password crack [Programming]
NeverLAN CTF 2020

password crack

Another day, another CTF challenge.

This one should be super straight forward. Before you go on, go read this article: https://thehackernews.com/2019/10/unix-bsd-password-cracked.html

Ok, did you read that article? Good. So your challenge is to crack a password. Just like Ken Thompson, our password will be in a 'known format'. The format we'll use is: color-random_year-neverlan_team_member's_name. (all lowercase) A sample password could be: red-1991

Here's your hash: 267530778aa6585019c98985eeda255f. The hashformat is md5.

Code

OK, a little overkill.

#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fstream>
#include <list>

#include <openssl/md5.h>  // -lcrypto

using namespace std;

char *str2md5(const char *str, int length) {
    int n;
    MD5_CTX c;
    unsigned char digest[16];
    char *out = (char*)malloc(33);
    MD5_Init(&c);
    while (length > 0) {
        if (length > 512)
            MD5_Update(&c, str, 512);
        else
            MD5_Update(&c, str, length);
        length -= 512;
        str += 512;
    }
    MD5_Final(digest, &c);
    for (n = 0; n < 16; ++n)
        snprintf(&(out[n*2]), 16*2, "%02x", (unsigned int)digest[n]);
    return out;
}

list<string> readFile(const string &filename, const string &appendStr){
    ifstream f(filename);
    list<string> data;
    for( std::string line; getline(f, line);)
        data.push_back(line + appendStr);
    f.close();
    return data;
}

int main(int argc, char **argv) {
    const char* target_hash = "267530778aa6585019c98985eeda255f";
    list<string> members = { "purvesta", "n30", "bashninja", "s7a73farm", "viking", "zestyfe" };
    list<string> colors = readFile("colors.txt", "-");
    list<string> years = { };
    for (int i = 0; i <= 9999; ++i) years.push_back(to_string(i) + "-");

    for(auto const &color: colors){
        cout << "trying: " << color << "\n";

        for(auto const &year: years) {
            for (auto const &member: members) {
                auto password = color;
                password.append(year);
                password.append(member);

                const char *pwd = password.c_str();
                char *result = str2md5(pwd, strlen(pwd));
                if (strcmp(result, target_hash) == 0){
                    cout << "found: " << password << "\n";
                    exit(0);
                }
                free(pwd);
                free(result);
            }
        }
    }

    return 0;
}

Flag

orange-1984-zestyfe