Exatlon — HackTheBox

Description

The challenge provides a packed ELF binary exatlon_v1 that prompts for a password and validates it. The goal is to find the correct password, which is the flag.

Analysis

File Identification

$ file exatlon_v1
exatlon_v1: ELF 64-bit LSB executable, x86-64, statically linked, no section header

The file is a 64-bit ELF, statically linked, with no section headers — typical signs of a packed binary.

UPX Detection

$ strings exatlon_v1 | grep UPX
UPX!
$Info: This file is packed with the UPX executable packer $

The binary is packed with UPX — a standard packer for reducing executable file size.

Unpacking

$ upx -d exatlon_v1 -o exatlon_unpacked
                       Ultimate Packer for eXecutables
  File size         Ratio      Format      Name
  ----------   ------   -----------   -----------
  2202568 <-    709524   32.21%   linux/amd64   exatlon_unpacked

Unpacked 1 file.

Size increased from ~710 KB to ~2.2 MB — typical ratio for UPX.

String Analysis of Unpacked Binary

$ strings exatlon_unpacked | grep -i "exatlon\|password\|enter"
exatlon.cpp
[+] Enter Exatlon Password  :

The binary is written in C++ (source exatlon.cpp), prompts for "Exatlon Password".

Encoded Password Discovery

Among the strings, a suspicious sequence of space-separated numbers was found:

1152 1344 1056 1968 1728 816 1648 784 1584 816 1728 1520 1840 1664 784 1632 1856 1520 1728 816 1632 1856 1520 784 1760 1840 1824 816 1584 1856 784 1776 1760 528 528 2000

These are 35 numbers — exactly the number of characters in a flag with format HTB{...}.

Encoding Algorithm Identification

...