I don’t know why but it’s not advisable to use “${#var}”, using other methods to obtain the length of $var it worked perfectly!!!
here is the solution if none of the advice did not work.
Make sure to delete “salt” in the #Variables tab. We will set the salt in the loop.
Variables
var=“9M”
hash=“VTJGc2RHVmtYMTl2ZnYyNTdUeERVRnBtQWVGNmFWWVUySG1wTXNmRi9rQT0K”
Base64 Encoding Example:
$ echo “Some Text” | base64
← For-Loop here
for ((i = 0 ; i < 28 ; i++)); do
echo “Try number $i”
var=$(echo $var | base64)
echo $var | wc -c
salt=$(echo $var | wc -c)
done
I`ve been stuck at this one for a while, I get many numbers but none are right…
To the question:
Create an “If-Else” condition in the “For”-Loop of the “Exercise Script” that
prints you the number of characters of the 35th generated value of the variable “var”.
Submit the number as the answer.
The amount you need to go up to might vary.
Some had 28 , I had 35 , when you read this yours may be different
Psudo code which worked for me:
for counter in {1 up to the amount you need to count}
do
print the counter for Diagnostics
var=$(echo $var | base64)
if the counter is equal to "the amount you need to count up to"
then
echo $var | wc -c
fi
done
echo $var | wc -c
will print a 4/5/6/n digit number which is your answer.
I was trying answers like “5” because it was a 5-digit number which was produced. That was wrong.
NOTE: Run this on the PWN box, not your local machine because the hashing engine may be different to the one which generates in the answer
Good luck !
For the question:
Create a “For” loop that encodes the variable “var” 28 times in “base64”.
the number of characters in the 28th hash is the value that must be assigned to the “salt” variable.
The thing that I overlooked which is important for your script is the point “The NUMBER OF CHARACTERS” in the 28th hash.
Your openssl
output should look something like the following, with the “HTB” followed by 8 digits being the flag.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
HTB********
Pseudocode for my for loop (the only part I really needed to change.)
for i in range 1 up tp 28
do
get the base64 value for var and assign it to a new version of var
if i is equal to 28
then
get the character count from the current value of var and assign that to salt
fi
done
Good luck
thanks
salt=$(( ${#var} + 1 ))
This made everything click for me.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
HTB********
I wish I had seen this post about 2 hours ago. I kept trying to enter the number of characters as the answer… arggg.
I used logic similar to the first task from the previous section:
# <- For-Loop here
for i in {1..28}
do
var=$(echo $var | base64)
if [ $i -eq 28 ]
then
salt=$(echo $var | wc -m)
fi
done