Post

HackTheBox Snakecode Challenge

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Snakecode Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/357

Description

We found this ancient text inscribed on a stone tablet. We believe it describes the history and technology of a mighty but extinct civilization, but we can’t be certain as it’s written in a dead language. Can you use your specialist knowledge to uncover the truth, and recover their technology?

Exploitation

1
2

docker run -v "$PWD":/ctf -it python:2.7 bash -c "pip install uncompyle6 && uncompyle6 /ctf/chall.pyc > /ctf/chall.py"
cat chall.py

1
2
3
4
5
6
7

#!/usr/bin/env python2.7
import marshal, base64, dis

string = 'YwEAAAABAAAABQAAAEMAAABzNAAAAHQAAGoBAHQCAGoDAHQEAGQBAIMBAGoFAHwAAGoGAGQCAIMB\nAIMBAIMBAHQHAIMAAIMCAFMoAwAAAE50BAAAAHpsaWJ0BgAAAGJhc2U2NCgIAAAAdAUAAAB0eXBl\nc3QMAAAARnVuY3Rpb25UeXBldAcAAABtYXJzaGFsdAUAAABsb2Fkc3QKAAAAX19pbXBvcnRfX3QK\nAAAAZGVjb21wcmVzc3QGAAAAZGVjb2RldAcAAABnbG9iYWxzKAEAAAB0AQAAAHMoAAAAACgAAAAA\ncwcAAAA8c3RkaW4+dAoAAABsb2FkTGFtYmRhAQAAAHQAAAAA\n'
decoded = base64.b64decode(string)
code_obj = marshal.loads(decoded)
dis.dis(code_obj)

1
2
3
4
5
6
7
8

#!/usr/bin/env python2.7
import marshal, base64, dis, zlib

string = 'eJw10EtLw0AUBeAzTWLqo74bML8gSyFdiotm40rEZF+kRyVtCGKmqzar/nHvHBDmfty5c+fBrB2A\niUVuUVkMG4MOnIARGIMJeAKm4BQ8Bc9UsfwcvABn/5VL8Aq81tINeAveKb/Hd47R4WDDTp5j7hEm\nR4fsoS4yu+7Vh1e8yEYu5V7WciffZCl/5UpW8l162cuF3Mq1fJSUY5uYhTZFRvfZF+EvfOCnU89X\ngdATGFLjafBs+2e1fJShY4jDomvcH1q4K9U=\n'
decoded = base64.b64decode(string)
decompressed = zlib.decompress(decoded)
obj = marshal.loads(decompressed)
dis.dis(obj)

1

python2.7 poc | sed -n "s/.*LOAD_CONST.*('\(.\)').*/\1/p" | tr -d '\n'

Summary

The Snakecode Challenge on Hack The Box is an easy-level reverse engineering puzzle that introduces participants to Python bytecode analysis and decompilation techniques. The challenge involves decoding and analyzing a base64-encoded, zlib-compressed, and marshaled Python bytecode object to uncover a hidden flag. By using tools like uncompyle6, marshal, base64, and zlib, participants can decompile and inspect the bytecode to extract the flag. This challenge serves as an excellent introduction to reverse engineering Python bytecode and understanding how code can be obfuscated and reconstructed, making it ideal for beginners in cybersecurity. It provides a practical and hands-on way to explore low-level Python execution and data manipulation.

challenge
htb challenge writeup linux rev
This post is licensed under CC BY 4.0 by the author.