This post spoils a CTF challenge … Don’t read if you want to try it !

SantHackLaus is a Jeopardy CTF challenge. It is organized by IMT Lille Douai. I had a great time solving these challenges :D

Only numbers here is a programming challenge with a bit of guessing.

Challenge takes place at 51.75.202.113:20002. We are facing a prompt which invites us to send a string :

basic infos

nc 51.75.202.113 20002

After some tries and a few guessing, I found that the server checks if the strings ends with “Pinkflood” and then checks if the MD5 value of the input string is only composed of numbers.
Let’s find a string which satisfy these constraints with a little Python script :

#!/usr/bin/python

import hashlib


def intTryParse(value):
    try:
	int(value)
        return True
    except ValueError:
        return False

hashed = ""
value = ""
i = 0
while intTryParse(hashed) == False:
	i = i + 1
	value = str(i) + "Pinkflood"
	hashed = hashlib.md5(value).hexdigest()
	print hashed
	print value
print 'WIN !!'

find.py

We have a valid string : “1140633Pinkflood” ! (Hash : 26062149783494508159682139582576).
Let’s finally solve this challenge :

basic infos

nc 51.75.202.113 20002 <<< 1140633Pinkflood

Flag is : IMTLD{Brut3F0rc31sTh3N3wBl4ck}.

[+] Bye

Feel free to tell me what you think about this post :)