PicoCTF Writeup – HashingJobApp

# Information:

CTF Name: PicoCTF

CTF Challenge: HashingJobApp

Challenge Category: General Skills

Challenge Points: 100

Beginner picoMini 2022.

# Used Tools:

  • Linux
  • RSA Decoder

# Challenge Description:

If you want to hash with the best, beat this test!

nc saturn.picoctf.net 52679

Hints:

Hint 1
You can use a command line tool or web app to hash text

Hint 2
Press Ctrl and c on your keyboard to close your connection and return to the command prompt.

# Writeup:

This is a challenge to help learn how to write a somewhat complex python script using pwntools (my suggestion, but there are other ways of doing this).

First, I ran the command:

$ nc saturn.picoctf.net 52679

Below you have the output:

By reading the prompt of the command we can see that we have to md5 has the text ‘killer whales’, I decided to give a try using the browser:

I went to this site and I got the MD5 hash for the given text, however, but the time I was finished, this was the state of the prompt:

It took too long… therefore, a manual solution is not possible, we need to automate!!

To do so I developed a small but somewhat complex python 3 script to perform the hashing and the communication with the server for me, see below:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import hashlib
from pwn import *
import re
# what it does is it simply generates the md5 hash given a string
def generateMD5Hash(new_word): 
    md5hash = hashlib.md5(new_word.encode()).hexdigest()
    return md5hash
def main():
	# here we are using the remote function of pwntools to 
    # connect to the server saturn.picoctf.net on port 52679.
    conn = remote('saturn.picoctf.net', 52679)
    # challenge variable, initiated here and it will later on have the challenge
    challenge = ""
    # While loop to interact with the server by send and receiving messages until
    # a certain condition is met, if that never occurs it is an infinite loop (while True)
    while True:
    	# try is required because recv line could throw and exception 
    	# and we want to catch it if it does.
        try:
	        # conn.recvline() is going to receive a line from the server and 
			# store it on the variable serverOutput
            serverOutput = conn.recvline()
            # If the variable serverOutput has the string Incorrect, it means
            # that the generateMD5Hash is wrong, therefore I print out (to 
			# myself) fix the code!! XD and I break the loop, line 30.
            if 'Incorrect.' in serverOutput.decode():
                print("Wrong hash. Fix the code!! ")
                break
            # If the variable serverOutput has the string Answer, it means
            # we have to send an answer to the server, the hashing of the 
            # string keyword, in this case the challenge is in the 2nd 
            # position of the variable challenge (initiated before)
            elif 'Answer:' in serverOutput.decode():
                conn.send((generateMD5Hash(challenge[1]) + '\n').encode())
            If the variable serverOutput has the string Answer, it means
            # If the variable serverOutput has the string picoCTF{, it means
            # we have found the flag!! We have the solution, and what I do is 
            # simply get it from the serverOutput variable and print it out 
            # to the user
            elif 'picoCTF{' in serverOutput.decode():
                flag = re.findall('picoCTF{.*}', serverOutput.decode())
                print("The flag is: " + flag[0])
                break
            # If the variable serverOutput has the string ' it means
            # we have the challenge message to hash later, what I do is
            # I simply store it in the variable challenge, to be called
            # later in the iteration of the loop, once the word Answer is 
            # in the serverOutput (line 35)
            elif "'" in serverOutput.decode():
                challenge = serverOutput.decode().split("'")
            else:
                continue
        except EOFError as e:
            print(e)
main()

I decided to explain the code in line with comments. If that is too confusing just extract the comments and read them side by side with the code, it could make more sense that way I think :D.
One remark though:

  • From line 1 to 3 we have relevant imports, necessary to our code to work, for example the hashlib, that has the md5 hashing function, the pwn which is the pwn tools that we are going to use for the communication with the server and the re that we will use to search the output for a string.

The flag is:

Show flag
picoCTF{4ppl1c4710n_r3c31v3d_bf2ceb02}


Thank you very much for reading!

Cheers,

MRegra


2 Replies to “PicoCTF Writeup – HashingJobApp”

  1. Hello! No clue if you read old comments so I figured I would just message you on your latest post. I was interested in the Remote Control Trojan you did 2 years back. I was wondering if you could show me how it works through discord if you have the time. Here’s my discord, I’m active all the time so shoot me a DM whenever! 😀

    fr#0795

    1. Hello,
      Thank you very much for your contact.
      We will get in touch, as soon as possible.

      Kind regards,
      MRegra & SoBatista

Leave a Reply

Your email address will not be published. Required fields are marked *