*Scripting (TryHackMe)

TryHackMe - Scripting Write-Up

This room covers basic scripting challenges including easy, medium and hard difficulty levels. I will be using Python with Sublime text editor.

  1. Easy

  2. Medium

  3. Hard

Easy

Plan

Thankfully I've been exposed to this process so it shouldn't be too difficult. We will need to

  • import the base64 library and all its contingencies

  • read the encoded file into the program and store into separate variable

  • create a for loop to run 50 times, using the decode function on the new variable and storing each instance of decoding into that same variable

  • close the file and print the contents

Code

#!/usr/bin/env python #use first installed version of python

from base64 import *

b64 = open("/home/***********/Documents/OSCP/python/b64.txt", "r")
b64r = b64.read()

for i in range(0,50):
	b64r = b64decode(b64r)

b64.close()
print(b64r)

Result

We can decode the string from utf-8 to get rid of the b ' ' which represents that we encoded it to utf-8 and it's now a bytes object.

Medium

We need to write a script that connects to the given webserver on the given port, do an arithmetic operation and move to the next port. We are told to begin at 0 and stop when we hit port 9765.

Plan

  • import socket, sys and time libraries

    • socket to open a connection to the webserver and send a GET request to receive the operation and number on each port

    • sys for general system methods

    • time for the HTTP reponse, each port is only open for 4 seconds

  • use an if loop under a try statement until the port reaches 9765

  • connect to the webserver on port 1337

  • send get request to fetch some server object (aka the operation type & arithmetic)

  • encode/process response (trim, replace, split)

  • perform arithmetic based on the array (0- operation, 1 - arithmetic type, 2- port)

    • the arithmetic bounces between random ports until it reaches end port

  • store the resulting number in a variable and keeping looping until the port equals 9765

Code

#!/usr/bin/env python
import sys 
import socket
import time

rhost=sys.argv[1]
rport = 1337 #gives hint to start at port 1337
num = 0 #instructs us to begin at 0

while 1: #while True, meaning until the port equals 9765, do these actions. infinite loop
	try:
		s = socket.socket() # opens socket
		s.connect((rhost,rport)) # connects socket to victim IP and port 1337 as the room hints at
		if (port == 9765): # continue arithmetic until the final port 9765 is reached
			break
		newPort = newPort # stores new port each loop
		request = "GET / HTTP/1.1\r\nHost:%s\r\n\r\n" % rhost #bare minimum HTTP GET request, must end in \r\n\r\n, %s is string operator to read the rhost IP
		s.send(request.encode()) #encode the request
		response = s.recv(4096) #s.recv to receive the resulting data. The 4096 is a buffer for the data, so that you receive the data in manageable chunks
		httpResponse = repr(response) #the string containing the representation of the value s.recv() assigned to response, returns s.recv() inside the string resulting in "stringResponse"
		httpTrim = httpResponse[167:] #???????????????????????????????????????????????????????
		httpTrim = httpTrim.replace('\'','')
		data = list(httpTrim.split(" "))
		port = int(data[2]) #port must be integer
		print('Operation: '+data[0]+', number: '+ data[1]+', next port: '+ data[2]) #this is an array of what the port shows, operation, number, next port
		if(port != newPort): # ensures that each port randomly selected is not repeated
			if(data[0] == 'add'):
				num += float(data[1]) # keeps running total of sum in floating data form to use decimals
			elif(data[0] == 'minus'): 
				num -= float(data[1]) # running total of difference
			elif(data[0] == 'multiply'):
				num *= float(data[1])
			elif(data[0] == 'divide'):
				num /= float(data[1])
		s.close() # close the socket connection
	except: 	  # if the port equals 9765 then no longer try
		s.close()
		pass	  # a placeholder when a statement is required syntactically, but no code needs to be executed

print(num)

.replace and .strip explanation

Result

Hard

todo***************************

Plan

Code

Result

PreviousHacking with PowershellNext*Intro to x86-64

Last updated