Post

HackTheBox LinkHands Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the LinkHands Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

import subprocess
import concurrent.futures
import signal
import sys
import os

start_first_addr = 0x00404040
end_first_addr = 0x004042af
start_second_addr = 0x00404040
end_second_addr = 0x004042af
last_output = None
stop_brute_force = False

def test_addresses(first_address, second_address):
    global last_output
    if stop_brute_force: return
    input_str = f"{first_address:#x} {second_address:#x}"
    process = subprocess.Popen('./link', stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    try:
        stdout, stderr = process.communicate(input=input_str.encode())
        output_str = stdout.decode().strip()
        if output_str and (last_output is None or output_str != last_output):
            print(f"Output for first address {first_address:#x}, second address {second_address:#x}: {output_str}")
            last_output = output_str
    except Exception as e:
        print(f"Error for {first_address:#x}, {second_address:#x}: {str(e)}")

def signal_handler(sig, frame):
    global stop_brute_force
    print("\nCtrl+C detected. Forcefully stopping brute force...")
    stop_brute_force = True
    os._exit(1)

def brute_force():
    with concurrent.futures.ThreadPoolExecutor(max_workers=10) as executor:
        futures = [executor.submit(test_addresses, first, second) 
                   for first in range(start_first_addr, end_first_addr + 1)
                   for second in range(start_second_addr, end_second_addr + 1)]
        for future in concurrent.futures.as_completed(futures):
            if stop_brute_force: break

signal.signal(signal.SIGINT, signal_handler)
print("Starting brute force for both addresses using multi-threading...")
brute_force()
print("Brute force complete.")

Summary

The LinkHands Challenge on Hack The Box is an easy-level challenge focused on encryption reversal and file handling. It involves brute-forcing memory address pairs to find the correct combination. The Python script uses subprocess and multithreading to test address combinations, capturing and printing the output until the correct result is found. This challenge introduces basic exploitation techniques, making it ideal for beginners to learn about memory manipulation and remote service interaction.

challenge
htb challenge writeup linux rev
This post is licensed under CC BY 4.0 by the author.