provocationofmind.com

CTF Challenge Write-Up: PW Crack for picoCTF

Written on

Hello everyone,

This Capture The Flag (CTF) challenge is quite simple and can be resolved with basic programming skills. Let's jump right into it!

Challenge Overview

Hints

  • Utilizing a for loop can speed up your operations significantly.
  • You won't need to reverse-engineer the str_xor function for this challenge.

Solution

Following the hints, we can bypass the str_xor function. Here's the code that has been provided:

flag_enc = open('level4.flag.txt.enc', 'rb').read() correct_pw_hash = open('level4.hash.bin', 'rb').read()

def hash_pw(pw_str):

pw_bytes = bytearray()

pw_bytes.extend(pw_str.encode())

m = hashlib.md5()

m.update(pw_bytes)

return m.digest()

def level_4_pw_check():

user_pw = input("Please enter correct password for flag: ")

user_pw_hash = hash_pw(user_pw)

if user_pw_hash == correct_pw_hash:

print("Welcome back... your flag, user:")

decryption = str_xor(flag_enc.decode(), user_pw)

print(decryption)

return

print("That password is incorrect")

level_4_pw_check()

# The following strings are 100 potential passwords. # Only one is correct. pos_pw_list = ["8c86", "7692", "a519", "3e61", "7dd6", "8919", "aaea", "f34b", "d9a2",

"39f7", "626b", "dc78", "2a98", "7a85", "cd15", "80fa", "8571", "2f8a",

"2ca6", "7e6b", "9c52", "7423", "a42c", "7da0", "95ab", "7de8", "6537",

"ba1e", "4fd4", "20a0", "8a28", "2801", "2c9a", "4eb1", "22a5", "c07b",

"1f39", "72bd", "97e9", "affc", "4e41", "d039", "5d30", "d13f", "c264",

"c8be", "2221", "37ea", "ca5f", "fa6b", "5ada", "607a", "e469", "5681",

"e0a4", "60aa", "d8f8", "8f35", "9474", "be73", "ef80", "ea43", "9f9e",

"77d7", "d766", "55a0", "dc2d", "a970", "df5d", "e747", "dc69", "cc89",

"e59a", "4f68", "14ff", "7928", "36b9", "eac6", "5c87", "da48", "5c1d",

"9f63", "8b30", "5534", "2434", "4a82", "d72c", "9b6b", "73c5", "1bcf",

"c739", "6c31", "e138", "9e77", "ace1", "2ede", "32e0", "3694", "fc92",

"a7e2"]

def level_4_pw_check():

for pw in pos_pw_list:

pw_hash = hash_pw(pw)

if pw_hash == correct_pw_hash:

decryption = str_xor(flag_enc.decode(), pw)

print(decryption)

level_4_pw_check()

Essentially, this script reads the encrypted flag file (level4.flag.txt.enc) and the hash of the correct password (level4.hash.bin). It then prompts the user to input a password and checks if it's the correct one. If it is, the script decrypts the flag and displays it. Quite straightforward, right?

However, with 100 possible passwords, manually testing each one could be a bit tedious :)

Let’s enhance the level_4_pw_check() function by incorporating a for loop to automate the password-checking process. We'll verify all the passwords until the correct one is found, and it will also return the flag!

def level_4_pw_check():

for pw in pos_pw_list:

pw_hash = hash_pw(pw)

if pw_hash == correct_pw_hash:

decryption = str_xor(flag_enc.decode(), pw)

print(decryption)

level_4_pw_check()

Complete Code

import hashlib

# This function will not help you find the flag --LT def str_xor(secret, key):

# Extend key to secret length

new_key = key

i = 0

while len(new_key) < len(secret):

new_key += key[i]

i = (i + 1) % len(key)

return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for secret_c, new_key_c in zip(secret, new_key)])

flag_enc = open('level4.flag.txt.enc', 'rb').read() correct_pw_hash = open('level4.hash.bin', 'rb').read()

def hash_pw(pw_str):

pw_bytes = bytearray()

pw_bytes.extend(pw_str.encode())

m = hashlib.md5()

m.update(pw_bytes)

return m.digest()

# The following strings are 100 potential passwords. # Only one is correct. pos_pw_list = ["8c86", "7692", "a519", "3e61", "7dd6", "8919", "aaea", "f34b", "d9a2",

"39f7", "626b", "dc78", "2a98", "7a85", "cd15", "80fa", "8571", "2f8a",

"2ca6", "7e6b", "9c52", "7423", "a42c", "7da0", "95ab", "7de8", "6537",

"ba1e", "4fd4", "20a0", "8a28", "2801", "2c9a", "4eb1", "22a5", "c07b",

"1f39", "72bd", "97e9", "affc", "4e41", "d039", "5d30", "d13f", "c264",

"c8be", "2221", "37ea", "ca5f", "fa6b", "5ada", "607a", "e469", "5681",

"e0a4", "60aa", "d8f8", "8f35", "9474", "be73", "ef80", "ea43", "9f9e",

"77d7", "d766", "55a0", "dc2d", "a970", "df5d", "e747", "dc69", "cc89",

"e59a", "4f68", "14ff", "7928", "36b9", "eac6", "5c87", "da48", "5c1d",

"9f63", "8b30", "5534", "2434", "4a82", "d72c", "9b6b", "73c5", "1bcf",

"c739", "6c31", "e138", "9e77", "ace1", "2ede", "32e0", "3694", "fc92",

"a7e2"]

def level_4_pw_check():

for pw in pos_pw_list:

pw_hash = hash_pw(pw)

if pw_hash == correct_pw_hash:

decryption = str_xor(flag_enc.decode(), pw)

print(decryption)

level_4_pw_check()

And there you have it! The flag is: picoCTF{fl45h_5pr1ng1ng_d770d48c}

Did you find this write-up useful? If so, please give it a thumbs up and follow for more content! Feel free to ask any questions or suggest CTF challenges for future articles.

Happy hacking!

Share the page:

Twitter Facebook Reddit LinkIn

-----------------------

Recent Post:

# Embrace the Crouton: A Call to Break Free from Food Norms

Let's challenge societal norms about croutons and enjoy them as snacks, freeing ourselves from outdated food expectations.

Exploring the Depths of the Tannhauser Gate

A journey through complex theories and personal reflections intertwined with life in a vibrant neighborhood.

The Silent Struggle of My Most Challenging Tech Interview

A recount of a challenging tech interview experience and reflections on growth.

Exploring the Rapid Evolution of Technology Over Time

A reflection on how technological advancements shape our lives, exploring both benefits and drawbacks.

# Microsoft's Strategic Move in the Metaverse: A New Era for Gaming

Microsoft's acquisition of Activision Blizzard marks a significant step in the metaverse, positioning it as a leading gaming company with a focus on inclusivity.

Inspiring Journey of Keith Urban: Sobriety and Resilience

Explore Keith Urban's inspiring journey to sobriety, his struggles with addiction, and the unwavering support of his wife, Nicole Kidman.

Finding Freedom: The Art of Letting Go Through Poetry

Explore the liberating power of poetry and the importance of letting go for self-improvement and inner peace.

A Culinary Journey Through Brooklyn's Pizza Culture

Join me as I explore Brooklyn's vibrant pizza scene, comparing my homemade creations with the city's iconic pizzerias.