HackTheBox Bank-er-smith Writeup
Explore the basics of cybersecurity in the Bank-er-smith Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/438
Description
You used the cloak of invisibility to enter the bank and spy on the employees. They seem to be using magic to automate the paperwork. As you watched the papers flying around, you managed to steal one of them. It contains the details about the vault containing the Golden Grail with Valdemort's soul. After regrouping with Ermiani and Ran, you drank the transformation poison and entered the bank as one of the employees. The passphrase for the vault is encrypted and the only thing you can ask the bank for is a small hint that seems to be magic-proof.
Exploitation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/usr/bin/python3
import socket,sys,gmpy2
def main(host,port):
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((host,port))
p=157875172209163519678943359148525333531716726677753633934296611712000756309667034596569133406098287955902929909543766113103871854290570427288416517970201806645975359034144521325212023682443479156175345265695523898222195390245489486286336622758826675848519763864114653366396161706216930716646891645418638230777
c=0x226e64eaeac943cd2386a9e4a4c9298fb9cb7de03c7a213d1b322b97282b86048d5fca4196ac7a8fc4ad436a18dad51b8a61ba3f1abb6bc5c36c7d2d1b017f153e6d4abb36541c0d18b06fe3c3c62a37e491068c47cebb81b787c625d83a30c3bbf0b199af30f324fbbf3704b43d14cd33f96ad3d21f5ef7e2f8140825b9b0b3d6e4949f2cb99d6504e7de1efdea60d5fc86926757965d50ffcf0d6beabfc028aec797b0dde69ecec821aa847442fe944e11073d8af6199c0256b7585a1538ffd4ec48fcf4550d5d0db6843b96695f65ebeffd51c08e7920ab57a1e8ae6f66fd3d68d2ff4af64cba7f63a4f4278518247e4505091d94142173d6b1fd58418b96
n=17415590906978433746472641764083504512019958412158092813450467355788577633087254416157801044394309487617942708339245514241198481677964708123680885650475742121129771766359967489634887005007988336291170522394424447782344637066887606424930021648088268320866687879629746818809145950310136907696781348429161849531727203320131362773603137160846675973851729681676355984788417018929487346062717582378311437452281097285000670744354738795391901185318315491985549861831660290116418075125748786314871734796448641636181705051487202260458576056902007899564398926860405655987541775486698325723575216153624082972207828956997490139773
e=65537
q = n//p
phi = (p-1)*(q-1)
d = int(gmpy2.invert(e, phi))
m = pow(c,d,n)
print("Decrypted hash:",bytes.fromhex(hex(m)[2:]).decode())
data = s.recv(1024).decode()
print("\nServer response:", end='')
print(data)
s.send(b"3\n")
data = s.recv(1024).decode()
print(">3\n")
print("Server response:", end='')
print(data)
s.send(b"vault_68\n")
data = s.recv(1024).decode()
print(">vault_68\n")
print("Server response:", end='')
print(data)
s.send(b"horcrux_horcrux_Helga_Hufflepuff's_cup\n")
flag = s.recv(1024).decode()
print(">horcrux_horcrux_Helga_Hufflepuff's_cup\n")
print("Flag:", flag.strip())
if len(sys.argv) != 2:
print(f"Usage: python {sys.argv[1]} <ip:port>")
sys.exit(1)
try:
host,port = sys.argv[1].split(":")
main(host,int(port))
except Exception as e:
print(f"Error: {e}")
Summary
The Bank-er-smith Challenge on Hack The Box is an easy-level cryptographic challenge focusing on RSA decryption and modular arithmetic. Participants exploit the vulnerability of a provided RSA setup by factorizing the modulus ( n ) using a given prime ( p ). They calculate the private key ( d ) to decrypt a ciphertext and interact with the challenge server to retrieve the final flag. This challenge is ideal for those seeking to deepen their understanding of RSA encryption, decryption, and its associated mathematics.