HackTheBox Andoird-in-the-Middle Writeup

Explore the basics of cybersecurity in the Andoird-in-the-Middle Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

from pwn import *
import hashlib
from Crypto.Cipher import AES
from Crypto.Util.number import long_to_bytes

context.log_level = 'error'

if __name__ == "__main__":
    import sys
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} <ip:port>")
        sys.exit(1)
    ip, port = sys.argv[1].split(':')
    r = remote(ip, int(port))
    r.sendlineafter(b"Enter The Public Key of The Memory: ", b"0")
    shared_secret = 0
    sequence = b"Initialization Sequence - Code 0"
    key = hashlib.md5(long_to_bytes(shared_secret)).digest()
    cipher = AES.new(key, AES.MODE_ECB)
    encrypted_sequence = cipher.encrypt(sequence).hex().encode()
    r.sendlineafter(b"Enter The Encrypted Initialization Sequence: ", encrypted_sequence)
    print(r.recvall().decode().strip())

Summary

The Android-in-the-Middle Challenge on Hack The Box demonstrates a classic Man-in-the-Middle (MiTM) attack on the Diffie-Hellman (DH) key exchange protocol. By exploiting the lack of public key verification, you manipulate the shared secret to a known value (0), allowing you to decrypt and re-encrypt the target sequence successfully. This challenge is ideal for beginners to explore cryptographic weaknesses, understand DH key exchange, and learn how to perform AES encryption in a controlled environment.