Post

HackTheBox Potion Master Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Potion Master Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/433

Description

After adding the curried eel, your potion is almost complete, your cauldron boiling over. All you need to do now is incant the final spell to finish your masterwork!

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

from z3 import *
from functools import reduce
import operator

a = [-43, 61, 58, 5, -4, -11, 64, -40, -43, 61, 62, -51, 46, 15, -49, -44, 47, 4, 6, -7, 47, 7, -59, 52, 17, 11, -56, 61, -74, 52, 63, -21, 53, -17, 66, -10, -58, 0]
b = [6, 106, 10, 0, 119, 52, 51, 101, 0, 0, 15, 48, 116, 22, 10, 58, 93, 59, 106, 43, 30, 47, 93, 62, 97, 63]
c = [304, 357, 303, 320, 304, 307, 349, 305, 257, 337, 340, 309, 396, 333, 320, 380, 362, 368, 286]
d = [52, 52, 95, 95, 110, 49, 51, 51, 95, 110, 110, 53, 116, 51, 98, 63]
s = Solver()
flag = [BitVec(f"flag_{i}", 8) for i in range(76)]
for i in range(len(flag)):
    s.add(flag[i] > 0x20)
    s.add(flag[i] < 0x7f)
for i in range(0, 76, 2):
    s.add(flag[i] - flag[i+1] == a[i//2])
for i in range(0, 76, 3):
    s.add(reduce(operator.xor, flag[i:i+3], 0) == b[i//3])
for i in range(0, 76, 4):
    s.add(sum(flag[i:i+4]) == c[i//4])
for i in range(0, 76, 5):
    s.add(flag[i] == d[i//5])
assert s.check() == sat
m = s.model()
print(bytes([int(repr(m[f])) for f in flag]).decode())

Summary

The Potion Master Challenge on Hack The Box is an easy-level challenge that introduces concepts like encryption reversal, constraint-solving, and reverse-engineering logic. Participants reverse the logic behind a function that verifies a flag using operations like XOR, subtraction, and summation. The task involves analyzing Haskell code, specifically focusing on functions like extractFlag, chunks, and checkFlag, which manipulate the flag string in various ways. By reversing the logic and using the Z3 solver to solve constraints, participants can deduce the correct flag. This challenge provides an excellent opportunity for beginners to dive into cryptographic techniques and logical reasoning in a programming context.

challenge
htb challenge writeup linux rev
This post is licensed under CC BY 4.0 by the author.