Post

HackTheBox RLotto Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the RLotto Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/227

Description

Are you ready to win lottery? Guess the Random Lotto Numbers. It’s TIME you become a millionaire.

Exploitation

Connect with nc and run the poc wiht the extraction numbers as arg

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

#!/usr/bin/env python3
from pwn import *
import time,random,sys

def predict(x):
    seed = int(time.time())
    log.info(f"Target numbers: {x}")
    log.info(f"Current seed: {seed}")
    for i in range(seed-600,seed+600,1):
        random.seed(i)
        extracted = []
        next_five = []
        while len(extracted) < 5:
            r = random.randint(1,90)
            if r not in extracted:
                extracted.append(r)
        if sorted(extracted) == sorted(x):
            while len(next_five) < 5:
                r = random.randint(1,90)
                if r not in next_five:
                    next_five.append(r)
            log.success(f"Found matching seed: {i}")
            log.success(f"Next numbers: {next_five}")
            return next_five
    return None

if __name__ == "__main__":
    context.log_level = 'info'
    if len(sys.argv) != 6:
        print(f"Usage: {sys.argv[0]} num1 num2 num3 num4 num5")
        sys.exit(1)
    target = [int(n) for n in sys.argv[1:6]]
    predict(target)

Summary

The RLotto Challenge on Hack The Box is an easy-level task that focuses on exploiting a predictable random number generator (RNG) in a lottery simulation. The goal is to predict the next set of lottery numbers based on previously extracted numbers. The Python script leverages the fact that the RNG is seeded with the current time, allowing it to brute-force possible seeds and predict future numbers. By analyzing the extracted numbers and testing seeds within a reasonable time range, the script successfully identifies the correct seed and predicts the next lottery numbers. This challenge highlights the importance of secure RNG implementation and demonstrates how predictable systems can be exploited. It’s a great introductory exercise for understanding cryptographic vulnerabilities and RNG weaknesses.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.