PW Crack 1
Name: PW Crack 1 Description: Can you crack the password to get the flag? Download the password checker here and you'll need the encrypted flag in the same directory too. Author: LT 'syreal' Jones Tags: Easy, General Skills, Beginner picoMini 2022, password_cracking Challenge from: Beginner picoMini 2022 Files: level1.py, level1.flag.txt.enc Hints: 1. To view the file in the webshell, do: $ nano level1.py 2. To exit nano, press Ctrl and x and follow the on-screen prompts. 3. The str_xor function does not need to be reverse engineered for this challenge.
Theory
According to the description, to get the flag we have to know what password it is to get the original flag, since it has been encoded in what seems to be XOR encryption, which is reversible by itself, which is a really cool cryptographic method that I use often to encrypt some of my messages. Anyways, I think the password we'll need will be the XOR key we need to decrypt the flag in the other file, so I think we'll just change the code a bit or something.
Solution
Let's download the files into a same folder, and see what the python has (I've removed the XOR part because it's a little in the way, but you still need it in the code for it to work):
flag_enc = open('level1.flag.txt.enc', 'rb').read()
def level_1_pw_check():
user_pw = input("Please enter correct password for flag: ")
if( user_pw == "1e1a"):
print("Welcome back... your flag, user:")
decryption = str_xor(flag_enc.decode(), user_pw)
print(decryption)
return
print("That password is incorrect")
level_1_pw_check()
So it seems that the password DOES get used as the XOR key, anyway, it's literally there in the code, so we just need to run it with what it says there and we should be good to go:
C:\Users\shukularuni\Documents\pwc\lvl1>python level1.py
Please enter correct password for flag: 1e1a
Welcome back... your flag, user:
picoCTF{545h_r1ng1ng_fa343060}
There we go! That's the flag.
I rated this level as "good"! :3
https://play.picoctf.org/practice/challenge/245