Title:
Verify
Author:
Jeffery John
Date:
8/10/2024
Challenge Description
https://play.picoctf.org/practice/challenge/450
Difficulty Level
Easy
Setup
kali linux
Solution Overview
Detailed Steps
1.List information about the /home FILEs all
ls -al
total 28
drwxr-xr-x 3 root root 4096 Mar 11 20:09 .
drwxr-xr-x 3 root root 4096 Aug 10 14:31 ..
-rw-r--r-- 1 root root 65 Mar 11 20:09 checksum.txt
-rwxr-xr-x 1 root root 856 Mar 11 20:09 decrypt.sh
drwxr-xr-x 2 root root 12288 Mar 11 20:09 files
2.Concatenate FILE(s), or standard input, to standard output.
cat checksum.txt
3ad37ed6c5ab81d31e4c94ae611e0adf2e9e3e6bee55804ebc7f386283e366a4
- Check SHA256(256-bit) checksums read with file. and also search checksum.txt output character.
sha256sum files/* | grep "3ad37ed6c5ab81d31e4c94ae611e0adf2e9e3e6bee55804ebc7f386283e366a4"
3ad37ed6c5ab81d31e4c94ae611e0adf2e9e3e6bee55804ebc7f386283e366a4 files/e018b574
4.run decrypt.sh
./decrypt.sh files/e018b574
Error: 'files/e018b574' is not a valid file. Look inside the 'files' folder with 'ls -R'!
I got error message
5.When i found decrypt.sh code i saw that is. openssl cryptofrphy toolkit.
cat decrypt.sh
#!/bin/bash
# Check if the user provided a file name as an argument
if [ $# -eq 0 ]; then
echo "Expected usage: decrypt.sh <filename>"
exit 1
fi
# Store the provided filename in a variable
file_name="$1"
# Check if the provided argument is a file and not a folder
if [ ! -f "/home/ctf-player/drop-in/$file_name" ]; then
echo "Error: '$file_name' is not a valid file. Look inside the 'files' folder with 'ls -R'!"
exit 1
fi
# If there's an error reading the file, print an error message
if ! openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -salt -in "/home/ctf-player/drop-in/$file_name" -k picoCTF; then
echo "Error: Failed to decrypt '$file_name'. This flag is fake! Keep looking!"
fi
6.code said openssl by Encoding with Ciphers.
Final Exploit/Flag
openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -salt -in "files/e018b574" -k picoCTF
picoCTF{trust_but_verify_e018b574}
Lessons Learned
Forensics
References
https://linux.die.net/man/1/ls
https://linux.die.net/man/1/cat
https://linux.die.net/man/1/file
https://linux.die.net/man/1/grep
https://linux.die.net/man/1/sha256sum
https://linux.die.net/man/1/openssl
Top comments (0)