Post

HackTheBox Secured Transfer Challenge

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Secured Transfer Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/425

Description

Ghosts have been sending messages to each other through the aether, but we can’t understand a word of it! Can you understand their riddles?

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

#!/usr/bin/env python3
from Crypto.Cipher import AES
from scapy.all import *
import binascii

def decrypt_data(encrypted_data):
    key = b"supersecretkeyusedforencryption!"
    iv = b"someinitialvalue"
    cipher = AES.new(key, AES.MODE_CBC, iv)
    decrypted = cipher.decrypt(encrypted_data)
    return decrypted

def reconstruct_tcp_stream(pcap_file):
    streams = {}
    packets = rdpcap(pcap_file)
    for packet in packets:
        if TCP in packet and Raw in packet:
            if packet[TCP].dport == 1337:
                stream_id = f"{packet[IP].src}:{packet[TCP].sport}->{packet[IP].dst}:{packet[TCP].dport}"
            elif packet[TCP].sport == 1337:
                stream_id = f"{packet[IP].dst}:{packet[TCP].dport}->{packet[IP].src}:{packet[TCP].sport}"
            else:
                continue
            if stream_id not in streams:
                streams[stream_id] = b""
            streams[stream_id] += raw(packet[Raw])
    return streams

def process_stream(stream_data):
    try:
        if len(stream_data) < 8:
            return None
        length = int.from_bytes(stream_data[:8], 'little')
        if length > 0x1000 or length < 0xF:
            return None
        encrypted = stream_data[8:8+length]
        if len(encrypted) != length:
            return None
        decrypted = decrypt_data(encrypted)
        return decrypted
    except Exception as e:
        print(f"Error processing stream: {e}")
        return None

def main(pcap_file):
    print(f"[+] Reading {pcap_file}")
    streams = reconstruct_tcp_stream(pcap_file)
    print(f"[+] Found {len(streams)} TCP streams")
    for stream_id, stream_data in streams.items():
        print(f"[+] Processing stream: {stream_id}")
        decrypted = process_stream(stream_data)
        print(decrypted.decode('utf-8').strip())

if __name__ == "__main__":
    main("./trace.pcap")

Summary

The Secured Transfer Challenge on Hack The Box is an easy-level reverse engineering puzzle that introduces network traffic analysis and AES decryption. Participants analyze a PCAP file to reconstruct a TCP stream, extract encrypted data, and decrypt it using a fixed AES key and IV. By leveraging tools like Scapy and the Crypto library, the challenge demonstrates how to reverse-engineer encrypted communications and uncover hidden messages. Ideal for beginners, it provides hands-on experience with network forensics and cryptographic analysis, offering a practical introduction to encryption reversal and data extraction.

challenge
htb challenge writeup linux rev
This post is licensed under CC BY 4.0 by the author.