HackTheBox QuickScan Writeup
Explore the basics of cybersecurity in the QuickScan Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
from pwn import *
import tempfile
import base64
def get_process():
try:
host, port = sys.argv[1].split(':')
return remote(host, int(port))
except IndexError:
print(f'Usage: python {sys.argv[0]} <ip:port>')
exit(1)
def get_loaded_value(elf_path):
e = ELF(elf_path, checksec=False)
lea_addr = e.entrypoint + 4
lea_off = u32(e.read(lea_addr + 3, 4), sign='signed')
target = lea_addr + 7 + lea_off
return e.read(target, 0x18)
def do_round(r):
r.recvuntil(b"ELF: ")
elf_b64 = r.recvline().strip()
elf_data = base64.b64decode(elf_b64)
with tempfile.NamedTemporaryFile(delete=False, suffix='.elf') as tmp:
tmp.write(elf_data)
tmp.flush()
loaded_value = get_loaded_value(tmp.name)
r.sendlineafter(b"Bytes? ", loaded_value.hex().encode())
def main():
r = get_process()
do_round(r)
with log.progress("Solving binaries") as p:
for i in range(1, 129):
do_round(r)
p.status(f"Solved {i} binaries")
r.interactive()
if __name__ == "__main__":
main()
Summary
The QuickScan Challenge on Hack The Box is an easy-level challenge focused on encryption reversal and file handling. The Python script uses Pwntools to interact with ELF files, decode base64 binaries, and extract values based on entrypoint offsets, solving multiple rounds by sending the correct values back to the server.
This post is licensed under CC BY 4.0 by the author.