For this post I will be walking through the Scripting room from tryhackme.com. The idea is to use Python to write some basic scripts in order to solve challenges in a CTF format. I have given a brief summary of each task and a quick outline of the steps I followed when writing the scripts, comments in the code its self will give a more detailed idea of exactly how it works.
The first task was quite straight forward. We are required to take a file that had been base64 encoded 50 time and reverse the process revealing the original string. Luckily Python has a base64 library ready for us to use so the steps we need are:
• Read the file into the msg variable
• Decode 50 times with a basic for loop
python3 Easy.py [Lab IP]For this challenge we were required to connect to a webpage on a given port, retrieve some instructions for a mathematical process, perform a calculation and move onto the next port until we reach port 9867.
• Attempt to connect to the server until the port is live.
• Once connected, request the data: operation, number, next port.
• Receive the data and assign it.
• Perform the operation.
• Move onto next port.
• Repeat this until we hit port 9867.
• Display answer.
python3 Medium.py [Lab IP]For the last challenge we had to send a request to a web server via UDP and were sent instructions on how to complete the task. We were sent an IV and a key that were to be used to decrypt an AES CGM cipher text. We were also given a hash for the correct answer and had to keep requesting ‘flags’ until we found the on that matched the given checksum.
• Connect to server via UDP to get the initial instructions.
• Connect again to receive the next set.
• Store key and iv (Hard coded for ease).
• Convert the checksum into a more usable/ readable format.
• Connect agin, and receive AES CGM cipher text and tags.
• Decrypt.
• Hash the plain text and compare it to the given checksum.
• Repeat this until a match is found.
python3 Hard.py [Lab IP]