Post

HackTheBox Out of Time Challenge

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Out of Time Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/280

Description

Quick we need to get access to the bunker and we are running out of time! The door is using an advanced steam-powered door locking mechanism which we cannot breach. One of our scientists managed to make a tool that measures the mechanical stress of the pipes moving steam during the verification of the password and created a power consumption model but it looks like just random signals. Can you find anything useful in the data?

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

#!/usr/bin/python3
import sys,time,socket,base64
import numpy as np

VALID_CHARS = [chr(x) for x in range(33, 126)]
THRESHOLD = 100

def b64_decode_trace(leakage):
    return np.frombuffer(base64.b64decode(leakage))

def connect_to_socket(host, port, option, data):
    data = data.encode()
    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
        s.connect((host, port))
        s.recv(1024)
        s.sendall(option)
        s.recv(1024)
        s.sendall(data)
        resp_data = b''
        while True:
            tmp = s.recv(8096)
            if not tmp:
                break
            resp_data += tmp
        return resp_data

def testing(host, port, password_guess):
    leakage = connect_to_socket(host, port, b'1', password_guess)
    return b64_decode_trace(leakage)

def main():
    host, port = sys.argv[1].split(":")
    port = int(port)
    guessed_pw = "HTB{"
    while True:
        ref_trace = testing(host, port, guessed_pw + "\x00")
        for c in VALID_CHARS:
            trace = testing(host, port, guessed_pw + c)
            diff = np.sum(np.abs(trace - ref_trace))
            if diff > THRESHOLD:
                guessed_pw += c
                print(guessed_pw)
                break

if __name__ == "__main__":
    main()

Summary

The Out of Time Challenge demonstrates side-channel attacks by analyzing power trace spikes to deduce passwords through brute-forcing, where correct characters cause trace spikes, showcasing hardware security and cryptographic vulnerabilities.

challenge
htb challenge writeup linux hardware
This post is licensed under CC BY 4.0 by the author.