PicoMini-2022

writeups for the 2022 beginner PicoMini

View on GitHub

PW Crack 4

Tags: General Skills, password_cracking, hashing
Author: LT ‘syreal’ Jones

Description

Can you crack the password to get the flag?
Download the password checker here and you’ll need the encrypted flag and the hash in the same directory too.
There are 100 potential passwords with only 1 being correct. You can find these by examining the password checker script.

Hints

  1. A for loop can help you do many things very quickly.
  2. The str_xor function does not need to be reverse engineered for this challenge.

    Approach

    This is the same concept as PW Crack 3 but with more passwords. This time let’s write some code and make it give us the right password: ```python import hashlib def hash_pw(pw_str): pw_bytes = bytearray() pw_bytes.extend(pw_str.encode()) m = hashlib.md5() m.update(pw_bytes) return m.digest()

pos_pw_list = [“8c86”, “7692”, “a519”, “3e61”, “7dd6”, “8919”, “aaea”, “f34b”, “d9a2”, “39f7”, “626b”, “dc78”, “2a98”, “7a85”, “cd15”, “80fa”, “8571”, “2f8a”, “2ca6”, “7e6b”, “9c52”, “7423”, “a42c”, “7da0”, “95ab”, “7de8”, “6537”, “ba1e”, “4fd4”, “20a0”, “8a28”, “2801”, “2c9a”, “4eb1”, “22a5”, “c07b”, “1f39”, “72bd”, “97e9”, “affc”, “4e41”, “d039”, “5d30”, “d13f”, “c264”, “c8be”, “2221”, “37ea”, “ca5f”, “fa6b”, “5ada”, “607a”, “e469”, “5681”, “e0a4”, “60aa”, “d8f8”, “8f35”, “9474”, “be73”, “ef80”, “ea43”, “9f9e”, “77d7”, “d766”, “55a0”, “dc2d”, “a970”, “df5d”, “e747”, “dc69”, “cc89”, “e59a”, “4f68”, “14ff”, “7928”, “36b9”, “eac6”, “5c87”, “da48”, “5c1d”, “9f63”, “8b30”, “5534”, “2434”, “4a82”, “d72c”, “9b6b”, “73c5”, “1bcf”, “c739”, “6c31”, “e138”, “9e77”, “ace1”, “2ede”, “32e0”, “3694”, “fc92”, “a7e2”] correct_pw_hash = open(‘level4.hash.bin’, ‘rb’).read()

for password in pos_pw_list: user_pw_hash = hash_pw(password) if (user_pw_hash == correct_pw_hash): print(password)

The first line imports the library `hashlib` which has a bunch of hashing related functions already written so that we don't need to write it ourselves. The `hash_pw` function is taken from [line 18](https://github.com/vivian-dai/PicoMini-2022/blob/main/PW%20Crack%204/level4.py#L18) of [level4.py](/PicoMini-2022/PW%20Crack%204/level4.py). The possible passwords are from [line 45](https://github.com/vivian-dai/PicoMini-2022/blob/main/PW%20Crack%204/level4.py#L45) of the password checker. We can read the correct hashed password from the hash file the same way the password checker does in [line 15](https://github.com/vivian-dai/PicoMini-2022/blob/main/PW%20Crack%204/level4.py#L15) (make sure the code and the hashed password are in the same directory). After that, we use a for loop which iterates through every single password in the list. For each password, we get its hash and if the hash matches the correct password hash, the code outputs the password.  
After obtaining the password, we can run [level4.py](/PicoMini-2022/PW%20Crack%204/level4.py) and get the flag.

Please enter correct password for flag: 607a Welcome back… your flag, user: picoCTF{fl45h_5pr1ng1ng_d770d48c} ```

Flag

picoCTF{fl45h_5pr1ng1ng_d770d48c}