Using Python to Solve Computational Problems | Hackthebox Computational Recruiting Writeup

Introduction

HackTheBox Computational Recruiting challenge involves a typical cryptography and pattern analysis problem. The goal is to reverse-engineer or analyze a given computational process in order to extract a hidden flag.

HackTheBox Computational Recruiting | Challenge Description

Not too long ago, your cyborg detective friend John Love told you he heard some strange rumours from some folks in the Establishment that he’s searching into. They talked about the possible discovery of a new vault, vault 79, which might hold a big reserve of gold. Hearing of these news, youband your fellow compatriots slowly realized that with that gold reserver you could accomplish your dreams of reviving the currency of old times, and help modern civilization flourish once more. Looking at the potential location of the vault however, you begin to understand that this will be no easy task. Your team by itself is not enough. You will need some new recruitments. Now, standing in the center of Gigatron, talking and inspiring potential recruits, you have collected a big list of candidates based on skills you believe are needed for this quest. How can you decide however which ones are truly worthy of joining you?

Blue Team Cyber Security & SOC Analyst Study Notes

CISSP Study Notes

Methodology

Download any provided files and analyze the script or binary. This could be a Python script, C code, or even assembly instructions. You need to figure out what the program does with inputs. Typical operations to look for:

• String manipulations
• Mathematical transformations
• Encoding or encryption routines (e.g., base64, Caesar cipher, etc.)

Code Analysis

If it’s a compiled binary: Use tools like Ghidra, IDA Pro, or radare2 to disassemble and analyze the binary.

If it’s a script: Read through the code to understand the logic. Look for operations like shifts, bitwise operations, or loops that manipulate data.

Find where and how the input is transformed into the output.

Look for loops, recursive functions, or operations that involve mathematical constants.

Understand whether it’s an encryption scheme, a hash function, or simple string manipulations.

Once you’ve identified how the program transforms input, you can:

• Write a reverse algorithm if the process is reversible.
• If it uses encryption or hashing, analyze whether it’s crackable (for example, if it uses a weak cipher or predictable patterns).

Walkthrough

We have a file with various data, apparently related to individuals, showing their scores in different categories, each ranging from 1 to 10, similar to a game format.

============ ============== ======== ========= ========== =========== ======== ================= 
  First Name    Last Name     Health   Agility   Charisma   Knowledge   Energy   Resourcefulness  
 ============ ============== ======== ========= ========== =========== ======== ================= 
  Alis         Reeson              2         5          5           8        7                10  
  Gerri        Bielfelt            8         9          3           8        5                 9  
  Wolfie       Appleby             5         1          2           7        2                 1  
  Krishnah     Minker              1         7          7          10        6                 5

We’ll use a regex to extract all the values we need from the file, apply the formulas to calculate the scores, then sort the data by the highest scores. Finally, we’ll format the data according to the server’s requirements.

if __name__ == '__main__':
    pattern = r"^\s*([A-Za-z]+)\s+([A-Za-z]+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s*$"
    ip = '127.0.0.1'
    port = 1337
    io = remote(ip, port)
    pwn()

def potentials():
    candidate = []
    with open('data.txt', 'r') as f:
        lines = f.readlines()
        for line in lines:
            match = re.search(pattern, line)
            if match:
                candidate.append(match.groups())
    return candidate

Here are the operations applied to each candidate to calculate their overall score:

def calculate(candidate):
    data = []
    for candidate in potentials:
        first_name, last_name, h_skill, a_skill, c_skill, k_skill, e_skill, r_skill = candidate
        name = first_name + ' ' + last_name
        health          = round(6 * (int(h_skill) * 0.2))  + 10
        agility         = round(6 * (int(a_skill) * 0.3))  + 10
        charisma        = round(6 * (int(c_skill) * 0.1))  + 10
        knowledge       = round(6 * (int(k_skill) * 0.05)) + 10
        energy          = round(6 * (int(e_skill) * 0.05)) + 10
        resourcefulness = round(6 * (int(r_skill) * 0.3))  + 10
        value = round(5 * ((health * 0.18) + (agility * 0.20) + (charisma * 0.21) + (knowledge * 0.08) + (energy * 0.17) + (resourcefulness * 0.16)))
        data.append([name, value])
    return data

The players will be sorted by their values using a Python function. We’ll then select the top 14 players and begin adding them to our solution string.

def players(data):
    data = sorted(data, key=lambda l:l[1], reverse=True)
    out = ''
    for recruit in data[:13]:
        out += f'{recruit[0]} - {recruit[1]}, '
    out += f'{data[13][0]} - {data[13][1]}'
    return out

And then we can create the below function to retrieve the flag:

def flag(sol_str):
    io.recvuntil(b'> ')
    io.sendline(sol_str.encode())
    io.recvuntil(b'HTB{')
    return b'HTB{' + io.recvline().rstrip()

Tools and Techniques that can be used to solve the challenge

• GDB (GNU Debugger): If you need to step through a binary and observe its behavior.
• Ghidra/IDA Pro: For analyzing compiled binaries.
• CyberChef: A versatile tool for encoding, decoding, and analyzing transformations.
• Python: Write scripts to reverse the challenge logic or perform brute-force attacks if necessary.

You can also watch: