Flow Control - Loops (Introduction to Bash Scripting)

Hi all,

I am at my wits end with this Question:

Create a “For” loop that encodes the variable “var” 28 times in “base64”. The number of characters in the 28th hash is the value that must be assigned to the “salt” variable.

No matter what I put, I always get a ‘bad decrypt’ back. My answer is:

for i in {1..28}

do

    var=$(echo $var | base64)
    
    if [[ $i == 28 ]]
    then
        salt=$(echo $var | wc -c)
    fi    
done
...

Does anyone have any insight to this. I have looked at StackOverFlow and on here, and there is nothing that insightful, apart from people saying that the questions is poorly worded, but thats to be expected with HTB at this point ha!! 

Any help or light anyone can shed on this, would be highly appreciated xx

$ var=1234
$ echo $var | wc -c
5
$ echo -n $var | wc -c
4
$ echo ${#var}
4

The echo $var writes the content of var and one \n. So wc -c returns not the number of characters in var.

You can use the -n option for output without \n or the bash length function.

I found that the ${#var} method worked the best for me, however I had to add +1 to the value for it to work…
Not sure why that is happening.

Good evening, did you manage to solve it?!
var=“9M”
hash=“VTJGc2RHVmtYMTl2ZnYyNTdUeERVRnBtQWVGNmFWWVUySG1wTXNmRi9rQT0K”
salt=“”

for i in {1…28}; do
var=$(echo $var | base64)
if [ $i -eq 28 ]; then
salt=${#var}
fi
done

echo “salt: $salt”

This is where I stand but I keep getting wrong results…

The command echo XYZ sends XYZ and a newline character to stdout. Therefore, echo $var sends the content of the variable var and a newline character to stdout. But you need only the content of the variable var base64 encoded.

var=“9M”
hash=“VTJGc2RHVmtYMTl2ZnYyNTdUeERVRnBtQWVGNmFWWVUySG1wTXNmRi9rQT0K”
salt=“”

for i in {1…28}; do
var=$(echo var | base64)
if [ $i -eq 28 ]; then
salt=$var
fi
done

echo “salt: $salt”

I get “salt: dmFyCg==” as result but it`s not the correct answer… Ive tried million things…

Are you sure this is code line is correct? You base64 encode the text “var” plus newline. You don’t use the variable named var and you add a newline.

Try using salt=${#var}.

I know what’s wrong there should be only two dots in
for loop like:
for i in {1…28}

and after ${#var} you have to add one to it

Hello.
I tried to solve this but i am having an error message. My code is below:
for count in {1…28}
do
var=$(echo $var | base64)
if [[ $count -eq 28 ]]
then
salt=$(echo -n $var | wc -m)
fi
done

And the error message i get is the following:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
40E74883607F0000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:…/providers/implementations/ciphers/ciphercommon_block.c:124:

I see that the -d flag is the one giving the issue but when i remove it the answer i get is not the correct one.

Check your echo statements.
See the difference if you use the -n option:

$ var=test echo $var | base64
dGVzdAo=
$ var=test echo -n $var | base64
dGVzdA==

Without the -n option the statement echo test generates the output test\n.
Here you need echo -n test to generate the output test.

Thanks. I have solved this already.

Hi All, I’m going to dredge this topic up again since I don’t see a reason to make another post on it. I’m just running the loop and then doing a word count. The last value on the screen is the salt when you run it, I just didn’t say “salt=” however, I did play around with different ways to compute length and to ensure that the loop terminated when I thought it would. I still can’t get the correct answer and I am hoping you can tell me what’s wrong with my code. Thanks!

–begin code–

!/bin/bash

var=“9M”

for i in {1…28}
do
var=$(echo $var | base64)

        echo ${#var}
        echo -n $var | wc -c 

done

nvmd, I read the question wrong…it doesn’t want the length of the salt as the answer to the question that rewards you for the 3 cubes, it wants whatever the program is spitting out already (e.g. the loop has to be put into the code above the exercise, not run in a vacuum). I’m pretty sure, with all the reasonably correct code on here and my observation most people will be on the right track.

I have resolved with this

# Variables
var="9M"
salt=""
hash="VTJGc2RHVmtYMTl2ZnYyNTdUeERVRnBtQWVGNmFWWVUySG1wTXNmRi9rQT0K"

# Base64 Encoding Example:
#        $ echo "Some Text" | base64

# <- For-Loop here
for i in {1..28}
do
var=$(echo $var | base64)
done
salt=$(echo $var | wc -c)
echo "Salt: $salt"

***** SPOILER *****

Hello,
Try the following script.
This way it’ll still show you a warning, but if you copy the last line, that’ll be your answer.

#!/bin/bash

# Decrypt function
function decrypt {
    MzSaas7k=$(echo $hash | sed 's/988sn1/83unasa/g')
    Mzns7293sk=$(echo $MzSaas7k | sed 's/4d298d/9999/g')
    MzSaas7k=$(echo $Mzns7293sk | sed 's/3i8dqos82/873h4d/g')
    Mzns7293sk=$(echo $MzSaas7k | sed 's/4n9Ls/20X/g')
    MzSaas7k=$(echo $Mzns7293sk | sed 's/912oijs01/i7gg/g')
    Mzns7293sk=$(echo $MzSaas7k | sed 's/k32jx0aa/n391s/g')
    MzSaas7k=$(echo $Mzns7293sk | sed 's/nI72n/YzF1/g')
    Mzns7293sk=$(echo $MzSaas7k | sed 's/82ns71n/2d49/g')
    MzSaas7k=$(echo $Mzns7293sk | sed 's/JGcms1a/zIm12/g')
    Mzns7293sk=$(echo $MzSaas7k | sed 's/MS9/4SIs/g')
    MzSaas7k=$(echo $Mzns7293sk | sed 's/Ymxj00Ims/Uso18/g')
    Mzns7293sk=$(echo $MzSaas7k | sed 's/sSi8Lm/Mit/g')
    MzSaas7k=$(echo $Mzns7293sk | sed 's/9su2n/43n92ka/g')
    Mzns7293sk=$(echo $MzSaas7k | sed 's/ggf3iunds/dn3i8/g')
    MzSaas7k=$(echo $Mzns7293sk | sed 's/uBz/TT0K/g')

    flag=$(echo $MzSaas7k | base64 -d | openssl enc -aes-128-cbc -a -d -salt -pass pass:$salt)
}

# Variables
var="9M"
salt=""
hash="VTJGc2RHVmtYMTl2ZnYyNTdUeERVRnBtQWVGNmFWWVUySG1wTXNmRi9rQT0K"

# Base64 Encoding Example:
#        $ echo "Some Text" | base64

for i in {1..28}

do

    var=$(echo $var | base64)
    
    if [[ $i == 28 ]]
    then
        salt=$(echo $var | wc -c)
    fi    
done

# Check if $salt is empty
if [[ ! -z "$salt" ]]
then
    decrypt
    echo $flag
else
    exit 1
fi

***** SPOILER *****