Post

HackTheBox AHS512 Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the AHS512 Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/417

Description

The most famous candy maker in town has developed a secret formula to make sensational and unique candies by just giving the name of the candy. He even added a pinch of randomness to his algorithm to make it even more interesting. As his trusted friend and security enthousiast he has asked you to test it for him. Can you find a bug?

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

#!/usr/bin/python3
from hashlib import sha512
from random import randint
from pwn import remote
import sys

class ahs512:
    def __init__(self, message):
        self.message = message
        self.key = self.generateKey()

    def generateKey(self):
        while True:
            key = randint(2, len(self.message) - 1)
            if len(self.message) % key == 0:
                break
        return key

    def transpose(self, message):
        transposed = [0 for _ in message]
        columns = len(message) // self.key
        for i, char in enumerate(message):
            row = i // columns
            col = i % columns
            transposed[col * self.key + row] = char
        return bytes(transposed)

    def rotate(self, message):
        return [((b >> 4) | (b << 3)) & 0xff for b in message]

    def hexdigest(self):
        transposed = self.transpose(self.message)
        rotated = self.rotate(transposed)
        return sha512(bytes(rotated)).hexdigest()

def main():
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} <ip:port>")
        sys.exit(1)
    host, port = sys.argv[1].split(':')
    p = remote(host, int(port))
    p.recvuntil(b'Find a message that generate the same hash as this one: ')
    target = p.recvline().strip().decode()
    original_message = b"pumpkin_spice_latte!"
    modified_message = original_message.replace(b'_', b'\xdf')
    while True:
        p.sendlineafter(b'Enter your message: ', modified_message.hex().encode())
        p.recvline()
        answer = p.recvline()
        if b'Conditions not satisfied!' not in answer:
            break
    print(answer.decode().strip())
    p.close()

if __name__ == "__main__":
    main()

Summary

The AHS512 Challenge on Hack The Box is an easy-level cryptography challenge that involves reversing a custom hashing algorithm. Participants analyze and exploit the algorithm’s behavior, including message transposition, bit rotation, and SHA-512 hashing, to craft a message that matches a given hash. This task offers a practical introduction to cryptanalysis, custom encryption methods, and Python scripting for real-time server interactions.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.