capture the flag, hacking

PicoCTF 2017 – LeakedHashes

Another day, another challenge…

Today’s blog post we’re going to solve the “LeakedHashes” challenge from PicoCTF.

Let’s get started.

Clicking on the challenge we see:

PicoCTF_Leaked_Hashes_1

OK – we need to log into a service, but we do not know the password. We do have leaked hash passwords.

Clicking the hashdump.txt file we see:

PicoCTF_Leaked_Hashes_2

Let’s see what the hints say.

PicoCTF_Leaked_Hashes_3

OK. Let’s see if we can find a way to crack these passwords!

Doing a Google search for “online cracked hashes” we get the following link.

Trying the first hash of root we were not able to crack the password.

Using the second hash of christene, we get:

PicoCTF_Leaked_Hashes_4

We were able to crack the password.

Let’s try to login in with christene.

Going back to the commnd line and using the nc command we get:

PicoCTF_Leaked_Hashes_5

Scrolling down we see:
PicoCTF_Leaked_Hashes_6

We found the flag, and acquired 90 points!!!