This post spoils a CTF challenge … Don’t read if you want to try it !

SantHackLaus is a Jeopardy CTF challenge. It is organized by IMT Lille Douai. I had a great time solving these challenges :D

Only numbers here is a misc challenge with a bit of guessing.

Challenge takes place at We are facing a prompt which invites us to send a string :

nc 20002

After some tries and a few guessing, I found out that the server checks if the strings ends with “Pinkflood” and then checks if the MD5 value of the input string is only composed of numbers.
Let’s find a string which satisfy these constraints with a little Python script :


import hashlib

def intTryParse(value):
        return True
    except ValueError:
        return False

hashed = ""
value = ""
i = 0
while intTryParse(hashed) == False:
	i = i + 1
	value = str(i) + "Pinkflood"
	hashed = hashlib.md5(value).hexdigest()
	print hashed
	print value
print 'WIN !!'

We have a valid string : “1140633Pinkflood” ! (Hash : 26062149783494508159682139582576).
Let’s finally solve this challenge :

nc 20002 <<< 1140633Pinkflood

Flag is : IMTLD{Brut3F0rc31sTh3N3wBl4ck}.

[+] Bye

Feel free to tell me what you think about this post :)