Post

HackTheBox Sekur Julius Writeup

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the Sekur Julius Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

Provided Output

output.txt

1

JRYPBZR0GB0UNPXGUROBB0GJBGUBHFNAQGJRAGLSBHE!0GUVF0VF0N0CEBBS0BS0PBAPRCG0GB0CEBIR0LBH0GUNG0GUR0PNRFNE0PVCURE0VF0VAFRPHER0AB0ZNGGRE0UBJ0ZNAL0GVZRF0LBH0NCCYL0VG.0GUR0FRPHEVGL0BS0N0GUBHFNAQ0QVFGVAPG0FUVSGF0VF0RIRAGHNYYL0GUR0FNZR0NF0GUNG0BS0N0FVATYR0FUVSG.0RABHTU0ZHZOYVAT,0GNXR0LBHE0SYNT0NAQ0RAWBL0GUR0ERFG0BS0GUR0PBAGRFG.0ZNXR0FHER0LBH0JENC0GUR0SBYYBJVAT0GRKG0JVGU0GUR0UGO0SYNT0SBEZNG0GURRSSRPGVIRXRLFCNPRBSPNRFNEQRCRAQFBAGURFVMRBSGURNYCUNORG.

Provided Script

source.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

from random import choices
import os

def julius_encrypt(msg, shift):
    ct = ''
    for p in msg:
        if p == ' ':
            ct += '0'
        elif not ord('A') <= ord(p) <= ord('Z'):
            ct += p
        else:
            o = ord(p) - 65
            ct += chr(65 + (o + shift) % 26)
    return ct

def encrypt(msg, key):
    for shift in key:
        msg = julius_encrypt(msg, shift)
    return msg

msg = open('secret.txt').read().upper()
secure_key = os.urandom(1337)

with open('output.txt', 'w') as f:
    f.write(encrypt(msg, secure_key))

Proof of Concept (PoC)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

def julius_decrypt(ct, shift):
    msg = ''
    for c in ct:
        if c == '0':
            msg += ' '
        elif not ord('A') <= ord(c) <= ord('Z'):
            msg += c
        else:
            o = ord(c) - 65
            msg += chr(65 + (o - shift) % 26)
    return msg

def test_all_shifts(encrypted_text):
    results = []
    for shift in range(26):
        decrypted = julius_decrypt(encrypted_text, shift)
        results.append((shift, decrypted))
    return results

def find_htb_flag(decrypted_text):
    parts = decrypted_text.split()
    flag_text = parts[-1]
    return f"HTB}"

encrypted = "JRYPBZR0GB0UNPXGUROBB0GJBGUBHFNAQGJRAGLSBHE!0GUVF0VF0N0CEBBS0BS0PBAPRCG0GB0CEBIR0LBH0GUNG0GUR0PNRFNE0PVCURE0VF0VAFRPHER0AB0ZNGGRE0UBJ0ZNAL0GVZRF0LBH0NCCYL0VG.0GUR0FRPHEVGL0BS0N0GUBHFNAQ0QVFGVAPG0FUVSGF0VF0RIRAGHNYYL0GUR0FNZR0NF0GUNG0BS0N0FVATYR0FUVSG.0RABHTU0ZHZOYVAT,0GNXR0LBHE0SYNT0NAQ0RAWBL0GUR0ERFG0BS0GUR0PBAGRFG.0ZNXR0FHER0LBH0JENC0GUR0SBYYBJVAT0GRKG0JVGU0GUR0UGO0SYNT0SBEZNG0GURRSSRPGVIRXRLFCNPRBSPNRFNEQRCRAQFBAGURFVMRBSGURNYCUNORG"

print("Attempting all possible shifts...")
all_decryptions = test_all_shifts(encrypted)

for shift, decrypted in all_decryptions:
    if " THE " in decrypted or " AND " in decrypted or " IS " in decrypted:
        print(f"\nShift {shift} (likely correct):")
        print("-" * 50)
        print(decrypted)
        print("\nPotential HTB flag:")
        print(find_htb_flag(decrypted))
        break

decrypted_text = julius_decrypt(encrypted, 13)
flag = find_htb_flag(decrypted_text)
print("\nFinal decrypted message:")
print(decrypted_text.replace("0", " "))
print("\nFinal HTB flag:")
print(flag)

Summary

Sekur Julius Challenge on Hack The Box demonstrates a classic Caesar cipher (shift cipher) encryption technique. In this challenge, the server encrypts a message using a random sequence of shifts applied repeatedly. The PoC script attempts to decrypt by testing all possible shifts and identifying readable English text patterns to locate the correct shift. Once identified, the decrypted text reveals the hidden flag. This challenge highlights Caesar cipher vulnerabilities and the ease of breaking such ciphers with basic brute-force techniques.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.