CTF Challenge by SayCure solution
CTF Solutions Write-ups

Find The Hash – SayCure CTF Challenge Solution

Posted on Author Ijaz Ur Rahim 2

In recent articles, I solved some CTF Challenges Solution and got a Good Response. Therefore I am here to write another CTF Challenge Solution “Find the Hash” which was also organized by @SayCureIO. Some of my Friends already posted the solution of this challenge on SayCure Blog but I will try to explain it my own words I mean how I solved it. Let’s get Started.

Overview:

Click on the selected one to read a recent article about CTF Challenge.

Challenge:

"Well, here is your flag. But do me a favor. Feed me the correct flag."
SayCure{You_HASHED_the_XXXX}
XXXX = [A-Z]
Sha-256 of the flag is "47D953330BF06E10CE7CD0707FF673F0C73561A8E422048ED8FFD2B38F99ACBA"

Understanding the Challenge:

It is clear from the above Challenge that they want us to find the 4 characters when inserted in the above Flag makes the given hash. At first, I was Stuck and thought the Hash is made from that 4 Characters, so I made a Script that makes that 4 characters, Encode it to Sha-256 Hash and then compare it with the given Hash but failed to find that 4 Characters. I then Tried to get all possible 4 Characters, put that in the Flag but still failed to find.

Find the Hash:

I was thinking about why I am unable to find the hash? I was wondering why? Then suddenly the Hash once again caught my attention and I saw that the alphabets of the given Hash were all in Upper Case. So, without wasting more time, I configured my Script and after some time I was able to find the Flag.

Code:

import itertools
import hashlib
def foo(l):
     yield from itertools.product(*([l] * 4)) 

for x in foo('ABCDEFGHIJKLMNOPQRSTUVWXYZ'):
     
    hash_object = hashlib.sha256(("SayCure{You_HASHED_the_"+str("".join(x))+"}").encode("utf-8"))
    hex_dig = hash_object.hexdigest()
    if hex_dig.upper() == "47D953330BF06E10CE7CD0707FF673F0C73561A8E422048ED8FFD2B38F99ACBA":
        print("Found: ","SayCure{You_HASHED_the_"+str("".join(x))+"}")
        break
    else:
        print("Trying.......","SayCure{You_HASHED_the_"+str("".join(x))+"}")

Output:

Trying....... SayCure{You_HASHED_the_AAAA}
Trying....... SayCure{You_HASHED_the_AAAB}
Trying....... SayCure{You_HASHED_the_AAAC}
......
Trying....... SayCure{You_HASHED_the_GLAD}
Trying....... SayCure{You_HASHED_the_GLAE}
Found: SayCure{You_HASHED_the_GLAF}

Flag:

Find the Hash CTF FLAG
Find the Hash – CTF FLAG

So that was another CTF challenge solution. See you soon with another writeup 🙂

Ijaz Ur Rahim
Just a Newbie with some Random Penetrating and Programming Skills.
https://github.com/MrDebugger

Related Articles

CTF Challenge by SayCure solution
CTF Solutions Write-ups

CTF Challenge Solution Organized by SayCure

Posted on Author Ijaz Ur Rahim

Hi there, again I am here to present the solution to another recently organized CTF Challenge. This challenge was also organized by SayCure org. Hope you find it helpful for future CTF encounters. So let’s get started. Introduction to CTF Challenge: To know about “what is CTF”, who are SayCure or want to know about my last […]

Libssh allow the attacker to access server without User details
Technology

Explaining libSSH CVE-2018-10933 flaw – Briefly explained

Posted on Author Salman Arif

It is a very famous quote “Every security has a loophole”. We all know that every new security comes with new vulnerabilities. And when there is a vulnerability, there is someone who exploits it. If he is a bug hunter, he will simply report it and try to get rewards etc. But if he is a […]

password security
Write-ups

How can we secure our Login Process – Understanding authorized and unauthorized access

Posted on Author Shehriar Ahmad

I guess every person on the internet knows about what is login? We use login processes multiple times a day. For example, I just logged into my website’s admin panel to access my dashboard and write this article. Similarly, you must log into your Facebook, Twitter, Instagram or Gmail account to get access to your […]