TAMUctf 2018 WriteUp (hashbrown)

in #ctf2 years ago (edited)

With this task there was a linux executable given and you had to look for a suitable password.

A first investigation using strings showed a possible password hash.

$ strings hashbrowns
...
[^_]
 please enter the password 
 the password is 20 characters or less 
 af-023ravj09javjap0ejafpeaf
input string 
after 
8819d19069fae6b4bac183d1f16553abab16b54f
success!
invalid password
;*2$"
...



A look at the program code with radare2 showed that this string is actually used for a comparison.

hashbrowns.png

With a bit of luck it is a password which can be cracked with a standard wordlist. And John could find it with the help of rockyou.txt within a few miliseconds.

$ john --wordlist=/opt/wordlists/rockyou.txt hash.txt
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
potatoes         (?)
1g 0:00:00:00 DONE (2018-03-05 19:31) 9.090g/s 595781p/s 595781c/s 595781C/s 123456..ryanscott
Use the "--show" option to display all of the cracked passwords reliably
Session completed



After input on the website the field appeared in green.

As soon as I have a little more time, further writeups will follow.