https://app.hackthebox.com/challenges/225

Description

Plutonium Labs is a private laboratory experimenting with plutonium products. A huge sale is going to take place and our intelligence agency is interested in learning more about it. We have managed to intercept the traffic of their mail server. Can you find anything interesting?

Exploitation

#!/usr/bin/env python3

def hex_to_bytes(hex_str): return bytes.fromhex(hex_str)
def xor_bytes(data1, data2): return bytes(a ^ b for a, b in zip(data1, data2))

def main():
    msg1 = "6b65813f4fe991efe2042f79988a3b2f2559d358e55f2fa373e53b1965b5bb2b175cf039"
    msg2 = "fd034c32294bfa6ab44a28892e75c4f24d8e71b41cfb9a81a634b90e6238443a813a3d34"
    msg3 = "de328f76159108f7653a5883decb8dec06b0fd9bc8d0dd7dade1f04836b8a07da20bfe70"
    data1, data2, data3 = hex_to_bytes(msg1), hex_to_bytes(msg2), hex_to_bytes(msg3)
    flag = xor_bytes(xor_bytes(data1, data2), data3).decode('utf-8')
    print(flag)

if __name__ == '__main__':
    main()

Summary

Nuclear Sale: model the crypto leak, recover the missing secret, and decrypt the flag.