TAMUctf 2018 WriteUp (hashbrown)

in #ctf6 years ago (edited)

With this task there was a linux executable given and you had to look for a suitable password.

A first investigation using strings showed a possible password hash.

$ strings hashbrowns
...
[^_]
 please enter the password 
 the password is 20 characters or less 
 af-023ravj09javjap0ejafpeaf
input string 
after 
8819d19069fae6b4bac183d1f16553abab16b54f
success!
invalid password
;*2$"
...



A look at the program code with radare2 showed that this string is actually used for a comparison.

hashbrowns.png

With a bit of luck it is a password which can be cracked with a standard wordlist. And John could find it with the help of rockyou.txt within a few miliseconds.

$ john --wordlist=/opt/wordlists/rockyou.txt hash.txt
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
potatoes         (?)
1g 0:00:00:00 DONE (2018-03-05 19:31) 9.090g/s 595781p/s 595781c/s 595781C/s 123456..ryanscott
Use the "--show" option to display all of the cracked passwords reliably
Session completed



After input on the website the field appeared in green.

As soon as I have a little more time, further writeups will follow.

6 years ago in #ctf by
$3.86
  • Past Payouts $3.86, 0.00 TRX
  • - Author $3.18, 0.00 TRX
  • - Curators $0.68, 0.00 TRX
Reply 1
Sort:  
  • Trending
    • [-]
     6 years ago 

    Nice Post. Be Steem :)

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.26
      TRX 0.11
      JST 0.033
      BTC 63851.10
      ETH 3059.36
      USDT 1.00
      SBD 3.85