TryHackMe-Scripting room

juba0x00 · Oct 8, 2022 · 1be09f9 · 1be09f9
1 parent dd06ea1
commit 1be09f9
Show file tree

Hide file tree

Showing 5 changed files with 128 additions and 0 deletions.
diff --git a/THM-rooms/Scripting-Room/50-decoder.py b/THM-rooms/Scripting-Room/50-decoder.py
@@ -0,0 +1,13 @@
+from base64 import b64decode
+
+text: str
+
+# read the file content
+with open('b64.txt', 'r') as file:  
+    text = file.readline()
+
+# Decode 50 times 
+for i in range(50):
+    text = b64decode(text)
+
+print(text.decode())
diff --git a/THM-rooms/Scripting-Room/Gotta-Catch-em-All.py b/THM-rooms/Scripting-Room/Gotta-Catch-em-All.py
@@ -0,0 +1,40 @@
+from requests import get
+result = ''
+next_port = 1337
+
+current_number = float(0)
+IP = "10.10.250.0"
+
+while True: # next_port != 9765 or result != 'STOP'
+    try:
+        result = get(f'http://{IP}:{str(next_port)}').text
+
+        if result == "STOP":
+            break
+
+        print(result)
+        # add 900 23456
+        args = result.split()
+        operation = args[0]
+        new_number = float(args[1])
+        next_port = args[2]
+
+        if next_port == 9765:
+            break
+
+        if operation == "add":
+            current_number += float(new_number)
+        elif operation == "minus":
+            current_number -= float(new_number)
+        elif operation == "multiply":
+            current_number *= float(new_number)
+        elif operation == "divide":
+            current_number /= float(new_number)
+        else: 
+            continue
+    except Exception as error:
+        pass
+
+
+
+print(current_number)
diff --git a/THM-rooms/Scripting-Room/README.md b/THM-rooms/Scripting-Room/README.md
@@ -0,0 +1,74 @@
+# Scripting Room 
+
+[Room Link](https://tryhackme.com/room/scripting)
+
+
+## Task 1 [Easy] Base64 
+[50-Decoder](50-decoder.py)
+
+
+> - This file has been base64 encoded 50 times - write a script to retrieve the flag. Here is the general process to do this:
+> 
+>   - read input from the file
+> 
+>   - use function to decode the file
+> 
+>   - do process in a loop
+> 
+> - Try do this in both Bash and Python!
+>
+```python
+from base64 import b64decode
+
+text: str
+
+# read the file content
+with open('b64.txt', 'r') as file:  
+    text = file.readline()
+
+# Decode 50 times 
+for i in range(50):
+    text = b64decode(text)
+
+print(text.decode())
+```
+
+
+> What is the final string?
+> HackBack2019=
+
+
+## Task 2 [Medium] Gotta Catch em All 
+[Gotta Catch em All](Gotta-Catch-em-All.py)
+> You need to write a script that connects to this webserver on the 
+correct port, do an operation on a number and then move onto the next 
+port. 0.
+> 
+> The format is: *operation, number, next port.*
+> 
+> For example the website might display, add 900 3212 which would be: add 900 and move onto port 3212.
+> 
+> Then if it was minus 212 3499, you'd minus 212 (from the previous number which was 900) and move onto the next port 3499
+> 
+> Do this until you the page response is STOP (or you hit port 9765).
+> 
+> Each
+ port is also only live for 4 seconds. After that it goes to the next 
+port. You might have to wait until port 1337 becomes live again...
+> 
+> Go to: http://<machines_ip>:3010 to start...
+> 
+> General Approach(it's best to do this using the sockets library in Python):
+> 1. Create a socket in Python using the [sockets](https://docs.python.org/3/howto/sockets.html) library
+> 2. Connect to the port
+> 
+> 3. Send an operation
+> 
+> 4. View response and continue
+>
+
+![Result](task2.png)
+
+> Once you have done all operations, what number do you get (rounded to 2 decimal places at the end of your calculation)?
+> 344769.12
+
diff --git a/THM-rooms/Scripting-Room/b64.txt b/THM-rooms/Scripting-Room/b64.txt
diff --git a/THM-rooms/Scripting-Room/task2.png b/THM-rooms/Scripting-Room/task2.png