HackTheBox Hunting License Challenge

2024-12-12[Updated: 2024-12-12]

https://app.hackthebox.com/challenges/485

Description

STOP! Adventurer, have you got an up to date relic hunting license? If you don’t, you’ll need to take the exam again before you’ll be allowed passage into the spacelanes!

Solutions

What is the file format of the executable?

elf

What is the CPU architecture of the executable?

x86-64

What library is used to read lines for user answers? (`ldd` may help)

libreadline.so.8

What is the address of the `main` function?

0x401172

How many calls to `puts` are there in `main`? (using a decompiler may help)

What is the first password?

PasswordNumeroUno

What is the reversed form of the second password?

0wTdr0wss4P

What is the real second password?

P4ssw0rdTw0

What is the XOR key used to encode the third password?

What is the third password?

ThirdAndFinal!!!

Summary

Hunting License: trace the binary, isolate the validation routine, and invert it to recover the flag.