This is my write up for Baby Encryption challenge in hackthebox. This challenge was fairly easy and just tested our our scripting skill and logical thinking. Initial analysis In this cryptography challenge we are provided with two files namely, chall.py and msg.enc. The content of these files are: chall.py import string from secret import MSG def encryption(msg): ct = [] for char in msg: ct.append((123 * char + 18) % 256) return bytes(ct) ct = encryption(MSG) f = open('.

This is my writeup for Hackthebox phonebook Web Challenge. Intially finding a way to exploit the website was quite hard, but once we find the vulnerability, the challenge is pretty straight forward and requires just basic bruteforcing. It also tests our scripting skill and all in all, the challenge is a satisfying one. Initial Analysis Visiting the ip address we are greeted with a login page and some information about a workstation user called Reese.

This is my writeup for Hackthebox Templated Web Challenge. The challenge is fairly straight forward and is an easier challenge. Initial Analysis Visiting the ip address provided, we are greeted with site still under construction page with powered by Flask/Jinja2 text at the bottom. img: Site still under construction. Upon investigation we discover that Flask is a python web framework while Jinja2 is the templating engine utilised. Since the name of the challenge also includes templated we can be fairly certain that it has to do something with Server Side Template Injection.

This is my writeup for misDIRection, which is a miscellaneous challenge in hackthebox. The challenge seems fairly simple and involves a zip file that contains directories and files in a specific order. Upon inspection, the files are empty and probably why the title of the challenge is misdirection. Steps for finding the flag Unzipping the file yields a directory with the name .secret, which is hidden in unix based systems.