Djinn TryHackMe python Script development for port 1337

Hello guys back again with another article this time am going to be taking you guys a step to step wakthrough on creating a python script for djinn room from TryHackMe port 1337 exploit. I’ve done the room pretty recently and i decided not to do an entire walkthrough since there are plenty of walkthrough’s out there but what i noticed is that no walkthrough really explained how they went about creating the python script and that's why i decided to do the room some justice and create a proper article on how the script is created .The core of the script is understanding how sockets work in python the rest greatly varies depending on your understanding of python but I’ll be going into details how regular expression also work in python and i believe it will be a fun learning experience. Without much say let’s jump in

The script that i created looks something like below

And when we execute the script we get the following output

I think it looks really nice considering the colors that it comes with when we execute the script. The script that we’ll be creating will be pretty bare we just want to make sure that it gets the work done but it won’t have fancy features like colored output. If you want the script with fancy feature I’ll leave a link of my GitHub page where you can clone the repository and see how i did it.

First when we do a nmap scan the box we see that port 1337 (leet) is open

Let’s try to connect to the port with netcat.

Looking at the output we are asked to answer 1000 question and once we are done there are some goodies that will be given. Let’s try answering some few questions.

And as seen the questions just keep popping up after we answer them.

What if we just put a wrong answer maybe the application doesn’t check if the answers provided is wrong or right

Looking above we are now sure that there is some kind of validation going on meaning we can’t just input a wrong answer. Also the application just hangs and then disconnects

Now let’s start scripting

Now we need to import two libraries

1. sockets (will allow us to connect to ports)
2. re (will allow us to search for some pattern in a string)

Next let’s declare two variable

1. Host ------> Host we'll be connecting too
2. port ------> port we'll be connecting too

Next we’ll tell sockets to connect using an IPV4 address and also we’ll be using a TCP port and we’ll put this in a variable called client_socket as seen below. Don’t forget this variable because we’ll be using it a lot from here onward

next we are use that same variable called client_socket and tel it to connect to the IP address and port provided above

Next we know that we will have to answer the question 1000 times and because of this we’ll have to use the for loop in python which tells python to repeate a command 1000 time

This means that whatever code is below this for loop will be repeated 1000 times

Next we’ll use client_socket.recv which tells the python script to pull data from the port. we’ve put that command in a variable called banner

what .recv normally does is allows the application to send us some data in our case we have specified 1024 bytes of data

What print does is outputs the string or result of a variable to stdout. meaning we’ll be able to see the output

Now let’s save the code and then run the script then see what we see

And as seen above we just print the banner of port 1337.

Let’s receive another 1024 bytes in a variable called banner and print it’s results

Looking at the source code keenly you'll notice that I've two variables with the same name (banner) but the second variable has +=What this does is to concatenate both of the string making them one Let's demonstrate below using a python shell====================================================================
Python 2.7.18 (default, Apr 20 2020, 20:30:41)
[GCC 9.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> greeting = "hello how are "
>>> greeting += "you doing"
>>>
>>>
>>>
>>>
>>> print (greeting)
hello how are you doing
>>>

====================================================================
As you can see above we are able to concatenate the two strings and making them one

Saving the code again and running it again we get both the banner and the first question we are supposed to answer

Looking at the output we have our first calculation but the problem is how can we just extract the numbers and math operators from the entire output.

This is where re library becomes handy because we’ll search for it in that entire string and only get the problem we want to solve

re.search finds the pattern once in the string, documentation you provide and just outputs what's between those two patternIn our case we want the string between inside this bracket ---------> (our_calculation is inside it) since it contains the calculation we want to solvelike in our case the syntax we've used isproblem = re.search("\((.*?)\)\x0a>", banner).group(1)We've declared a new variable called problem and told re.search to search for that particular pattern and when it finds it, to show  us only the first matchThe reason I've put backslash is to escape the brackets since it's a special character  and also I've added hexadecimal character to the search pattern \x0a because looking at hexadecimal ouput we see that after the probem there is a '0a' followed by '>'I'll be using hexeditor to demonstarate

The source code is as you see below

Next we tell python to print what it finds after doing a search

Now lets save the code and try running it again

Sweet but still the problem has unwanted characters like commas(,) and single quotes (’) now let’s remove the using the syntax below

ex = re.sub("'", "", problem)
ex = re.sub(",", "", ex)
re.sub Returns the string obtained by replacing the leftmost non-overlapping occurrences of pattern in stringwhat it basically does is such for those characters in the string provided and replaces them with nothing (in our context and NOT all cases)

I implement as you can see below

After replacing those characters lets save the script and execute it again we get the exact calculation that we need to run as you see below

Boom we have the problem that we are required to solve . By passing this problem to eval it will be able to perform the evaluation and python will give us the answer

I’ve implemented the logic in the source code as seen below

Executing the script again after saving the source code prints the results as you can see below

Sweet now we need to send this result to the application using the socket that we created using the .send syntax

.send gets data from the python script and sends it to the application through the port provided

After sending the first answer we need to receive the next question using the same syntax as shown some few moments back but since we are running it in loop the code will just go back to the begining of the loop and execute the code again

This process will now happen for 1000 times fun right but we have finished our code !!!!! This code is enough to give us the gift we were told 😀

That was fun right ????

Now let’s save the script and execute it again

As you see above we are getting multiple questions one after another meaning that all went well and our script is working perfectly 😀

Now let’s add a little more spice that tells us which question we are tackling

The syntax i used is

After saving the script and executing it again we see below that it works

Now after the calculations are finished it will give us the gifts using the code below

Now lets execute the script and let it run to the end

And as seen below it works perfectly

All the writeups I’ve looked at have really complex code but it was as simple as I’ve shown you guys above hope you liked the article if so don’t forget to clap for me down below and follow me so that you won’t miss any upcoming articles

That’s it for now guys till next time take care

My GitHub link

Penetration Tester/Analytical Chemist who Loves Cybersecurity. GitHub(https://github.com/musyoka101), ExploitDB(https://www.exploit-db.com/?author=10517)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Reduce Cost and Increase Productivity with Value Added IT Services from buzinessware — {link} -

GOTV Organizing Technology: Mobile Commons

How to pass parameters Post Chat Page to Controller in Salesforce?

Day 32 | The Escape Button is a Feature

Exploiting Apache Tomcat manager-script role

Develop Container — Less Application with Spring Boot

Grib1 To Grib2 Converterlite

THE ADVANTAGES OF CRODO

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Musyoka Ian

Musyoka Ian

Penetration Tester/Analytical Chemist who Loves Cybersecurity. GitHub(https://github.com/musyoka101), ExploitDB(https://www.exploit-db.com/?author=10517)

More from Medium

UAF Writeup — Pwnable [Use after free]

Learn the basics of Penetration Testing: HTB: Ignition

PortSwigger Lab: Modifying serialized data types | WalkThrough