Hack The Box Gawk Writeup

Hack The Box Gawk Writeup

Gawk is an easy retired hardware challenge created by MrR3boot on Hack The Box. It is the first box in the Intro to Printer Exploitation track so I thought I would give it a go. The challenge description explains that the client has lost access to their computer. Furthermore, the client urgently needs a document that got stuck in their printer. They have asked whether we are able to recover the document. Hello world, welcome to Haxez where today I will attempt to hack Gawk.

Gawk Service Enumeration

First things first, I spawned the instance and connected to the Hack The Box VPN. I had absolutely no idea where to start. Unfortunately, at the time of writing, there weren’t any writeups for this challenge. I checked on the Academy for related material but came up short. I tried to Nmap the box and connect to the open port with NetCat but didn’t receive anything back. As a result, I headed to the forum where someone recommended looking for a Printer Exploit Framework.

After a quick Google search, I found PRET the Printer Exploitation Framework on GitHub. I’ve never used this tool before or attempted any printer exploitation. Therefore, my explanations and terminologies may be incorrect. I can only apologise in advance but we all have to start somewhere. I cloned the repository and read through the read me file. There were some requirements that I needed to install for Python 2.7 so I used pip2.7 to install them.

Next, I started playing with the tool. I ran the help argument to determine the correct syntax and after a few attempts, I was able to connect to the printer. I’m not sure yet whether the information that was printed back was correct but at least I was connected. Pret reported back that the printer was an HP LaserJet 4200.

python2.7 /opt/PRET/pret.py pjl
Gawk Enumeration

Printer Option Exploration

Once connected to the printer, I ran the help command to see what options were available. Stating the obvious but asking for help is always a good idea when you don’t know what to do. I’m not sure if it’s just me but pride (or something) can sometimes rule my emotions and decisions. If I feel like I should already know something then I will waste time going down rabbit holes trying to understand it. Eventually, I will find the answer but it would have been far quicker to have asked someone who already knows the answer.

Anyway, the help command reported back that I had a number of commands at my disposal. I ran the info command with the various sub-commands but didn’t learn much. After that, I listed the current working directory which reported back 0:/. Next, I used the ls command to see what was in the current working directory. As a result, I learned that there were 4 directories. Navigating through these directories I found the lost document in the 0:/saveDevice/SavedJobs/InProgress named HR_Policies.pdf. I checked the other directories but there were no other files.

Gawk PDF File

The Gawk Document

I thought I was done but I should have known better. Attempting to open the PDF document resulted in an error that it couldn’t be read. I used the head tool to show me the first few lines of the document and sure enough, it didn’t look like a PDF. Then, I ran the file tool on the HR_Policies.pdf document and learned that it was an ASCII text document. Fortunately, I used the cat tool to view the entire contents of the document. My logic was that I thought the flag could be hiding somewhere inside it. However, I noticed that the file ended with two equal symbols.

Immediately, I recognized it as base64 and used cat to pipe the base64 to base64 decode. Once decoded, I appended the output to a new file called hr. Finally, I ran Ghostscript against the new file, and to my delight, I received the flag. I submitted the flag to Hack The Box and completed the challenge.

cat HR_Policies.pdf | base64 -d > hrdoc
ghostscript hrdoc
Gawk Flag

Gawk Learnings

I looked at this challenge a few weeks ago but didn’t get anywhere with it. Whether I was tired or just not in the mood, I gave up but promised I would come back to it later. I’m glad I did as this was a fun easy challenge. To me, challenges and boxes tend to seem impossible when I first look at them. For some reason, I always assume that it requires some secret forbidden knowledge to complete it. I love learning to use new tools but the thought of learning new tools can sometimes make me anxious.

This challenge was a perfect example of why you should just dive in and get on with it. Once you have a rough idea of what to do, the rest is fairly trivial. Granted, I barely scratched the surface of the capabilities of the whole framework but I feel confident moving forward on to the next challenge. Thanks for this challenge, it was genuinely fun and reminded me that sometimes I should just get stuck in and give it ago.