picoCTF General Skills Guide

here's how to solve PW Crack 2

Back to the General Skills Guides

PW Crack 2

Name: PW Crack 2
Description: Can you crack the password to get the flag? Download the password checker here and you'll need the encrypted flag in the same directory too.
Author: LT 'syreal' Jones
Tags: Easy, General Skills, Beginner picoMini 2022, password_cracking
Challenge from: Beginner picoMini 2022
Files: level2.py, level2.flag.txt.enc
Hints:
1. Does that encoding look familiar?
2. The str_xor function does not need to be reverse engineered for this challenge.

Theory

According to the description, to get the flag we have to know what password it is to get the original flag, since it has been encoded in what seems to be XOR encryption, which is reversible by itself, which is a really cool cryptographic method that I use often to encrypt some of my messages. Anyways, after what happened in the first one, it's safe to say this next is also gonna be pretty easy, I don't know what that file will have, but according to the first hint, the password is also encoded, we'll see what that is.

Solution

Let's download the files into a same folder, and see what the python has (I've removed the XOR part because it's a little in the way, but you still need it in the code for it to work):

flag_enc = open('level2.flag.txt.enc', 'rb').read()

def level_2_pw_check():
    user_pw = input("Please enter correct password for flag: ")
    if( user_pw == chr(0x33) + chr(0x39) + chr(0x63) + chr(0x65) ):
        print("Welcome back... your flag, user:")
        decryption = str_xor(flag_enc.decode(), user_pw)
        print(decryption)
        return
    print("That password is incorrect")

level_2_pw_check()

And it is just in hexadecimal, good thing we can run that on python and get the password to decode the flag:

C:\Users\shukularuni\Documents\pwc\lvl2>python
>>> print( chr(0x33) + chr(0x39) + chr(0x63) + chr(0x65) )
39ce

>>> exit()

Now that we have the password, we just need to run it with that and we should be good to go:

C:\Users\shukularuni\Documents\pwc\lvl2>python level2.py
Please enter correct password for flag: 39ce
Welcome back... your flag, user:
picoCTF{tr45h_51ng1ng_502ec42e}

There we go! That's the flag.

I rated this level as "good"! :3

https://play.picoctf.org/practice/challenge/246

Explore My Website