RSS
 

HACKvent 2015: Day 9

09 Dec 2015
CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com
Date Completed: 09 December 2015

Challenge

The following sound file was also provided: Download MP3

Solution

This was a very simple challenge.
First we listen to the transmission and discover it spells out the nugget but some characters are turned into noise.

We get:

The ?  character represents a character in the set [A-Za-z0-9] (because those are the only characters that can appear in the nugget).
We notice that dashes are omitted. We also know the nugget starts with HV15 so the first unknown character is determined to be 1.

Now, we bruteforce the remaining 3 characters using our hint. We want to first find a full lowercase solution that has a sha1sum which equals B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224 .
After a solution is found for that, we can then try to find the sha1sum of all permutations of the case of each character after HV15 (we know HV15 must be uppercase).

So we construct our template to be:

Then we write a python script to carry out the Bruteforce attack:

We run this and get our flag in 1 second:

Flag:  HV15-GnUj-1YQ7-vdYC-2wlr-E6xj

 
No Comments

Posted in Hackvent 2015

 

Leave a Reply