TAMUctf 2018 WriteUp (hashbrown)
With this task there was a linux executable given and you had to look for a suitable password.
A first investigation using strings showed a possible password hash.
$ strings hashbrowns
...
[^_]
please enter the password
the password is 20 characters or less
af-023ravj09javjap0ejafpeaf
input string
after
8819d19069fae6b4bac183d1f16553abab16b54f
success!
invalid password
;*2$"
...
A look at the program code with radare2 showed that this string is actually used for a comparison.
With a bit of luck it is a password which can be cracked with a standard wordlist. And John could find it with the help of rockyou.txt within a few miliseconds.
$ john --wordlist=/opt/wordlists/rockyou.txt hash.txt
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
potatoes (?)
1g 0:00:00:00 DONE (2018-03-05 19:31) 9.090g/s 595781p/s 595781c/s 595781C/s 123456..ryanscott
Use the "--show" option to display all of the cracked passwords reliably
Session completed
After input on the website the field appeared in green.
As soon as I have a little more time, further writeups will follow.
Leave TAMUctf 2018 WriteUp (hashbrown) to:
Read more #ctf posts
Best Posts From darkstar-42
We have not curated any of darkstar-42's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From darkstar-42
- Hacky Easter 2019
- Cyber Security Rumble
- Check my latest fight ! lestrange vs darkstar-42
- CSCG19 Online Qualifikation: Der erste Monat die ersten Aufgaben
- Die CSCG19 Online Qualifikation startet in wenigen Tagen
- Hacky Easter 2018 endet in wenigen Tagen
- CSCG 2018 Online Qualifying - Der dritte Monat hat begonnen
- A peacock in Jever Castle Park / Ein Pfau im Schlosspark in Jever
- Erfahrungsbericht: Smartphone (Nexus 4) Reparatur (Akku wechsel)
- 📷 Color Challenge: Friday Sky Blue