CTF Challenge by SayCure solution
CTF Solutions Hacking and Infosec Write-ups

Find The Hash – SayCure CTF Challenge Solution

Ijaz Ur RahimComment(0)

In recent articles, I solved some CTF Challenges Solution and got a Good Response. Therefore I am here to write another CTF Challenge Solution “Find the Hash” which was also organized by @SayCureIO. Some of my Friends already posted the solution of this challenge on SayCure Blog but I will try to explain it my own words I mean how I solved it. Let’s get Started.

Overview:

Click on the selected one to read a recent article about CTF Challenge.

Challenge:

"Well, here is your flag. But do me a favor. Feed me the correct flag."
SayCure{You_HASHED_the_XXXX}
XXXX = [A-Z]
Sha-256 of the flag is "47D953330BF06E10CE7CD0707FF673F0C73561A8E422048ED8FFD2B38F99ACBA"

Understanding the Challenge:

It is clear from the above Challenge that they want us to find the 4 characters when inserted in the above Flag makes the given hash. At first, I was Stuck and thought the Hash is made from that 4 Characters, so I made a Script that makes that 4 characters, Encode it to Sha-256 Hash and then compare it with the given Hash but failed to find that 4 Characters. I then Tried to get all possible 4 Characters, put that in the Flag but still failed to find.

Find the Hash:

I was thinking about why I am unable to find the hash? I was wondering why? Then suddenly the Hash once again caught my attention and I saw that the alphabets of the given Hash were all in Upper Case. So, without wasting more time, I configured my Script and after some time I was able to find the Flag.

Code:

import itertools
import hashlib
def foo(l):
     yield from itertools.product(*([l] * 4)) 

for x in foo('ABCDEFGHIJKLMNOPQRSTUVWXYZ'):
     
    hash_object = hashlib.sha256(("SayCure{You_HASHED_the_"+str("".join(x))+"}").encode("utf-8"))
    hex_dig = hash_object.hexdigest()
    if hex_dig.upper() == "47D953330BF06E10CE7CD0707FF673F0C73561A8E422048ED8FFD2B38F99ACBA":
        print("Found: ","SayCure{You_HASHED_the_"+str("".join(x))+"}")
        break
    else:
        print("Trying.......","SayCure{You_HASHED_the_"+str("".join(x))+"}")

Output:

Trying....... SayCure{You_HASHED_the_AAAA}
Trying....... SayCure{You_HASHED_the_AAAB}
Trying....... SayCure{You_HASHED_the_AAAC}
......
Trying....... SayCure{You_HASHED_the_GLAD}
Trying....... SayCure{You_HASHED_the_GLAE}
Found: SayCure{You_HASHED_the_GLAF}

Flag:

Find the Hash CTF FLAG
Find the Hash – CTF FLAG

So that was another CTF challenge solution. See you soon with another writeup 🙂

Ijaz Ur Rahim
Just a Newbie with some Random Penetrating and Programming Skills.
https://github.com/MrDebugger

Related Articles

Libssh allow the attacker to access server without User details
Hacking and Infosec

Explaining libSSH CVE-2018-10933 flaw – Briefly explained

Salman Arif

It is a very famous quote “Every security has a loophole”. We all know that every new security comes with new vulnerabilities. And when there is a vulnerability, there is someone who exploits it. If he is a bug hunter, he will simply report it and try to get rewards etc. But if he is a […]

Bing
Write-ups

Open Url Redirection Vulnerability in Bing

Salman Arif

Bing is a 2nd world most used search engine besides Google. It is owned by the tech giant Microsoft. It’s a great place to find news and other stuff. So for a website, bing is an important source of traffic. That’s why I was working on SEO for my website at bing.com.  But found an […]

gaining access
Hacking and Infosec

Understanding the concept of Login and Access

Shehriar Ahmad

If you remember a previous post about understanding the authorized and unauthorized access. That post encouraged us to bring learning and knowledge-based writeups for you. We have decided to bring a complete series of Understanding the basic concepts of Ethical Hacking, Information security, web development, programming etc. So from now, our visitors will get a daily […]

Leave a Reply