This post spoils a CTF challenge … Don’t read if you want to try it !
SantHackLaus is a Jeopardy CTF challenge. It is organized by IMT Lille Douai. I had a great time solving these challenges :D
Only numbers here is a misc challenge with a bit of guessing.
Challenge takes place at 51.75.202.113:20002. We are facing a prompt which invites us to send a string :
nc 51.75.202.113 20002
After some tries and a few guessing, I found out that the server checks if the strings ends with “Pinkflood” and then checks if the MD5 value of the input string is only composed of numbers.
Let’s find a string which satisfy these constraints with a little Python script :
#!/usr/bin/python
import hashlib
def intTryParse(value):
try:
int(value)
return True
except ValueError:
return False
hashed = ""
value = ""
i = 0
while intTryParse(hashed) == False:
i = i + 1
value = str(i) + "Pinkflood"
hashed = hashlib.md5(value).hexdigest()
print hashed
print value
print 'WIN !!'
We have a valid string : “1140633Pinkflood” ! (Hash : 26062149783494508159682139582576).
Let’s finally solve this challenge :
nc 51.75.202.113 20002 <<< 1140633Pinkflood
Flag is : IMTLD{Brut3F0rc31sTh3N3wBl4ck}.
[+] Bye
Feel free to tell me what you think about this post :)