Snake.py

Dear All,
I have reversed the script snake.py, I login and I receive the message: “good job” but when I submit the flag the system says it’s not correct.
Any idea on why?
Thanks to all
Garbo

Flag should be in the format: HTB{username:password}

(Curly brackets inclusive)

@garbo77 said:
Dear All,
I have reversed the script snake.py, I login and I receive the message: “good job” but when I submit the flag the system says it’s not correct.
Any idea on why?
Thanks to all
Garbo

It isn’t correct. There is another thread which explains but it also misleads terribly. It made this quirky challenge a lot harder than it is so I am loathe to send you there. You must take the program at its word. It isn’t really a troll or it is but… argh.

Anyway, you’re only half right so…

Spoiler Removed

I just solved this, after much head-scratching. But, I have to say that there IS a clear clue as to which of the variables contains the password. It is there in plain sight once you do the normal stuff to read it. You just need to understand how the logic of the code hides it from you.

https://www.hackthebox.eu/profile/42599

this challenge is a ■■■■ show. just try bunch of strings you can generate from the script. that’s it

Wow, i made it way more complicated than it was. And yeah, it was kinda bad. :frowning:

I enjoyed the reverse engineering part that took me all of 2 minutes (it is meant to be very easy ofc)

I didn’t enjoy spending like 2 hours, even enlisting the help of a friend, trying to figure out the flag format :S if you’re into puzzles in general you’ll like it but I didn’t learn anything related to cyber security from that part.

my hint: look at what you’ve figured out, and then look at how the snake’s chains are created. Don’t assume the code is complete or works!

@izzie said:

It isn’t correct. There is another thread which explains but it also misleads terribly. It made this quirky challenge a lot harder than it is so I am loathe to send you there. You must take the program at its word. It isn’t really a troll or it is but… argh.

Anyway, you’re only half right so…

heyy i stuck at the same problem can you help me or gve mea hint ?

@mrtnrdl said:
Wow, i made it way more complicated than it was. And yeah, it was kinda bad. :frowning:

Amen!

@CeltSec said:
my hint: look at what you’ve figured out, and then look at how the snake’s chains are created. Don’t assume the code is complete or works!

This is very true. :+1:

I got the good job. But what to do after that? any hints?

I just did this one. The way you get the username makes sense and the way you can get the password does as well, sort of. The removal of the last part makes no sense to me, and the fact that the code is “broken”. What is the point of that? The confirmation of the password done in the code is broken, and the append thing is just, uhm, what is the point? I don’t understand the challenge. It just seems silly to me. Some of the other challenges are “real life” like, not like this one. Am I the only one who feels like this? I am new to this whole reverse engineering and stego part of this.

Not a good reversal at all… was able to quickly determine what was useful code, and in the hours that followed I became quite competent in coming up with passwords that all return ‘Good Job’, but none of them were accepted.

There is no logical reason why you should enter that specific (part of the) password. I only took to the forums to see whether I was the only one not getting the expected result.

I thought I’d start with a simple one and work my way up from there, but this one is pretty frustrating, might make people lose interest…

I have the flag but I, like others cannot submit it because it says incorrect. I tried formatting it a few times but have gotten no results. Its a bit of a bummer to solve the challenge but not be able to submit it.

Took me a while to figure out the REAL password too. Here’s a hint:
Once you get the “first” password, it’ll be pretty long. Try to decode the arrays at top. Some of them are just trolls, but one of those trolls might tell you that a certain part of that password can be left out.

You’ve already done the hard part, this is the easy part. Good luck!

and of course, make sure you submit the key in the HTB{username:password} format.

So I’m new to HTB. I got the snake password within the first 10 minutes of reading the python script. The whole thing took me about 3 hours, because my dumb@$$ didn’t realize it needed to be in {}, I was using () for about 2 hours lol

Stuck ! I have them all de-coded. But what ever combination I use, i get “Try Harder”

Wont python knolage