INTRODUCTION TO BASH SCRIPTING - Hack the box academy

thekjango · January 17, 2023, 9:07pm

I don’t know why but it’s not advisable to use “${#var}”, using other methods to obtain the length of $var it worked perfectly!!!

KZ_RA · February 1, 2023, 8:54am

here is the solution if none of the advice did not work.
Make sure to delete “salt” in the #Variables tab. We will set the salt in the loop.

Variables

var=“9M”
hash=“VTJGc2RHVmtYMTl2ZnYyNTdUeERVRnBtQWVGNmFWWVUySG1wTXNmRi9rQT0K”

Base64 Encoding Example:

$ echo “Some Text” | base64

← For-Loop here

for ((i = 0 ; i < 28 ; i++)); do
echo “Try number $i”
var=$(echo $var | base64)
echo $var | wc -c
salt=$(echo $var | wc -c)

done

cmarrod · February 25, 2023, 9:17pm

I`ve been stuck at this one for a while, I get many numbers but none are right…

BaronSamedii · March 11, 2023, 3:30pm

To the question:

Create an “If-Else” condition in the “For”-Loop of the “Exercise Script” that
prints you the number of characters of the 35th generated value of the variable “var”.
Submit the number as the answer.

The amount you need to go up to might vary.
Some had 28 , I had 35 , when you read this yours may be different

Psudo code which worked for me:

for counter in {1 up to the amount you need to count}
do
        print the counter for Diagnostics
        var=$(echo $var | base64)
        if the counter is equal to "the amount you need to count up to"
            then
            echo $var | wc -c
        fi
done

echo $var | wc -c will print a 4/5/6/n digit number which is your answer.

I was trying answers like “5” because it was a 5-digit number which was produced. That was wrong.

NOTE: Run this on the PWN box, not your local machine because the hashing engine may be different to the one which generates in the answer

Good luck !

BaronSamedii · March 13, 2023, 10:19am

For the question:

Create a “For” loop that encodes the variable “var” 28 times in “base64”.
the number of characters in the 28th hash is the value that must be assigned to the “salt” variable.

The thing that I overlooked which is important for your script is the point “The NUMBER OF CHARACTERS” in the 28th hash.

Your openssl output should look something like the following, with the “HTB” followed by 8 digits being the flag.

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
HTB********

Pseudocode for my for loop (the only part I really needed to change.)

for i in range 1 up tp 28
do
  get the base64 value for var and assign it to a new version of var
	if i is equal to 28
	then
	get the character count from the current value of var and assign that to salt
	fi
done

Good luck

evrohachik · May 2, 2023, 1:55pm

thanks

Crackf0x · June 27, 2023, 3:48pm

salt=$(( ${#var} + 1 ))

This made everything click for me.

Ytzman · January 22, 2024, 12:12am

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
HTB********

I wish I had seen this post about 2 hours ago. I kept trying to enter the number of characters as the answer… arggg.

dturovskiy · February 17, 2024, 9:45pm

I used logic similar to the first task from the previous section:

# <- For-Loop here
for i in {1..28}
do
    var=$(echo $var | base64)

    if [ $i -eq 28 ]
then
salt=$(echo $var | wc -m)
fi
done