Skip to content

symphony2colour/WhiteRabbit-Password-Generator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
pass_gen.c
pass_gen.c
 
 

Repository files navigation

WhiteRabbit-Password-Generator

Helper for the HTB WhiteRabbit box: generate the 1,000 candidate passwords derived from a known timestamp when the original binary seeds milliseconds.

What it is: a reproducible way to enumerate all millisecond seeds for a given second (000–999) and print the corresponding passwords — matching the behavior of the target’s neo-password-generator logic, without shipping any spoilers or target binaries.

!! This repo is not an exploit and contains no box secrets. It is a convenience utility to reproduce a timestamp‑seeded password space in your own lab. Respect HTB rules and do not publish active spoilers.

Context

On WhiteRabbit, the sudo user’s password is generated by a binary (neo-password-generator) whose PRNG seed includes milliseconds. During enumeration you can recover the exact second used but not the millisecond component. This leaves 1,000 possibilities (0–999).

This C program simply iterates the millisecond range, re‑creating the candidate password for each value and printing them line‑by‑line so you can try them programmatically or manually.

Build

Compile the provided C source with gcc:

gcc pass_gen.c -o pass_gen

Any POSIX toolchain should work. The code uses only the C standard library.

Usage

Generate the 1,000 possible passwords for your recovered timestamp:

./pass_gen > passwords.txt

Now test the candidates with your preferred (authorized) method, for example:

  • Manual su testing in a lab shell
  • Feeding passwords.txt into a tool that can attempt sudo authentication (within HTB rules)
  • Writing a small wrapper to stop on first success

The exact timestamp (to the second) is typically gathered during box progression. This tool focuses solely on the millisecond sweep (000–999).

Tips to narrow the window

If 1,000 attempts are too many for your method, try reducing the range by triangulating the millisecond component from artifacts you’ve legally obtained on the host:

  • File mtime/ctime around the creation of related artifacts
  • Web/app logs, audit logs, or service logs (journalctl) near the event
  • Process start times or environment traces that include high‑resolution timestamps
  • Timezone normalization (UTC vs localtime) — avoid off‑by‑one‑second pitfalls

Sanity checks

  • Ensure your base timestamp is correct (right second).
  • Confirm timezone semantics match how the generator interprets time.
  • If the reference generator mixes additional state (e.g., user input, constant salt), mirror that logic in pass_gen.c before compiling.

Repo layout

.
├── pass_gen.c
└── README.md  (this file)

Ethics & scope

  • For authorized research/education only; comply with Hack The Box rules and local law.
  • Do not publish live spoilers or credentials. Use this tool only in retired contexts or private labs.

📝 License

MIT — see LICENSE.

About

This is a password generator which helps to achieve the root flag on HTB WhiteRabbit Box.

Topics

htb whiterabbit htb-scripts

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages