications.”<\/p>\n

The first thing you have to do is click “Start Instance” on the HTB page for this challenge. It will spin up a container and you’ll get an IP and Port to connect to. When you get there, you will get a website with these pages.<\/p>\n

First, we come to the Dashboard page. This explains the Scenario, the Objective, and some information about OSINT Investigation as a whole.<\/p>\n

\"The<\/p>\n

Next, we come to the Evidence page. This has the image for us to investigate and some initial observations about that image.<\/p>\n

\"The<\/p>\n

Lastly, we have the Challenge page. This is the page with the list of questions that we will need to answer.<\/p>\n

\"The<\/p>\n

Now that we’ve got the lay of the land, let’s tackle the questions.<\/p>\n

Q1. What type of military vehicle is shown in the image? Look at the vehicle’s characteristics: it’s wheeled, armored, and appears to be a personnel carrier. Research similar vehicles online.<\/strong><\/p>\n

I went to tineye.com and uploaded the image. I purposely didn’t select any pages that looked like they were related to solving this challenge. I went to this blog: https:\/\/defense-studies.blogspot.com\/2023\/05\/<\/a> and found an article mentioning that 18 Bushmaster PMVs were delivered to the New Zealand Army.<\/p>\n

A1. Bushmaster<\/strong><\/em><\/p>\n

Q2. Who is the manufacturer\/designer of this vehicle? Research the company that designed and produces this specific armored vehicle.<\/strong><\/p>\n

I googled it and was pointed to the Wikipedia article for it and got the answer https:\/\/en.wikipedia.org\/wiki\/Bushmaster_Protected_Mobility_Vehicle<\/a><\/p>\n

A2. Thales Australia<\/strong><\/em><\/p>\n

Q3. When did this vehicle first enter military service? Research the year this specific vehicle type was first deployed operationally.<\/strong><\/p>\n

Same wikipedia page<\/p>\n

A3.1997<\/strong><\/em><\/p>\n

Q4. What is the country of origin for this vehicle? Research where this specific vehicle was originally designed and manufactured.<\/strong><\/p>\n

Same page, though the name of the manufacturer is also a bit of a giveaway<\/p>\n

A4. Australia<\/strong><\/em><\/p>\n

Q5. What is the passenger capacity of this vehicle? Research how many passengers plus crew it can carry (format: X passengers and Y driver).<\/strong><\/p>\n

Wikipedia page again.<\/p>\n

A5. 9 passengers and 1 driver<\/strong><\/em><\/p>\n

After you finish that last question, you submit for final analysis and get the flag to submit back at the Hack the Box Challenge page. That’s it. Very Easy as the chaps promised. The biggest trick here was knowing how to use TinEye or Google Reverse Image Search and then to investigate from there.<\/p>\n

\"The<\/p>\n","protected":false},"excerpt":{"rendered":"

This time, we’re going to be back in a Hack the Box challenge called The Puppet Master. Its description is “An anonymous source has shared a photograph of an unidentified military armored vehicle during field …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[153],"tags":[141,142,158],"class_list":["post-1936","post","type-post","status-publish","format-standard","hentry","category-capture-the-flag","tag-information-security","tag-infosec","tag-osint"],"_links":{"self":[{"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/posts\/1936","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/comments?post=1936"}],"version-history":[{"count":0,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/posts\/1936\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/media?parent=1936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/categories?post=1936"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/tags?post=1936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}