htb hacker royale 2024

14 Mar 2024

Popped in for a few challenges, before Mid Terms. More details

---

1. Stop Drop and Roll (Misc)

from pwn import *

conn = remote('94.237.56.188', 47665)

conn.recvuntil(b'Are you ready? (y/n) ')
conn.sendline(b"y")

conn.recvuntil(b'Ok then! Let\'s go!\n')

while True:

   series = conn.recvline().decode('utf-8').strip()
   if "HTB" in series:
       print(series)
       break
   line = conn.recvuntil(b"What do you do? ")
   print(series)
   series = series.split(', ')
   res = ''
   for s in series:
       if s == 'GORGE':
           res += 'STOP-'
       elif s == 'FIRE':
           res += 'ROLL-'
       elif s == 'PHREAK':
           res += 'DROP-'

   res = res[:-1]


   print(res)
   conn.sendline(res.encode())

print("FLAG NOT FOUND")

---

2. Tutorial (Pwn)

We have an email file, with an online html file. Upon opening online html file, we see

document.write(unescape(
...

This is to “hide” HTML and/or javascript from other people who view your page’s source code”. We can use https://scriptasylum.com/tutorials/encode-decode.html to reverse it.

---

3. Urgent (Forensics)

We have to convert the javascript from escaped to unescaped.

---

4. Crypto Dynastic (Crypto)

def decrypt(c):
   m = ''
   for i in range(len(c)):
       ch = c[i]
       if not ch.isalpha():
           m += ch
       else:
           chi = to_identity_map(ch)
           m += from_identity_map(chi - i)
   return m