Hello, cybersecurity enthusiasts! Today, I’m excited to share a step-by-step walkthrough of TryHackMe’s latest challenge, “W1seGuy.” This room requires a basic understanding of XOR encryption and some brute-forcing skills using Python and CyberChef. Let’s dive in!
Step 1: Understanding the Challenge
In this challenge, we’re given a Python script that sets up a server. The server sends an XOR-encoded flag to the client and asks for the encryption key. Our task is to reverse engineer this setup to capture the flags.
Step 2: Analyzing the Code
Here’s a snippet of the Python code provided:
import random
import socketserver
import socket, os
import string
flag = open('flag.txt','r').read().strip()
def send_message(server, message):
enc = message.encode()
server.send(enc)
def setup(server, key):
flag = 'THM{thisisafakeflag}'
xored = ""
for i in range(0,len(flag)):
xored += chr(ord(flag[i]) ^ ord(key[i%len(key)]))
hex_encoded = xored.encode().hex()
return hex_encoded
def start(server):
res = ''.join(random.choices(string.ascii_letters + string.digits, k=5))
key = str(res)
hex_encoded = setup(server, key)
send_message(server, "This XOR encoded text has flag 1: " + hex_encoded + "\n")
send_message(server,"What is the encryption key? ")
key_answer = server.recv(4096).decode().strip()
try:
if key_answer == key:
send_message(server, "Congrats! That is the correct key! Here is flag 2: " + flag + "\n")
server.close()
else:
send_message(server, 'Close but no cigar' + "\n")
server.close()
except:
send_message(server, "Something went wrong. Please try again. :)\n")
server.close()
class RequestHandler(socketserver.BaseRequestHandler):
def handle(self):
start(self.request)
if __name__ == '__main__':
socketserver.ThreadingTCPServer.allow_reuse_address = True
server = socketserver.ThreadingTCPServer(('0.0.0.0', 1337), RequestHandler)
server.serve_forever()Step 3: Decoding the XOR Encryption
Using CyberChef, we can reverse the XOR encryption to find the key. Here’s a quick summary of the process:
- Connect to the server using Netcat.
- Analyze the XOR-encoded text and derive the key.
- Use the key to decode the flag.
Step 4: Brute-Forcing with Python
To automate the decryption process, we use a Python script. The script attempts various keys and checks if they decode the text correctly.
Conclusion
This challenge was a fantastic exercise in cryptography and reverse engineering. For a detailed, step-by-step walkthrough, watch my YouTube video linked below.
If you found this blog helpful, please like, subscribe, and share my YouTube channel, Cracking the Code, for more insightful content on cybersecurity challenges. Happy hacking!
