HackTheBox A Nightmare On Math Street Challenge
Explore the basics of cybersecurity in the A Nightmare On Math Street Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/445
Description
Whatever you do, don’t fall asleep… In dream land, math works a little differently. A quiz is coming up. If you fail in your sleep, you fail in real life!
Exploitation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/usr/bin/env python3
from pwn import log, remote, sys
def main():
if len(sys.argv) != 2:
log.error(f'Usage: python3 {sys.argv[0]} <ip:port>')
host, port = sys.argv[1].split(':')
r = remote(host, int(port))
prog = log.progress('Round')
for i in range(500):
r.recvuntil(b']: ')
operation = r.recvline()[:-5].decode()
result = eval('(' + operation.replace(' * ', ') * (') + ')')
r.sendlineafter(b'> ', str(result).encode())
prog.status(f'{i + 1} / 500')
prog.success(f'500 / 500')
log.success(r.recvline().decode().strip())
if __name__ == '__main__':
main()
Summary
The A Nightmare On Math Street challenge on Hack The Box is an easy misc challenge involving dynamic arithmetic evaluation under input obfuscation. Participants automate solutions to 500 math questions with altered operator precedence by parsing and safely evaluating expressions. The challenge highlights the dangers of unsafe input handling and underscores the risks of using functions like eval() without strict validation.