Post

HackTheBox I'm gRoot Writeup

Posted
By x3ric
3 min read

Explore the basics of cybersecurity in the I’m gRoot Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/518

Description

After decrypting the communication, you uncover the identity of the mole as the senior blockchain developer. Shockingly, the developer had embedded a backdoor in the government's decentralized blockchain network, originally designed to prevent corruption. You report this critical finding to the government council and are assigned with the task of detecting and fixing the backdoor, ensuring the integrity and security of the network.

Reference

https://flawed.net.nz/2018/02/21/attacking-merkle-trees-with-a-second-preimage-attack/

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

#!/usr/bin/env python3
from hashlib import sha256
import socket, sys, signal

def handler(signum, frame):
    print("\n[-] Interrupted by user")
    sys.exit(1)

def recv_until(s):
    data = b""
    try:
        s.settimeout(TIMEOUT)
        start_time = 0
        while b"> " not in data:
            try:
                chunk = s.recv(1024)
                if not chunk:
                    if data:
                        break
                    raise ConnectionError("Connection closed by remote host")
                data += chunk
            except socket.timeout:
                if data:
                    break
                raise TimeoutError(f"No response after {TIMEOUT} seconds")
    except Exception as e:
        raise e
    return data.decode()

def get_last_tx(s):
    print("[+] Sending transaction request")
    s.send(b"1\n")
    data = recv_until(s)
    print("[+] Received response:", data.split('\n')[0] if data else "No data")
    try:
        for line in reversed(data.split('\n')):
            if "Transactions:" in line:
                tx = eval(line.split("Transactions: ")[1].strip())
                print(f"[+] Found transactions: {tx[:20]}...")
                return tx
    except Exception as e:
        print(f"[-] Error parsing transactions: {str(e)}")
    return None

def exploit(host, port):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(TIMEOUT)
    try:
        print(f"[+] Connecting to {host}:{port}")
        s.connect((host, port))
        print("[+] Receiving initial prompt")
        initial = recv_until(s)
        print(f"[+] Initial response: {initial.split('\n')[0]}")
        tx = get_last_tx(s)
        if not tx:
            print("[-] Failed to get transactions")
            return
        print("[+] Computing hashes")
        h = lambda b: sha256(bytes.fromhex(b)).hexdigest()
        r0 = list(map(h, tx))
        r1 = [h(r0[i] + r0[i+1]) for i in range(0, len(r0), 2)]
        r2 = [h(r1[i] + r1[i+1]) for i in range(0, len(r1), 2)]
        forged = r2[0] + r2[1]
        print(f"[+] Forged hash: {forged[:20]}...")
        print("[+] Sending option 2")
        s.send(b"2\n")
        menu = recv_until(s)
        print(f"[+] Menu response: {menu.split('\n')[0]}")
        print("[+] Sending forged hash")
        s.send(forged.encode() + b"\n")
        print("[+] Waiting for result")
        result = recv_until(s).strip()
        print(f"[+] Result: {result}")
    except TimeoutError as e:
        print(f"[-] Timeout: {str(e)}")
    except ConnectionError as e:
        print(f"[-] Connection error: {str(e)}")
    except Exception as e:
        print(f"[-] Error: {str(e)}")
    finally:
        print("[+] Closing connection")
        s.close()

def main():
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} <host:port>")
        sys.exit(1)
    try:
        host, port = sys.argv[1].split(':')
        exploit(host, int(port))
    except ValueError:
        print("[-] Invalid host:port format")
        sys.exit(1)
    except Exception as e:
        print(f"[-] Error: {str(e)}")

TIMEOUT = 10
signal.signal(signal.SIGINT, handler)

if __name__ == "__main__":
    main()

Summary

The I’m gRoot Challenge on Hack The Box is an easy-level challenge focusing on blockchain security and transaction forgery. The goal is to exploit a backdoor in a decentralized blockchain system by forging valid transaction signatures. Participants interact with the system, retrieve the latest block’s transactions, and forge signatures by combining pairs of transactions. The challenge introduces basic concepts of cryptographic verification and blockchain manipulation, making it a great starting point for learning about these topics in cybersecurity.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.