Post

HackTheBox Dont't Panic Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Dont’t Panic Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

Instructions for Using Ghidra Bridge

For more details, refer to the Ghidra Bridge GitHub Repository.

Installation Steps:
  1. Install the Python Ghidra Bridge package:
    1

    yay -S python-ghidra-bridge
  2. Install the Ghidra Bridge server:
    1

    python -m ghidra_bridge.install_server ~/ghidra_scripts
  3. Add the scripts to Ghidra’s Script Manager:
    • Open the Script Manager in Ghidra.
    • Add the scripts from ~/ghidra_scripts.
  4. Enable the following scripts:
    • ghidra_bridge_start
    • ghidra_bridge_shutdown
  5. Start the bridge in Ghidra:
    • Navigate to Tools > Ghidra_Bridge > Run to initiate the server.

Proof of Concept (PoC)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

import ghidra_bridge

b = ghidra_bridge.GhidraBridge(namespace=globals())

print("GhidraBridge ->" , getState().getCurrentAddress().getOffset())

def getSymbol(name):
    return next(getState().getCurrentProgram().getSymbolTable().getSymbols(name))

def getAddress(offset):
    return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset)

start_addr = 0x10912d
listing = getState().getCurrentProgram().getListing()
fn_body = getState().getCurrentProgram().getFunctionManager().getFunctionContaining(getAddress(start_addr)).getBody()
instructions = listing.getInstructions(fn_body, True)
result = ['x' for _ in range(35)]
state = {}

print("Extracting RSP Values")

for instruction in instructions:    
    if "LEA" in str(instruction):
        state[str(instruction).split(",")[0].split(" ")[1]] = int(str(instruction).split("[")[1][:-1], 16)
    if "MOV qword ptr" in str(instruction):
        try:
            target = (int(str(instruction).split("RSP + ")[1].split("]")[0], 16) - 16) // 8
            reg = str(instruction).split(",")[1]
            result[target] = chr(int(str(getInstructionAt(getAddress(state[reg] + 1))).split(",")[1],16))
            print(result[target].strip(), end='', flush=True)
        except Exception:
            print()
            exit(0)

Summary

Don’t Panic on Hack The Box is an easy-level challenge that combines reverse engineering with automation using Ghidra and the ghidra-bridge Python library. The challenge involves analyzing a binary to extract the flag by interpreting assembly instructions and reconstructing data manually or through automation. While intended for manual resolution, the solution leverages Ghidra’s API to automate the flag extraction, showcasing the power of scripting in reverse engineering. Perfect for beginners, this challenge introduces reverse engineering, memory inspection, and scripting tools for automation.

challenge
htb challenge writeup linux reversing
This post is licensed under CC BY 4.0 by the author.