In recent articles, I solved some CTF Challenges Solution and got a Good Response. Therefore I am here to write another CTF Challenge Solution “Find the Hash” which was also organized by @SayCureIO. Some of my Friends already posted the solution of this challenge on SayCure Blog but I will try to explain it my own words I mean how I solved it. Let’s get Started.
Overview:
Click on the selected one to read a recent article about CTF Challenge.
Challenge:
"Well, here is your flag. But do me a favor. Feed me the correct flag." SayCure{You_HASHED_the_XXXX} XXXX = [A-Z] Sha-256 of the flag is "47D953330BF06E10CE7CD0707FF673F0C73561A8E422048ED8FFD2B38F99ACBA"
Understanding the Challenge:
It is clear from the above Challenge that they want us to find the 4 characters when inserted in the above Flag makes the given hash. At first, I was Stuck and thought the Hash is made from that 4 Characters, so I made a Script that makes that 4 characters, Encode it to Sha-256 Hash and then compare it with the given Hash but failed to find that 4 Characters. I then Tried to get all possible 4 Characters, put that in the Flag but still failed to find.
Find the Hash:
I was thinking about why I am unable to find the hash? I was wondering why? Then suddenly the Hash once again caught my attention and I saw that the alphabets of the given Hash were all in Upper Case. So, without wasting more time, I configured my Script and after some time I was able to find the Flag.
Code:
import itertools import hashlib def foo(l): yield from itertools.product(*([l] * 4)) for x in foo('ABCDEFGHIJKLMNOPQRSTUVWXYZ'): hash_object = hashlib.sha256(("SayCure{You_HASHED_the_"+str("".join(x))+"}").encode("utf-8")) hex_dig = hash_object.hexdigest() if hex_dig.upper() == "47D953330BF06E10CE7CD0707FF673F0C73561A8E422048ED8FFD2B38F99ACBA": print("Found: ","SayCure{You_HASHED_the_"+str("".join(x))+"}") break else: print("Trying.......","SayCure{You_HASHED_the_"+str("".join(x))+"}")
Output:
Trying....... SayCure{You_HASHED_the_AAAA} Trying....... SayCure{You_HASHED_the_AAAB} Trying....... SayCure{You_HASHED_the_AAAC} ...... Trying....... SayCure{You_HASHED_the_GLAD} Trying....... SayCure{You_HASHED_the_GLAE} Found: SayCure{You_HASHED_the_GLAF}
Flag:

So that was another CTF challenge solution. See you soon with another writeup 🙂