Disclaimer
If you're uncomfortable with spoilers stop reading now.
Challenge
While waiting for SwagShop's takedown in order to publish my writeup, I took a chance to solve a couple of challenges available on HackTheBox, starting from Snake.
Snake is a reversing challenge by 3XPL017, you can find it here.
After downloading and unzipping the archive with the password provided we're presented with a Python script named snake.py, we'll try and run it:
After assigning us a random number is asks for a username and a password, we'll dig into that by taking a look at the code.
We can notice that there are a lot of variables declared, the one which stands out is slither since it seems to be the one required in order to be properly identified when prompted for the username.
if user_input == slither:
pass
Therefore we can add:
print slither
In order to print the variable slither, which is the needed username. The script part will look like this:
Once we run it we get:
Yes, anaconda makes sense and it is indeed the needed username.
Let's move on to the password, which is generated by this part of the script:
We can see that passes is compared to (chr(char))
Functions:
- str() – returns a string
- chr() – returns a character, after that takes in a parameter of a unicode digit
Variables:
- char – one element in the array chars
- chars – initialized as an empty array
The array chars contains:
chars = []
And:
for key in keys:
keys_encrypt = lock ^ key
chars.append(keys_encrypt)
for chain in chains:
chains_encrypt = chain + 0xA
chars.append(chains_encrypt)
There is also a break which terminates the loop even if a single character matches the user given input.
The simplest way to solve this is to print the characters before being asked for the password, we can do this by modifying the script:
And, if we run it we get:
The password is working, and due to the fact that keys contains the first 10 characters of the password, we can assume we need to enter them in order to properly solve the challenge.
The flag format is HTB{user:password}, so the proper way to enter it is HTB{anaconda:udvvrjwa$$}.
Solved!
Top comments (0)