English [Hackover 2015] [Misc 100 – Simple Password] Write Up

Description

SUCH SECURE. VERY PASSWORD. MUCH HACKING. ^o^

nc simplepassword.hackover.h4q.it 1337

Resolution

The goal of this challenge is to pass a lot of password.
There are six password to recovery the flag.

Challenge 0x00 -- "insecure"

Hint for stage 1: The Plague: the four most-used passwords are…
Hacker’s movie citation :
"the four most-used passwords are: love, sex, secret, and"

So just try this four passwords :

PASSWORD:secret
access granted.

Challenge 0x01 -- "ET TU BRVTE?"

In this step, we can try a password and the server answers us the result of our password and the password that it compares to.
So we try with the alphabet :

PASSWORD:abcdefghijklmnopqrstuvwxyz
>>>>>: bcdefghijklmnopqrstuvwxyz{
access denied. Expected: Ubf5SppEpiWp

We see that the result of our password is just a shift one of our initial password (Caesar cypher 1).
So we take ” Ubf5SppEpiWp ” and do a Caesar cypher -1, we obtain ” Tae4RooDohVo ”

PASSWORD:Tae4RooDohVo
access granted.

Challenge 0x02 -- "All your base are belong to 0x"
--------------
Hash: /x54/x68/x31/x73/x42/x65/x56/x65/x72/x72/x72/x79/x48/x34/x63/x6b/x79

It’s nothing more than hexadecimal numbers.

echo -e "\x54\x68\x31\x73\x42\x65\x56\x65\x72\x72\x72\x79\x48\x34\x63\x6b\x79"
Th1sBeVerrryH4cky
PASSWORD:Th1sBeVerrryH4cky
access granted.

Challenge 0x03 -- "Numbers Again"
--------------
Hash: 072 048 119 050 099 048 117 110 116 033 049 033 050 033 051 033 072 069 072 069

It’s nothing more than decimal numbers.
Decode quickly with an online tool :
http://cryptii.com/text/select

PASSWORD:H0w2c0unt!1!2!3!HEHE
access granted.

Challenge 0x04 -- "Turing Complete"
--------------
-[------->+<]>-.--[-->+++<]>.[--->+<]>---.---[->++++<]>.------------.---.--[--->+<]>-.[-->+++++++<]>.[----->++<]>+.--[--->+<]>--..++++.--------.+++.--------------.-[--->+<]>-.-[--->++<]>-.++++++++++.+[---->+<]>+++.++[-->+++<]>.++++.[->++<]>-.++++++++.-------.-----------.+++++.+++.--.+++++.-[->+++++<]>..

It looks like brainfuck but we don’t have to execute this code, just decode it with an online tool :
http://www.splitbrain.org/_static/ook/
Hi the password is 37munchkin!!

PASSWORD:37munchkin!!
access granted.

Challenge 0x05 -- "Chain Link"
--------------
Hash: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44

Well this step remember me an other CTF.
https://0x90r00t.com/2015/09/07/mma-2015-cryptowarmup-smart-cipher-system-write-up/
I did those challenge manually, so i do the same for this challenge, step by step i recovery every letter because the server answers me the result of my input password.

PASSWORD:Very
>>>>> 56 33 17 0b 
access denied. Expected: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44
PASSWORD:VeryImpressive!
>>>>> 56 33 17 0b 30 24 1d 02 17 16 00 1a 1f 13 44 
access denied. Expected: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44 
PASSWORD:VeryImpresssive!
access granted.

Next no more title like “Challenge 0x0” appears, well are we in ?

whoami
ctf

Yes we are ! So we are looking for the flag.

id
uid=1000(ctf) gid=65534(nogroup) groups=65534(nogroup)
uname -a
Linux simplepassword 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u5 (2015-10-09) x86_64 GNU/Linux
ls -la
total 32
drwxr-xr-x  2 ctf  users  4096 Oct 16 22:15 .
drwxr-xr-x 22 root root   4096 Oct 16 14:12 ..
-rwxr-xr-x  1 ctf  users 17556 Oct 15 10:18 simplepassword
-rwxr-xr-x  1 ctf  users     4 Oct 17 14:27 simplepassword.start
ls -la /home
total 12
drwxr-xr-x  3 root root 4096 Oct 15 09:57 .
drwxr-xr-x 22 root root 4096 Oct 16 14:12 ..
dr-xr-xr-x  2 root root 4096 Oct 15 10:00 ctf
ls -la /home/ctf
total 16
dr-xr-xr-x 2 root root 4096 Oct 15 10:00 .
drwxr-xr-x 3 root root 4096 Oct 15 09:57 ..
-r--r--r-- 1 root root   44 Oct 15 10:00 flag.txt
-r--r--r-- 1 root root   44 Oct 15 10:00 SUCH_FLAG_VERY_HACK_MUCH_SKILL
cat /home/ctf/flag.txt
hackover15{I_IZ_A_HACKER_I_CAN_HAZ_POINTS?}

Flag was hackover15{I_IZ_A_HACKER_I_CAN_HAZ_POINTS?}

Leave a Reply

Your email address will not be published.