https://app.hackthebox.com/challenges/357

Description

We found this ancient text inscribed on a stone tablet. We believe it describes the history and technology of a mighty but extinct civilization, but we can’t be certain as it’s written in a dead language. Can you use your specialist knowledge to uncover the truth, and recover their technology?

Exploitation

docker run -v "$PWD":/ctf -it python:2.7 bash -c "pip install uncompyle6 && uncompyle6 /ctf/chall.pyc > /ctf/chall.py"
cat chall.py

#!/usr/bin/env python2.7
import marshal, base64, dis

string = 'YwEAAAABAAAABQAAAEMAAABzNAAAAHQAAGoBAHQCAGoDAHQEAGQBAIMBAGoFAHwAAGoGAGQCAIMB\nAIMBAIMBAHQHAIMAAIMCAFMoAwAAAE50BAAAAHpsaWJ0BgAAAGJhc2U2NCgIAAAAdAUAAAB0eXBl\nc3QMAAAARnVuY3Rpb25UeXBldAcAAABtYXJzaGFsdAUAAABsb2Fkc3QKAAAAX19pbXBvcnRfX3QK\nAAAAZGVjb21wcmVzc3QGAAAAZGVjb2RldAcAAABnbG9iYWxzKAEAAAB0AQAAAHMoAAAAACgAAAAA\ncwcAAAA8c3RkaW4+dAoAAABsb2FkTGFtYmRhAQAAAHQAAAAA\n'
decoded = base64.b64decode(string)
code_obj = marshal.loads(decoded)
dis.dis(code_obj)

#!/usr/bin/env python2.7
import marshal, base64, dis, zlib

string = 'eJw10EtLw0AUBeAzTWLqo74bML8gSyFdiotm40rEZF+kRyVtCGKmqzar/nHvHBDmfty5c+fBrB2A\niUVuUVkMG4MOnIARGIMJeAKm4BQ8Bc9UsfwcvABn/5VL8Aq81tINeAveKb/Hd47R4WDDTp5j7hEm\nR4fsoS4yu+7Vh1e8yEYu5V7WciffZCl/5UpW8l162cuF3Mq1fJSUY5uYhTZFRvfZF+EvfOCnU89X\ngdATGFLjafBs+2e1fJShY4jDomvcH1q4K9U=\n'
decoded = base64.b64decode(string)
decompressed = zlib.decompress(decoded)
obj = marshal.loads(decompressed)
dis.dis(obj)

python2.7 poc | sed -n "s/.*LOAD_CONST.*('\(.\)').*/\1/p" | tr -d '\n'

Summary

Snakecode: reverse the validation logic, model the transform, and recover the accepted input.