PicoCTF - PW Crack 4

Challenge

Tags

Beginner picoMini 2022 / General skill / password cracking / hashing

Description

Can you crack the password to get the flag? Download the password checker here and you’ll need the encrypted flag and the hash in the same directory too.
There are 100 potential passwords with only 1 being correct. You can find these by examining the password checker script.

Writeup

Original level4.py script:

import hashlib

### THIS FUNCTION WILL NOT HELP YOU FIND THE FLAG --LT ########################
def str_xor(secret, key):
    #extend key to secret length
    new_key = key
    i = 0
    while len(new_key) < len(secret):
        new_key = new_key + key[i]
        i = (i + 1) % len(key)
    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
###############################################################################

flag_enc = open('level4.flag.txt.enc', 'rb').read()
correct_pw_hash = open('level4.hash.bin', 'rb').read()


def hash_pw(pw_str):
    pw_bytes = bytearray()
    pw_bytes.extend(pw_str.encode())
    m = hashlib.md5()
    m.update(pw_bytes)
    return m.digest()


def level_4_pw_check():
    user_pw = input("Please enter correct password for flag: ")
    user_pw_hash = hash_pw(user_pw)

    if( user_pw_hash == correct_pw_hash ):
        print("Welcome back... your flag, user:")
        decryption = str_xor(flag_enc.decode(), user_pw)
        print(decryption)
        return
    print("That password is incorrect")



level_4_pw_check()

# The strings below are 100 possibilities for the correct password. 
#   (Only 1 is correct)
pos_pw_list = ["6288", "6152", "4c7a", "b722", "9a6e", "6717", "4389", "1a28", "37ac", "de4f", "eb28", "351b", "3d58", "948b", "231b", "973a", "a087", "384a", "6d3c", "9065", "725c", "fd60", "4d4f", "6a60", "7213", "93e6", "8c54", "537d", "a1da", "c718", "9de8", "ebe3", "f1c5", "a0bf", "ccab", "4938", "8f97", "3327", "8029", "41f2", "a04f", "c7f9", "b453", "90a5", "25dc", "26b0", "cb42", "de89", "2451", "1dd3", "7f2c", "8919", "f3a9", "b88f", "eaa8", "776a", "6236", "98f5", "492b", "507d", "18e8", "cfb5", "76fd", "6017", "30de", "bbae", "354e", "4013", "3153", "e9cc", "cba9", "25ea", "c06c", "a166", "faf1", "2264", "2179", "cf30", "4b47", "3446", "b213", "88a3", "6253", "db88", "c38c", "a48c", "3e4f", "7208", "9dcb", "fc77", "e2cf", "8552", "f6f8", "7079", "42ef", "391e", "8a6d", "2154", "d964", "49ec"]

We can use for loop run iterate every element in pos_pw_list as password. Modify level_4_pw_check() function as below :

def level_4_pw_check(pw):
    user_pw = pw
    user_pw_hash = hash_pw(user_pw)
    
    if( user_pw_hash == correct_pw_hash ):
        print("Welcome back... your flag, user:")
        decryption = str_xor(flag_enc.decode(), user_pw)
        print(decryption)
        return
    print("That password is incorrect")

Delete line level_4_pw_check() and paste the following code at the end.

for pw in pos_pw_list:
    level_4_pw_check(pw)

Here’s flag: picoCTF{fl45h_5pr1ng1ng_ae0fb77c} ٩(^ᴗ^)۶

PicoCTF - PW Crack 1

Challenge

Tags

Beginner picoMini 2022 / General skill / password cracking

Description

Can you crack the password to get the flag?
Download the password checker here and you’ll need the encrypted flag in the same directory too.

Writeup

  1. Download files
     wget https://artifacts.picoctf.net/c/53/level1.py
     wget https://artifacts.picoctf.net/c/53/level1.flag.txt.enc
    
  2. Check python code
     vim level1.py
    
  3. The place surrounded by the red frame reveals that password is 8713
  4. python level1.py then input 8713 as password.
  5. Here’s flag: picoCTF{545h_r1ng1ng_1b2fd683} ٩(^ᴗ^)۶

PicoCTF - HashingJobApp

Challenge

Tags

Beginner picoMini 2022 / General skill / shell / python / nc / hashing

Description

If you want to hash with the best, beat this test!

nc saturn.picoctf.net 54555

Writeup

  1. Run command nc saturn.picoctf.net 54555
  2. Create a python script to transfer string to md5 hash
     import hashlib
     import sys
    
     def give_me_md5_hash(str):
       result = hashlib.md5((str).encode())
    
       # printing the equivalent hexadecimal value.
       print("The hexadecimal equivalent of hash is : ", end ="")
       print(result.hexdigest())
          
     give_me_md5_hash(sys.argv[1])
    

    Execute script in this way :

      python3 HashingJobApp.py "some string" 
      # The hexadecimal equivalent of hash is : 53a09ce3db9c4d42c862dc0e29d777e5
    
  3. It will ask you for md5 hash of string it give three times like below.
  4. Here’s flag: picoCTF{4ppl1c4710n_r3c31v3d_674c1de2} ٩(^ᴗ^)۶

PicoCTF - Glitch cat

Challenge

Tags

Beginner picoMini 2022 / General skill / shell / python / nc

Description

Our flag printing service has started glitching!

$ nc saturn.picoctf.net 65353

Writeup

  1. We can simply create a python file to transfer ascii code to char.
     flag_enc = chr(0x39) + chr(0x63) + chr(0x34) + chr(0x32) + chr(0x61) + chr(0x34) + chr(0x35) + chr(0x64) 
     print('picoCTF{gl17ch_m3_n07_'+ flag_enc + '}')
    
  2. Here ‘s flag: picoCTF{gl17ch_m3_n07_9c42a45d} ٩(^ᴗ^)۶

PicoCTF - fixme1.py

Challenge

Tags

Beginner picoMini 2022 / General skill / python

Description

Fix the syntax error in this Python script to print the flag.
Download Python script

Writeup

Remove whitespace at the beginning of the last line. Flag: picoCTF{1nd3nt1ty_cr1515_6a476c8f} ٩(^ᴗ^)۶