# [Hackover 2015] [Misc 100 – Simple Password] Write Up

## Description

SUCH SECURE. VERY PASSWORD. MUCH HACKING. ^o^

## Resolution

The goal of this challenge is to pass a lot of password.
There are six password to recovery the flag.

`Challenge 0x00 -- "insecure"`

Hint for stage 1: The Plague: the four most-used passwords are…
Hacker’s movie citation :
`"the four most-used passwords are: love, sex, secret, and"`

So just try this four passwords :

```PASSWORD:secret
access granted.
```

`Challenge 0x01 -- "ET TU BRVTE?"`

In this step, we can try a password and the server answers us the result of our password and the password that it compares to.
So we try with the alphabet :

```PASSWORD:abcdefghijklmnopqrstuvwxyz
>>>>>: bcdefghijklmnopqrstuvwxyz{
```

We see that the result of our password is just a shift one of our initial password (Caesar cypher 1).
So we take ” Ubf5SppEpiWp ” and do a Caesar cypher -1, we obtain ” Tae4RooDohVo ”

```PASSWORD:Tae4RooDohVo
access granted.
```

```Challenge 0x02 -- "All your base are belong to 0x" -------------- Hash: /x54/x68/x31/x73/x42/x65/x56/x65/x72/x72/x72/x79/x48/x34/x63/x6b/x79```

It’s nothing more than hexadecimal numbers.

```echo -e "\x54\x68\x31\x73\x42\x65\x56\x65\x72\x72\x72\x79\x48\x34\x63\x6b\x79"
Th1sBeVerrryH4cky
```
```PASSWORD:Th1sBeVerrryH4cky
access granted.
```

```Challenge 0x03 -- "Numbers Again" -------------- Hash: 072 048 119 050 099 048 117 110 116 033 049 033 050 033 051 033 072 069 072 069 ```

It’s nothing more than decimal numbers.
Decode quickly with an online tool :
http://cryptii.com/text/select

```PASSWORD:H0w2c0unt!1!2!3!HEHE
access granted.
```

```Challenge 0x04 -- "Turing Complete" -------------- -[------->+<]>-.--[-->+++<]>.[--->+<]>---.---[->++++<]>.------------.---.--[--->+<]>-.[-->+++++++<]>.[----->++<]>+.--[--->+<]>--..++++.--------.+++.--------------.-[--->+<]>-.-[--->++<]>-.++++++++++.+[---->+<]>+++.++[-->+++<]>.++++.[->++<]>-.++++++++.-------.-----------.+++++.+++.--.+++++.-[->+++++<]>.. ```

It looks like brainfuck but we don’t have to execute this code, just decode it with an online tool :
http://www.splitbrain.org/_static/ook/
`Hi the password is 37munchkin!!`

```PASSWORD:37munchkin!!
access granted.
```

```Challenge 0x05 -- "Chain Link" -------------- Hash: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44 ```

Well this step remember me an other CTF.

[MMA 2015] [Crypto/Warmup – Smart Cipher System] Write Up

I did those challenge manually, so i do the same for this challenge, step by step i recovery every letter because the server answers me the result of my input password.

```PASSWORD:Very
>>>>> 56 33 17 0b
access denied. Expected: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44
>>>>> 56 33 17 0b 30 24 1d 02 17 16 00 1a 1f 13 44
access denied. Expected: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44
```
```PASSWORD:VeryImpresssive!
access granted.
```

Next no more title like “Challenge 0x0” appears, well are we in ?

```whoami
ctf
```

Yes we are ! So we are looking for the flag.

```id
uid=1000(ctf) gid=65534(nogroup) groups=65534(nogroup)
uname -a
Linux simplepassword 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u5 (2015-10-09) x86_64 GNU/Linux
ls -la
total 32
drwxr-xr-x  2 ctf  users  4096 Oct 16 22:15 .
drwxr-xr-x 22 root root   4096 Oct 16 14:12 ..
-rwxr-xr-x  1 ctf  users 17556 Oct 15 10:18 simplepassword
-rwxr-xr-x  1 ctf  users     4 Oct 17 14:27 simplepassword.start
ls -la /home
total 12
drwxr-xr-x  3 root root 4096 Oct 15 09:57 .
drwxr-xr-x 22 root root 4096 Oct 16 14:12 ..
dr-xr-xr-x  2 root root 4096 Oct 15 10:00 ctf
ls -la /home/ctf
total 16
dr-xr-xr-x 2 root root 4096 Oct 15 10:00 .
drwxr-xr-x 3 root root 4096 Oct 15 09:57 ..
-r--r--r-- 1 root root   44 Oct 15 10:00 flag.txt
-r--r--r-- 1 root root   44 Oct 15 10:00 SUCH_FLAG_VERY_HACK_MUCH_SKILL
cat /home/ctf/flag.txt
hackover15{I_IZ_A_HACKER_I_CAN_HAZ_POINTS?}
```

Flag was hackover15{I_IZ_A_HACKER_I_CAN_HAZ_POINTS?}