From b25861ff3299b826d0e47f0aad7ea8b367d60d70 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 3 Sep 2024 17:18:53 +0200 Subject: [PATCH] misc/pw_crack_3 --- misc/pw_crack_3/level3.flag.txt.enc | 2 ++ misc/pw_crack_3/level3.hash.bin | 1 + misc/pw_crack_3/level3.py | 47 +++++++++++++++++++++++++++++ misc/pw_crack_3/output.txt | 9 ++++++ 4 files changed, 59 insertions(+) create mode 100644 misc/pw_crack_3/level3.flag.txt.enc create mode 100644 misc/pw_crack_3/level3.hash.bin create mode 100755 misc/pw_crack_3/level3.py create mode 100644 misc/pw_crack_3/output.txt diff --git a/misc/pw_crack_3/level3.flag.txt.enc b/misc/pw_crack_3/level3.flag.txt.enc new file mode 100644 index 0000000..ebbeb00 --- /dev/null +++ b/misc/pw_crack_3/level3.flag.txt.enc @@ -0,0 +1,2 @@ +B[ZZqfN_ ]mTU\U[UmS +X TD \ No newline at end of file diff --git a/misc/pw_crack_3/level3.hash.bin b/misc/pw_crack_3/level3.hash.bin new file mode 100644 index 0000000..795faf3 --- /dev/null +++ b/misc/pw_crack_3/level3.hash.bin @@ -0,0 +1 @@ +m`ÿ›TA 45´¯Ò& \ No newline at end of file diff --git a/misc/pw_crack_3/level3.py b/misc/pw_crack_3/level3.py new file mode 100755 index 0000000..50c5d2b --- /dev/null +++ b/misc/pw_crack_3/level3.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python3 + +import hashlib + +### THIS FUNCTION WILL NOT HELP YOU FIND THE FLAG --LT ######################## +def str_xor(secret, key): + #extend key to secret length + new_key = key + i = 0 + while len(new_key) < len(secret): + new_key = new_key + key[i] + i = (i + 1) % len(key) + return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)]) +############################################################################### + +flag_enc = open('level3.flag.txt.enc', 'rb').read() +correct_pw_hash = open('level3.hash.bin', 'rb').read() + + +def hash_pw(pw_str): + pw_bytes = bytearray() + pw_bytes.extend(pw_str.encode()) + m = hashlib.md5() + m.update(pw_bytes) + return m.digest() + + +def level_3_pw_check(): + user_pw = input("Please enter correct password for flag: ") + user_pw_hash = hash_pw(user_pw) + + if( user_pw_hash == correct_pw_hash ): + print("Welcome back... your flag, user:") + decryption = str_xor(flag_enc.decode(), user_pw) + print(decryption) + return + print("That password is incorrect") + + + +level_3_pw_check() + + +# The strings below are 7 possibilities for the correct password. +# (Only 1 is correct) +pos_pw_list = ["8799", "d3ab", "1ea2", "acaf", "2295", "a9de", "6f3d"] + diff --git a/misc/pw_crack_3/output.txt b/misc/pw_crack_3/output.txt new file mode 100644 index 0000000..69a287d --- /dev/null +++ b/misc/pw_crack_3/output.txt @@ -0,0 +1,9 @@ +$ for pw in 8799 d3ab 1ea2 acaf 2295 a9de 6f3d; do ./level3.py <<<"$pw"; done +Please enter correct password for flag: That password is incorrect +Please enter correct password for flag: That password is incorrect +Please enter correct password for flag: That password is incorrect +Please enter correct password for flag: That password is incorrect +Please enter correct password for flag: Welcome back... your flag, user: +picoCTF{m45h_fl1ng1ng_6f98a49f} +Please enter correct password for flag: That password is incorrect +Please enter correct password for flag: That password is incorrect