misc/pw_crack_5

misc/pw_crack_5/level5.flag.txt.enc

@@ -0,0 +1 @@
+_&1#K
QPX:	
T^:V
QWV

misc/pw_crack_5/level5.hash.bin

@@ -0,0 +1 @@
+B8sYч╘╨и╤╖≤$";

misc/pw_crack_5/level5.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+
+import hashlib
+
+### THIS FUNCTION WILL NOT HELP YOU FIND THE FLAG --LT ########################
+def str_xor(secret, key):
+    #extend key to secret length
+    new_key = key
+    i = 0
+    while len(new_key) < len(secret):
+        new_key = new_key + key[i]
+        i = (i + 1) % len(key)
+    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
+###############################################################################
+
+flag_enc = open('level5.flag.txt.enc', 'rb').read()
+correct_pw_hash = open('level5.hash.bin', 'rb').read()
+
+
+def hash_pw(pw_str):
+    pw_bytes = bytearray()
+    pw_bytes.extend(pw_str.encode())
+    m = hashlib.md5()
+    m.update(pw_bytes)
+    return m.digest()
+
+
+def level_5_pw_check():
+    user_pw = input("Please enter correct password for flag: ")
+    user_pw_hash = hash_pw(user_pw)
+
+    if( user_pw_hash == correct_pw_hash ):
+        print("Welcome back... your flag, user:")
+        decryption = str_xor(flag_enc.decode(), user_pw)
+        print(decryption)
+        return
+    print("That password is incorrect")
+
+
+
+level_5_pw_check()
+

misc/pw_crack_5/output.txt

@@ -0,0 +1,19 @@
+...
+eed0
+eed1
+eed2
+eed3
+eed4
+eed5
+eed6
+eed7
+eed8
+eed9
+eeda
+eedb
+eedc
+eedd
+eede
+eedf
+eee0
+picoCTF{h45h_sl1ng1ng_fffcda23}

misc/pw_crack_5/solve.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+for pw in $(cat ./dictionary.txt); do
+	echo "$pw"
+	./level5.py <<<"$pw" | grep -o 'picoCTF{.*}' && exit 0
+done