HackTheBox alphascii clashing Challenge

2025-02-13[Updated: 2025-02-13]

https://app.hackthebox.com/challenges/851

Description

The Frontier Board’s grip on the stars relies on a digital relic thought to be flawless. But in the depths of the void, anomalies can ripple through even the most secure systems. Do you have what it takes to expose the cracks in their so-called perfection?

Exploitation

https://x.com/realhashbreaker/status/1770161965006008570

from pwn import *
import json

io = None
usr_1 = 'TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak'
usr_2 = 'TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak'

def get_flag():
    io.sendlineafter(b' :: ', json.dumps({'option': 'register'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'username': usr_1, 'password': 'password'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'option': 'register'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'username': usr_2, 'password': 'password'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'option': 'login'}).encode())
    io.sendlineafter(b' :: ', json.dumps({'username': usr_2, 'password': 'password'}).encode())
    return io.recvline().decode().strip().split(' :: ')[-1]

def pwn():
    flag = get_flag()
    print(flag)

if __name__ == '__main__':
    if args.REMOTE:
        host_port = sys.argv[1].split(':')
        HOST = host_port[0]
        PORT = host_port[1]
        io = remote(HOST, PORT, level='error')
    else:
        import os
        os.chdir('../challenge')
        io = process(['python3', 'server.py'], level='error')

    pwn()

Summary

alphascii clashing: reduce the hash constraint to a small search, test candidates, and recover the flag.