HackTheBox Out of Time Writeup
Explore the basics of cybersecurity in the Out of Time Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import sys
import time
import socket
import base64
import numpy as np
VALID_CHARS = [chr(x) for x in range(33, 126)]
THRESHOLD = 100
def b64_decode_trace(leakage):
return np.frombuffer(base64.b64decode(leakage))
def connect_to_socket(host, port, option, data):
data = data.encode()
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((host, port))
s.recv(1024)
s.sendall(option)
s.recv(1024)
s.sendall(data)
resp_data = b''
while True:
tmp = s.recv(8096)
if not tmp:
break
resp_data += tmp
return resp_data
def testing(host, port, password_guess):
leakage = connect_to_socket(host, port, b'1', password_guess)
return b64_decode_trace(leakage)
def main():
host, port = sys.argv[1].split(":")
port = int(port)
guessed_pw = "HTB{"
while True:
ref_trace = testing(host, port, guessed_pw + "\x00")
for c in VALID_CHARS:
trace = testing(host, port, guessed_pw + c)
diff = np.sum(np.abs(trace - ref_trace))
if diff > THRESHOLD:
guessed_pw += c
print(guessed_pw)
break
if __name__ == "__main__":
main()
Summary
The Out of Time Challenge demonstrates side-channel attacks by analyzing power trace spikes to deduce passwords through brute-forcing, where correct characters cause trace spikes, showcasing hardware security and cryptographic vulnerabilities.
This post is licensed under CC BY 4.0 by the author.