HackTheBox Nuclear Sale Writeup

Explore the basics of cybersecurity in the Nuclear Sale Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/225

Description

Plutonium Labs is a private laboratory experimenting with plutonium products. A huge sale is going to take place and our intelligence agency is interested in learning more about it. We have managed to intercept the traffic of their mail server. Can you find anything interesting?

Exploitation

#!/usr/bin/env python3

def hex_to_bytes(hex_str): return bytes.fromhex(hex_str)
def xor_bytes(data1, data2): return bytes(a ^ b for a, b in zip(data1, data2))

def main():
    msg1 = "6b65813f4fe991efe2042f79988a3b2f2559d358e55f2fa373e53b1965b5bb2b175cf039"
    msg2 = "fd034c32294bfa6ab44a28892e75c4f24d8e71b41cfb9a81a634b90e6238443a813a3d34"
    msg3 = "de328f76159108f7653a5883decb8dec06b0fd9bc8d0dd7dade1f04836b8a07da20bfe70"
    data1, data2, data3 = hex_to_bytes(msg1), hex_to_bytes(msg2), hex_to_bytes(msg3)
    flag = xor_bytes(xor_bytes(data1, data2), data3).decode('utf-8')
    print(flag)

if __name__ == '__main__':
    main()

Summary

The Nuclear Sale Challenge on Hack The Box is an easy-level task involving network forensics and cryptographic analysis. Participants analyze intercepted email server traffic containing encrypted messages and must implement XOR operations to decrypt them. The provided Python script performs systematic XOR operations between multiple captured messages, attempting to decode the results in various encodings to reveal sensitive information about a plutonium sale. This challenge serves as an excellent introduction to both traffic analysis and basic cryptographic operations, making it ideal for those learning about encryption and network interception techniques.