TL;DR Walkthrough of the Python Basics room, part of the Pentest+ Pathway.
A full list of our TryHackMe walkthroughs and cheatsheets is here.
Background
As everyone knows, I’m a Windows Guy. Python really isn’t my thing, but more learning is always good. Hence we went through the Python Basics room that was added to the Pentest+ Pathway. I did the pathway after taking eJPT, but it is great eJPT prep along with the Junior Pentester Pathway.
I prefer PowerShell, so I show how to solve the questions using both. For the room’s purposes one copy/pastes the Python into the Attack Box and hits ‘Run Code’ to get the flag.
The PowerShell is just there for my own edification, practice, and because I like PowerShell.
For each question the Python is shown first, the PowerShell second, and the resulting flag last.
On an admin note, if I skipped a Task # it’s because all you have to do is hit ‘Completed’. There’s no answer needed.
— — Task 2 — -
On the code editor, print “Hello World”. What is the flag?
print(“Hello World”)Write-Host “Hello World”THM{PRINT_STATEMENTS}
— — Task 3 — -
In the code editor, print the result of 21 + 43. What is the flag?
print(21 + 43)21 + 43THM{ADDITI0N}
Print the result of 142–52. What is the flag?
print(142–52)142–52THM{SUBTRCT}
Print the result of 10 * 342. What is the flag?
print(10 * 342)10 * 342THM{MULTIPLICATION_PYTHON}
Print the result of 5 squared. What is the flag?
print(5**2)5 * 5THM{EXP0N3NT_POWER}
— — Task 4 — -
On another new line, print out the value of height. What is the flag that appears?
height = 200
height = height + 50
print(height)$height = 200
$height = $height + 50
$heightTHM{VARIABL3S}
— — Task 6 — -
Once you’ve written the application in the code editor’s shipping.py tab, a flag will appear, which is the answer to this question.
customer_basket_cost = 34
customer_basket_weight = 44
if customer_basket_cost > 100:
print("free shipping")
else:
shipping = 1.20 * customer_basket_weight
total = customer_basket_cost + shipping
print(total)$CustomerBasketCost = 34
$CustomerBasketWeight = 44
If($CustomerBasketCost -gt 100)
{Write-Host "Free shipping"}
Else
{
$ShippingCost = 1.2 * $CustomerBasketWeight
$TotalCost = $ShippingCost + $CustomerBasketCost
$TotalCost
}THM{IF_STATEMENT_SHOPPING}
In shipping.py, on line 12 (when using the Code Editor’s Hint), change the customer_basket_cost variable to 101 and re-run your code. You will get a flag (if the total cost is correct based on your code); the flag is the answer to this question.
customer_basket_cost = 101
customer_basket_weight = 44
if customer_basket_cost > 100:
print(customer_basket_cost)
else:
shipping = 1.20 * customer_basket_weight
total = customer_basket_cost + shipping
print(total)$CustomerBasketCost = 101
$CustomerBasketWeight = 44
If($CustomerBasketCost -gt 100)
{Write-Host "Free shipping"}
Else
{
$ShippingCost = 1.2 * $CustomerBasketWeight
$TotalCost = $ShippingCost + $CustomerBasketCost
$TotalCost
}THM{MY_FIRST_APP}
— — Task 7 — -
On the code editor, click back on the “script.py” tab and code a loop that outputs every number from 0 to 50.
for i in range(51):
print(i)
i = i + 1$i = 0
Do
{
$i
$i = $i + 1
}
While($i -le 50)THM{L00PS_WHILE_FOR}
— — Task 8 — -
Once you’ve written the bitcoinToUSD function, use it to calculate the value of your Bitcoin in USD, and then create an if statement to determine if the value falls below $30,000; if it does, output a message to alert you (via a print statement).
def bitcoinToUSD(bitcoin_amount, bitcoin_value_usd):
total = bitcoin_amount * bitcoin_value_usd
return total
flag = bitcoinToUSD(1.2,4000)
if(flag < 30000):
print("Alert!!!")
elif (total == 30,000):
print("It's worth 30k bro")
else:
print("It's worth more than 30k bro")Function Get-MyTotal($BitcoinAmount, $BitcoinToUSD)
{
$Total = $BitcoinAmount * $BitcoinToUSD
If($Total -lt 30000)
{Write-Host "Alert!"}
ElseIf($Total -eq 30000)
{Write-Host "It's worth 30k bro."}
Else
{Write-Host "It's worth more than 30k bro."}
}THM{BITC0IN_INVESTOR}
— — Task 9 — -
In the code editor, write Python code to read the flag.txt file. What is the flag in this file?
file = open("flag.txt", "r")
print(file.read())Get-Content “.\Flag.txt”THM{F1LE_R3AD}
Summary
JMHO, but I find PowerShell to be more intuitive. Take Task 9 for example, something as simple as reading a file. PowerShell happily supports ‘cat’ or ‘type’ as well as ‘Get-Content’ to open a text file. We can easily read the contents into a variable, we can cut and splice the text, etc.
I think PowerShell is intimidating to some because they are used to legacy cmd.exe commands, don’t realize that PowerShell will happily support those, and are scared off by people who post shorthand instead of the full commands, or base64 encode crap, or etc. One can really obfuscate PowerShell if they want to.
Here at test.local we don’t use shorthand. We don’t put ‘gci’ in a howto, we put ‘Get-ChildItem’, and note that PowerShell will happily accept ‘dir’ or ‘ls’ as well.
The only issue is that legacy commands will output strings instead of objects, which makes running further operations on the output problematic. IMHO PowerShell’s ability to query something, pipe the output through a bunch of filters, Where-Objects, etc etc … and then still show whatever attributes you want to see at the end is one of its biggest strengths. It returns objects, not strings.
Oh, another nice thing about PowerShell is that it’s not case sensitive and doesn’t care whether you tab or not in a loop’s code.
References
PowerShell functions with multiple paramaters: https://stackoverflow.com/questions/4988226/how-do-i-pass-multiple-parameters-into-a-function-in-powershell
