Day 14 - My First Hack The Box Challenge - "Evaluative"

Day 14: My First Hack The Box Challenge - "Evaluative"

To keep things fresh and test my skills in a new environment, today I decided to explore a different platform: Hack The Box (HTB). HTB is well-known in the cybersecurity community for its realistic and often very challenging machines and puzzles. I jumped into the cryptography category to see what they had to offer.

My first challenge was a problem named "Evaluative", which turned out to be less about classic code-breaking and more about efficient problem-solving and scripting.

---

Understanding the Challenge

The "Evaluative" Challenge on HTB

The task was clear but demanding. After connecting to the server with netcat, the service presents you with a series of rounds. In each round, it provides:

1. A list of nine integer coefficients (from a₀ to a₈).
2. A value for an integer, x.

My mission was to calculate the value of the polynomial P(x) = a₀ + a₁x + a₂x² + ... + a₈x⁸ and send the correct result back to the server to proceed to the next round. To get the flag, I had to do this successfully for 100 consecutive rounds, all within a tight time limit.

Doing this once by hand would be tedious; doing it 100 times is impossible. This is a classic test of automation and scripting skills.

Developing a Solution: From Direct to Efficient

My first instinct was to create a script that translates the mathematical formula directly into code. It's the most straightforward approach to ensure correctness before thinking about optimization.

The Direct Method

This is the first solver I wrote. It perfectly mirrors the structure of the polynomial equation.

# Read input from the service
coefficients = list(map(int, input().split()))
x = int(input())

# Initialize the result
result = 0

# Calculate the polynomial's value using a loop
# result = a₀*x⁰ + a₁*x¹ + ... + a₈*x⁸
for i in range(9):
    result += coefficients[i] * (x ** i)

# Print the result to be sent back to the service
print(result)

This script works by:

• Reading the line of space-separated coefficients and mapping them to a list of integers.
• Reading the second line for the integer value of x.
• Looping from i = 0 to 8, calculating each term coefficients[i] * (x ** i), and adding it to a running total.

While this method is correct and works for this challenge, it involves calculating powers (x ** i) in each iteration, which can be computationally intensive if the polynomial degree were much higher.

A More Efficient Approach: Horner's Method

For a more optimized solution, especially for high-degree polynomials, a better approach is Horner's Method. It's an efficient algorithm that restructures the polynomial to minimize the number of multiplications required.

Instead of a₀ + a₁x + a₂x² + ..., it evaluates the polynomial like this: a₀ + x(a₁ + x(a₂ + ...)). This reduces the number of multiplications significantly.

A Python implementation looks like this:

# An alternative solver using Horner's Method
coeffs = list(map(int, input().split()))
x = int(input())

# Start with the highest coefficient
result = coeffs[8] 
# Iterate backwards, multiplying by x and adding the next coefficient
for i in range(7, -1, -1):
    result = result * x + coeffs[i]

print(result)

For this challenge, the performance difference is negligible, but understanding Horner's Method is a valuable tool for any programmer's toolkit.

Automating the Interaction

With the calculation logic solved, the final piece of the puzzle was automating the interaction with the server for all 100 rounds. My script was designed to read from standard input, so I could pipe the server's output directly to it or automate the whole process with a library like pwntools (which I've used before). For each round, the flow is:

1. The server sends the coefficients.
2. The server sends the value of x.
3. My script reads these two inputs.
4. My script calculates and prints the result.
5. I send this result back to the server.

After successfully completing all 100 rounds, the server finally revealed the flag!

Flag: HTB{eV4LuaT1nG_p0LyN0M1aL5_f0R_7H3_w1N}

---

My first Hack The Box challenge was a success! It was a valuable lesson in how programming and automation are just as crucial as theoretical knowledge in cybersecurity. It's not always about breaking a complex cipher; sometimes, it's about building the right tool to solve the puzzle quickly and efficiently. This was a great experience, and I'm excited to see what other challenges HTB has in store.

#IDNBootCampCyber