Djinn TryHackMe python Script development for port 1337
Hello guys back again with another article this time am going to be taking you guys a step to step wakthrough on creating a python script for djinn room from TryHackMe port 1337 exploit. I’ve done the room pretty recently and i decided not to do an entire walkthrough since there are plenty of walkthrough’s out there but what i noticed is that no walkthrough really explained how they went about creating the python script and that's why i decided to do the room some justice and create a proper article on how the script is created .The core of the script is understanding how sockets work in python the rest greatly varies depending on your understanding of python but I’ll be going into details how regular expression also work in python and i believe it will be a fun learning experience. Without much say let’s jump in
The script that i created looks something like below
And when we execute the script we get the following output
I think it looks really nice considering the colors that it comes with when we execute the script. The script that we’ll be creating will be pretty bare we just want to make sure that it gets the work done but it won’t have fancy features like colored output. If you want the script with fancy feature I’ll leave a link of my GitHub page where you can clone the repository and see how i did it.
First when we do a nmap scan the box we see that port 1337 (leet) is open
Let’s try to connect to the port with netcat.
Looking at the output we are asked to answer 1000 question and once we are done there are some goodies that will be given. Let’s try answering some few questions.
And as seen the questions just keep popping up after we answer them.
What if we just put a wrong answer maybe the application doesn’t check if the answers provided is wrong or right
Looking above we are now sure that there is some kind of validation going on meaning we can’t just input a wrong answer. Also the application just hangs and then disconnects
Now let’s start scripting
Now we need to import two libraries
1. sockets (will allow us to connect to ports)
2. re (will allow us to search for some pattern in a string)
Next let’s declare two variable
1. Host ------> Host we'll be connecting too
2. port ------> port we'll be connecting too
Next we’ll tell sockets to connect using an IPV4 address and also we’ll be using a TCP port and we’ll put this in a variable called client_socket as seen below. Don’t forget this variable because we’ll be using it a lot from here onward
next we are use that same variable called client_socket and tel it to connect to the IP address and port provided above
Next we know that we will have to answer the question 1000 times and because of this we’ll have to use the for loop in python which tells python to repeate a command 1000 time
This means that whatever code is below this for loop will be repeated 1000 times
Next we’ll use client_socket.recv which tells the python script to pull data from the port. we’ve put that command in a variable called banner
what .recv normally does is allows the application to send us some data in our case we have specified 1024 bytes of data
What print does is outputs the string or result of a variable to stdout. meaning we’ll be able to see the output
Now let’s save the code and then run the script then see what we see
And as seen above we just print the banner of port 1337.
Let’s receive another 1024 bytes in a variable called banner and print it’s results
Looking at the source code keenly you'll notice that I've two variables with the same name (banner) but the second variable has +=What this does is to concatenate both of the string making them one Let's demonstrate below using a python shell====================================================================
Python 2.7.18 (default, Apr 20 2020, 20:30:41)
[GCC 9.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> greeting = "hello how are "
>>> greeting += "you doing"
>>> print (greeting)
hello how are you doing
====================================================================As you can see above we are able to concatenate the two strings and making them one
Saving the code again and running it again we get both the banner and the first question we are supposed to answer
Looking at the output we have our first calculation but the problem is how can we just extract the numbers and math operators from the entire output.
This is where re library becomes handy because we’ll search for it in that entire string and only get the problem we want to solve
re.search finds the pattern once in the string, documentation you provide and just outputs what's between those two patternIn our case we want the string between inside this bracket ---------> (our_calculation is inside it) since it contains the calculation we want to solvelike in our case the syntax we've used isproblem = re.search("\((.*?)\)\x0a>", banner).group(1)We've declared a new variable called problem and told re.search to search for that particular pattern and when it finds it, to show us only the first matchThe reason I've put backslash is to escape the brackets since it's a special character and also I've added hexadecimal character to the search pattern \x0a because looking at hexadecimal ouput we see that after the probem there is a '0a' followed by '>'I'll be using hexeditor to demonstarate
The source code is as you see below
Next we tell python to print what it finds after doing a search
Now lets save the code and try running it again
Sweet but still the problem has unwanted characters like commas(,) and single quotes (’) now let’s remove the using the syntax below
ex = re.sub("'", "", problem)
ex = re.sub(",", "", ex)re.sub Returns the string obtained by replacing the leftmost non-overlapping occurrences of pattern in stringwhat it basically does is such for those characters in the string provided and replaces them with nothing (in our context and NOT all cases)
I implement as you can see below
After replacing those characters lets save the script and execute it again we get the exact calculation that we need to run as you see below
Boom we have the problem that we are required to solve . By passing this problem to eval it will be able to perform the evaluation and python will give us the answer
I’ve implemented the logic in the source code as seen below
Executing the script again after saving the source code prints the results as you can see below
Sweet now we need to send this result to the application using the socket that we created using the .send syntax
.send gets data from the python script and sends it to the application through the port provided
After sending the first answer we need to receive the next question using the same syntax as shown some few moments back but since we are running it in loop the code will just go back to the begining of the loop and execute the code again
This process will now happen for 1000 times fun right but we have finished our code !!!!! This code is enough to give us the gift we were told 😀
That was fun right ????
Now let’s save the script and execute it again
As you see above we are getting multiple questions one after another meaning that all went well and our script is working perfectly 😀
Now let’s add a little more spice that tells us which question we are tackling
The syntax i used is
After saving the script and executing it again we see below that it works
Now after the calculations are finished it will give us the gifts using the code below
Now lets execute the script and let it run to the end
And as seen below it works perfectly
All the writeups I’ve looked at have really complex code but it was as simple as I’ve shown you guys above hope you liked the article if so don’t forget to clap for me down below and follow me so that you won’t miss any upcoming articles
That’s it for now guys till next time take care