HackTheBox IRCWare Challenge

2025-01-23[Updated: 2025-01-23]

https://app.hackthebox.com/challenges/212

Description

During a routine check on our servers we found this suspicious binary, although when analyzing it we couldn’t get it to do anything. We assume it’s dead malware, but maybe something interesting can still be extracted from it?

Exploitation

#!/usr/bin/env python3
from pwn import *

def main():
    try:
        l = listen(8000)
        print("Listening on port 8000...")
        conn = l.wait_for_connection()
        print("Got connection!")
        conn.settimeout(3)
        conn.sendline(b'NICK ircware_0411')
        conn.sendline(b'USER ircware 0 * :ircware')
        conn.sendline(b'JOIN #secret')
        conn.sendline(b'PRIVMSG #secret :@pass ASS3MBLY')
        conn.sendline(b'PRIVMSG #secret :@flag')
        while True:
            try:
                line = conn.recvline().decode()
                print(line, end='')
                if 'HTB{' in line:
                    break
            except:
                break
    except Exception as e:
        print(f"Error: {e}")
    finally:
        conn.close()

if __name__ == "__main__":
    main()

Run the PoC, and then execute ircware to connect to the local service.

Summary

IRCWare: reverse the validation logic, model the transform, and recover the accepted input.