๐นSimple Encryptor
https://app.hackthebox.com/challenges/Simple%2520Encryptor
local_10 = *(long *)(in_FS_OFFSET + 0x28);
local_30 = fopen("flag","rb");
fseek(local_30,0,2);
local_28 = ftell(local_30);
fseek(local_30,0,0);
local_20 = malloc(local_28);
fread(local_20,local_28,1,local_30);
fclose(local_30);
tVar2 = time((time_t *)0x0);
local_40 = (uint)tVar2;
srand(local_40);
for (local_38 = 0; local_38 < (long)local_28; local_38 = local_38 + 1) {
iVar1 = rand();
*(byte *)((long)local_20 + local_38) = *(byte *)((long)local_20 + local_38) ^ (byte)iVar1;
local_3c = rand();
local_3c = local_3c & 7;
*(byte *)((long)local_20 + local_38) =
*(byte *)((long)local_20 + local_38) << (sbyte)local_3c |
*(byte *)((long)local_20 + local_38) >> 8 - (sbyte)local_3c;
}
local_18 = fopen("flag.enc","wb");โฐโ stat flag.enc โโฏ
File: flag.enc
Size: 32 Blocks: 0 IO Block: 512 regular file
Device: 0,179 Inode: 12666373952038248 Links: 1
Access: (0777/-rwxrwxrwx) Uid: ( 1000/ kali) Gid: ( 1000/ kali)
Access: 2024-10-05 01:14:37.623928000 +0200
Modify: 2022-07-19 13:14:48.000000000 +0200
Change: 2024-10-05 01:14:32.437619400 +0200
Birth: -#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(void) {
typedef unsigned char byte;
FILE *f;
size_t flagSize;
byte *flag;
unsigned int seed;
long i;
int rnd1, rnd2;
f = fopen("flag.enc", "rb");
// seek until the end of the file to get the size
fseek(f, 0, SEEK_END);
flagSize = ftell(f);
// seek to the beginning
fseek(f, 0, SEEK_SET);
// allocate memory of the flag
flag = malloc(flagSize);
fread(flag, 1, flagSize, f);
fclose(f);
// take seed from the first 4 bytes
int flagOffset = 4;
memcpy(&seed, flag, flagOffset);
srand(seed);
for(i = flagOffset; i < (long)flagSize; i++) {
rnd1 = rand();
rnd2 = rand();
rnd2 = rnd2 & 7;
flag[i] =
flag[i] >> rnd2 |
flag[i] << 8 - rnd2;
flag[i] = rnd1 ^ flag[i];
printf("%c", flag[i]);
}
}โฐโ gcc exploit.c -o exploit โโฏ
โฐโ ./exploit โโฏ
HTB{vRy_s1MplE_F1LE3nCryp0r}%Last updated