Post

HackTheBox Dont't Panic Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Dont’t Panic Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/691

Description

You’ve cut a deal with the Brotherhood; if you can locate and retrieve their stolen weapons cache, they’ll provide you with the kerosene needed for your makeshift explosives for the underground tunnel excavation. The team has tracked the unique energy signature of the weapons to a small vault, currently being occupied by a gang of raiders who infiltrated the outpost by impersonating commonwealth traders. Using experimental stealth technology, you’ve slipped by the guards and arrive at the inner sanctum. Now, you must find a way past the highly sensitive heat-signature detection robot. Can you disable the security robot without setting off the alarm?

Instructions for Using Ghidra Bridge

For more details, refer to the Ghidra Bridge GitHub Repository.

Installation Steps:
  1. Install the Python Ghidra Bridge package using your package manager. For example, on Arch Linux with yay:
    1

    yay -S python-ghidra-bridge

    Alternatively, compile it from source by cloning the repository and following the provided instructions.

  2. Install the Ghidra Bridge server:
    1

    python -m ghidra_bridge.install_server ~/ghidra_scripts
  3. Add the scripts to Ghidra’s Script Manager:
    • Open the Script Manager in Ghidra.
    • Add the scripts from ~/ghidra_scripts.
  4. Enable the following scripts:
    • ghidra_bridge_start
    • ghidra_bridge_shutdown
  5. Start the bridge in Ghidra:
    • Navigate to Tools > Ghidra_Bridge > Run to initiate the server.

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

import ghidra_bridge

b = ghidra_bridge.GhidraBridge(namespace=globals())

print("GhidraBridge ->" , getState().getCurrentAddress().getOffset())

def getSymbol(name):
    return next(getState().getCurrentProgram().getSymbolTable().getSymbols(name))

def getAddress(offset):
    return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset)

start_addr = 0x10912d
listing = getState().getCurrentProgram().getListing()
fn_body = getState().getCurrentProgram().getFunctionManager().getFunctionContaining(getAddress(start_addr)).getBody()
instructions = listing.getInstructions(fn_body, True)
result = ['x' for _ in range(35)]
state = {}

print("Extracting RSP Values")

for instruction in instructions:    
    if "LEA" in str(instruction):
        state[str(instruction).split(",")[0].split(" ")[1]] = int(str(instruction).split("[")[1][:-1], 16)
    if "MOV qword ptr" in str(instruction):
        try:
            target = (int(str(instruction).split("RSP + ")[1].split("]")[0], 16) - 16) // 8
            reg = str(instruction).split(",")[1]
            result[target] = chr(int(str(getInstructionAt(getAddress(state[reg] + 1))).split(",")[1],16))
            print(result[target].strip(), end='', flush=True)
        except Exception:
            print()
            exit(0)

Summary

Don’t Panic on Hack The Box is an easy-level challenge that combines reverse engineering with automation using Ghidra and the ghidra-bridge Python library. The challenge involves analyzing a binary to extract the flag by interpreting assembly instructions and reconstructing data manually or through automation. While intended for manual resolution, the solution leverages Ghidra’s API to automate the flag extraction, showcasing the power of scripting in reverse engineering. Perfect for beginners, this challenge introduces reverse engineering, memory inspection, and scripting tools for automation.

challenge
htb challenge writeup linux reversing
This post is licensed under CC BY 4.0 by the author.