Post

Hash Auth

Posted
By Ramages 1 min read

date: 2023-07-25 22:24:17 +02:00 categories: [SecurityValley, Coding] tags: [Coding, CTF, SecurityValley] — This is a writeup of the coding challenge Hash auth from the Security Valley CTF

Premise

Ok ok ok. They have learned there lesson. Instead of using confusing authentication functions there have switched to crypto functions. At least they think they have switched to crypto functions. Anyway - please help us again and hack this piece of code!

Link: https://github.com/SecurityValley/PublicCTFChallenges/tree/master/coding/hash_auth

Challenge code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

from hashlib import sha256
import sys

def validate_password(password):
    # be creative. it has something to do with SecurityValley ;-)
    if sha256(password.encode("utf-8")).hexdigest() == "f51f333ed26c41bedd99e1e483c0a15d2caeed7dc5a9ae02159f196799a74893":
        return True 

    return False

def print_banner(payload):
    print("that was great !!!")
    print("run the following command to get the flag.")
    print("curl -X POST http://ctf.securityvalley.org:7777/api/v1/validate -H 'Content-Type: application/json' -d '{\"pass\": \""+payload+"\"}'")

if __name__ == "__main__":
    print("let's do more python ;-)")

    password = input("please enter password: ")
    if validate_password(password):
        print_banner(password)
        sys.exit()
    
    print("wrong!")

Solution

In this challenge, we want to reverse a SHA-256 hash. One of the easiest ways we can do this is with a bruteforce attack. Like the hint says, it has something to do with Security Valley, so we can use this as a starting point, and create a wordlist with the following entries:

1
2
3
4
5
6
7
8
9
10

SecurityValley
Securityvalley
securityValley
Securityvalley
S3cur1tyV4ll3y
Secur1tyValley
Secur1tyVall3y
S3cur1tyValley
S3cur1tyV4lley
S3cur1tyV4ll3y

Since we’re dealing with a short list here, we can simply use CyberChef once again

  • (Note: if this was done with a longer list, something like a wordlist bruteforcing script would be more appropriate)

Through the list, we find that one of the strings in the word list above gives us the string: f51f333ed26c41bedd99e1e483c0a15d2caeed7dc5a9ae02159f196799a74893, which is the hashed string we were looking for. To get our flag, we once again simply send a POST request with curl with the found word to get our flag, so we run:

1

curl -X POST http://ctf.securityvalley.org:7777/api/v1/validate -H 'Content-Type: application/json' -d '{"pass": "[redacted]"}'

Which returns: {"Value":"SecVal{[redacted]}"} giving us the flag.

SecurityValley, Coding
Coding CTF SecurityValley
This post is licensed under CC BY 4.0 by the author.