DEV Community

Edoardo (chap)
Edoardo (chap)

Posted on • Edited on

Snake by Hack the box - My writeup

Disclaimer

If you're uncomfortable with spoilers stop reading now.

Challenge

While waiting for SwagShop's takedown in order to publish my writeup, I took a chance to solve a couple of challenges available on HackTheBox, starting from Snake.

Snake is a reversing challenge by 3XPL017, you can find it here.

After downloading and unzipping the archive with the password provided we're presented with a Python script named snake.py, we'll try and run it:

Script running

After assigning us a random number is asks for a username and a password, we'll dig into that by taking a look at the code.

Script code

We can notice that there are a lot of variables declared, the one which stands out is slither since it seems to be the one required in order to be properly identified when prompted for the username.

if user_input == slither:
    pass
Enter fullscreen mode Exit fullscreen mode

Therefore we can add:

print slither
Enter fullscreen mode Exit fullscreen mode

In order to print the variable slither, which is the needed username. The script part will look like this:

Script code

Once we run it we get:

Script code

Yes, anaconda makes sense and it is indeed the needed username.

Let's move on to the password, which is generated by this part of the script:

Script code

We can see that passes is compared to (chr(char))

Functions:

  • str() – returns a string
  • chr() – returns a character, after that takes in a parameter of a unicode digit

Variables:

  • char – one element in the array chars
  • chars – initialized as an empty array

The array chars contains:

chars = []
Enter fullscreen mode Exit fullscreen mode

And:

for key in keys:
    keys_encrypt = lock ^ key
    chars.append(keys_encrypt)
for chain in chains:
    chains_encrypt = chain + 0xA
    chars.append(chains_encrypt)
Enter fullscreen mode Exit fullscreen mode

There is also a break which terminates the loop even if a single character matches the user given input.

The simplest way to solve this is to print the characters before being asked for the password, we can do this by modifying the script:

Script code

And, if we run it we get:

Script code

The password is working, and due to the fact that keys contains the first 10 characters of the password, we can assume we need to enter them in order to properly solve the challenge.

The flag format is HTB{user:password}, so the proper way to enter it is HTB{anaconda:udvvrjwa$$}.

Solved!

Top comments (0)