Post

HackTheBox alphascii clashing Challenge

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the alphascii clashing Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/851

Description

The Frontier Board’s grip on the stars relies on a digital relic thought to be flawless. But in the depths of the void, anomalies can ripple through even the most secure systems. Do you have what it takes to expose the cracks in their so-called perfection?

Exploitation

https://x.com/realhashbreaker/status/1770161965006008570

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

from pwn import *
import json

io = None
usr_1 = 'TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak'
usr_2 = 'TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak'

def get_flag():
    io.sendlineafter(b' :: ', json.dumps({'option': 'register'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'username': usr_1, 'password': 'password'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'option': 'register'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'username': usr_2, 'password': 'password'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'option': 'login'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'username': usr_2, 'password': 'password'}).encode())
    return io.recvline().decode().strip().split(' :: ')[-1]

def pwn():
    flag = get_flag()
    print(flag)

if __name__ == '__main__':
    if args.REMOTE:
        host_port = sys.argv[1].split(':')
        HOST = host_port[0]
        PORT = host_port[1]
        io = remote(HOST, PORT, level='error')
    else:
        import os
        os.chdir('../challenge')
        io = process(['python3', 'server.py'], level='error')

    pwn()

Summary

The alphascii clashing Challenge on Hack The Box is a very-easy-level challenge that introduces encryption reversal and file handling techniques, making it a perfect starting point for beginners in cybersecurity. The challenge presents a scenario where the protagonist needs to exploit vulnerabilities in a digital system, revealing cracks in its seemingly flawless security. By using Python and the pwn library, participants interact with the challenge’s system to manipulate login and registration processes, ultimately extracting the flag. This exercise helps beginners gain hands-on experience with basic exploitation techniques, JSON handling, and interacting with a vulnerable service.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.