CTF Challenge by SayCure solution
CTF Solutions Hacking and Infosec Write-ups

Find The Hash – SayCure CTF Challenge Solution

Ijaz Ur RahimComment(0)

In recent articles, I solved some CTF Challenges Solution and got a Good Response. Therefore I am here to write another CTF Challenge Solution “Find the Hash” which was also organized by @SayCureIO. Some of my Friends already posted the solution of this challenge on SayCure Blog but I will try to explain it my own words I mean how I solved it. Let’s get Started.

Overview:

Click on the selected one to read a recent article about CTF Challenge.

Challenge:

"Well, here is your flag. But do me a favor. Feed me the correct flag."
SayCure{You_HASHED_the_XXXX}
XXXX = [A-Z]
Sha-256 of the flag is "47D953330BF06E10CE7CD0707FF673F0C73561A8E422048ED8FFD2B38F99ACBA"

Understanding the Challenge:

It is clear from the above Challenge that they want us to find the 4 characters when inserted in the above Flag makes the given hash. At first, I was Stuck and thought the Hash is made from that 4 Characters, so I made a Script that makes that 4 characters, Encode it to Sha-256 Hash and then compare it with the given Hash but failed to find that 4 Characters. I then Tried to get all possible 4 Characters, put that in the Flag but still failed to find.

Find the Hash:

I was thinking about why I am unable to find the hash? I was wondering why? Then suddenly the Hash once again caught my attention and I saw that the alphabets of the given Hash were all in Upper Case. So, without wasting more time, I configured my Script and after some time I was able to find the Flag.

Code:

import itertools
import hashlib
def foo(l):
     yield from itertools.product(*([l] * 4)) 

for x in foo('ABCDEFGHIJKLMNOPQRSTUVWXYZ'):
     
    hash_object = hashlib.sha256(("SayCure{You_HASHED_the_"+str("".join(x))+"}").encode("utf-8"))
    hex_dig = hash_object.hexdigest()
    if hex_dig.upper() == "47D953330BF06E10CE7CD0707FF673F0C73561A8E422048ED8FFD2B38F99ACBA":
        print("Found: ","SayCure{You_HASHED_the_"+str("".join(x))+"}")
        break
    else:
        print("Trying.......","SayCure{You_HASHED_the_"+str("".join(x))+"}")

Output:

Trying....... SayCure{You_HASHED_the_AAAA}
Trying....... SayCure{You_HASHED_the_AAAB}
Trying....... SayCure{You_HASHED_the_AAAC}
......
Trying....... SayCure{You_HASHED_the_GLAD}
Trying....... SayCure{You_HASHED_the_GLAE}
Found: SayCure{You_HASHED_the_GLAF}

Flag:

Find the Hash CTF FLAG
Find the Hash – CTF FLAG

So that was another CTF challenge solution. See you soon with another writeup 🙂

Ijaz Ur Rahim
Just a Newbie with some Random Penetrating and Programming Skills.
https://github.com/MrDebugger

Related Articles

CTF Challenge by SayCure solution
CTF Solutions Hacking and Infosec Write-ups

CTF Challenge Solution Organized by SayCure

Ijaz Ur Rahim

So here I present the solution to a recently organized CTF Challenge. This challenge was organized by SayCure org. Hope you find it helpful for future CTF encounters. So let’s get started. What is CTF?       CTF which means “Capture The Flag” is a type of challenge for Computer Geeks who loves to play with Security. […]

Libssh allow the attacker to access server without User details
Hacking and Infosec

Explaining libSSH CVE-2018-10933 flaw – Briefly explained

Salman Arif

It is a very famous quote “Every security has a loophole”. We all know that every new security comes with new vulnerabilities. And when there is a vulnerability, there is someone who exploits it. If he is a bug hunter, he will simply report it and try to get rewards etc. But if he is a […]

gaining access
Hacking and Infosec

Understanding the concept of Login and Access

Shehriar Ahmad

If you remember a previous post about understanding the authorized and unauthorized access. That post encouraged us to bring learning and knowledge-based writeups for you. We have decided to bring a complete series of Understanding the basic concepts of Ethical Hacking, Information security, web development, programming etc. So from now, our visitors will get a daily […]

Leave a Reply