[Hackover 2015] [Misc 100 – Simple Password] Write UpDescription
SUCH SECURE. VERY PASSWORD. MUCH HACKING. ^o^
nc simplepassword.hackover.h4q.it 1337
Resolution
The goal of this challenge is to pass a lot of password.
There are six password to recovery the flag.
Challenge 0x00 -- "insecure"
Hint for stage 1: The Plague: the four most-used passwords are…
Hacker’s movie citation :
"the four most-used passwords are: love, sex, secret, and"
So just try this four passwords :
PASSWORD:secret access granted.
Challenge 0x01 -- "ET TU BRVTE?"
In this step, we can try a password and the server answers us the result of our password and the password that it compares to.
So we try with the alphabet :
PASSWORD:abcdefghijklmnopqrstuvwxyz
>>>>>: bcdefghijklmnopqrstuvwxyz{
access denied. Expected: Ubf5SppEpiWp
We see that the result of our password is just a shift one of our initial password (Caesar cypher 1).
So we take ” Ubf5SppEpiWp ” and do a Caesar cypher -1, we obtain ” Tae4RooDohVo ”
PASSWORD:Tae4RooDohVo access granted.
Challenge 0x02 -- "All your base are belong to 0x"
--------------
Hash: /x54/x68/x31/x73/x42/x65/x56/x65/x72/x72/x72/x79/x48/x34/x63/x6b/x79
It’s nothing more than hexadecimal numbers.
echo -e "\x54\x68\x31\x73\x42\x65\x56\x65\x72\x72\x72\x79\x48\x34\x63\x6b\x79" Th1sBeVerrryH4cky
PASSWORD:Th1sBeVerrryH4cky access granted.
Challenge 0x03 -- "Numbers Again"
--------------
Hash: 072 048 119 050 099 048 117 110 116 033 049 033 050 033 051 033 072 069 072 069
It’s nothing more than decimal numbers.
Decode quickly with an online tool :
http://cryptii.com/text/select
PASSWORD:H0w2c0unt!1!2!3!HEHE access granted.
Challenge 0x04 -- "Turing Complete"
--------------
-[------->+<]>-.--[-->+++<]>.[--->+<]>---.---[->++++<]>.------------.---.--[--->+<]>-.[-->+++++++<]>.[----->++<]>+.--[--->+<]>--..++++.--------.+++.--------------.-[--->+<]>-.-[--->++<]>-.++++++++++.+[---->+<]>+++.++[-->+++<]>.++++.[->++<]>-.++++++++.-------.-----------.+++++.+++.--.+++++.-[->+++++<]>..
It looks like brainfuck but we don’t have to execute this code, just decode it with an online tool :
http://www.splitbrain.org/_static/ook/
Hi the password is 37munchkin!!
PASSWORD:37munchkin!! access granted.
Challenge 0x05 -- "Chain Link"
--------------
Hash: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44
Well this step remember me an other CTF.
https://0x90r00t.com/2015/09/07/mma-2015-cryptowarmup-smart-cipher-system-write-up/
I did those challenge manually, so i do the same for this challenge, step by step i recovery every letter because the server answers me the result of my input password.
PASSWORD:Very >>>>> 56 33 17 0b access denied. Expected: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44 PASSWORD:VeryImpressive! >>>>> 56 33 17 0b 30 24 1d 02 17 16 00 1a 1f 13 44 access denied. Expected: 56 33 17 0b 30 24 1d 02 17 16 00 00 1a 1f 13 44
PASSWORD:VeryImpresssive! access granted.
Next no more title like “Challenge 0x0” appears, well are we in ?
whoami ctf
Yes we are ! So we are looking for the flag.
id
uid=1000(ctf) gid=65534(nogroup) groups=65534(nogroup)
uname -a
Linux simplepassword 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u5 (2015-10-09) x86_64 GNU/Linux
ls -la
total 32
drwxr-xr-x 2 ctf users 4096 Oct 16 22:15 .
drwxr-xr-x 22 root root 4096 Oct 16 14:12 ..
-rwxr-xr-x 1 ctf users 17556 Oct 15 10:18 simplepassword
-rwxr-xr-x 1 ctf users 4 Oct 17 14:27 simplepassword.start
ls -la /home
total 12
drwxr-xr-x 3 root root 4096 Oct 15 09:57 .
drwxr-xr-x 22 root root 4096 Oct 16 14:12 ..
dr-xr-xr-x 2 root root 4096 Oct 15 10:00 ctf
ls -la /home/ctf
total 16
dr-xr-xr-x 2 root root 4096 Oct 15 10:00 .
drwxr-xr-x 3 root root 4096 Oct 15 09:57 ..
-r--r--r-- 1 root root 44 Oct 15 10:00 flag.txt
-r--r--r-- 1 root root 44 Oct 15 10:00 SUCH_FLAG_VERY_HACK_MUCH_SKILL
cat /home/ctf/flag.txt
hackover15{I_IZ_A_HACKER_I_CAN_HAZ_POINTS?}
Flag was hackover15{I_IZ_A_HACKER_I_CAN_HAZ_POINTS?}