Bsides Delhi CTF’18 Recursive Cracker Write-Up

Hello Guys! So this is the second CTF I organized along with my team in a single month!!

It was really exciting to me and I had received different queries related to different tasks.

So I am bringing out simple and straightforward writeups for the challenges I made.

The challenges are:

  1. Recursive Cracker
  2. Never Too Late Mister

 

Challenge Description:

“Dig deeper and deeper. Don’t give up hope.”

 

From this description, we don’t actually get any clue on how to solve the challenge. So let us look at what the challenge file contains.

It is text file but the contents inside it don’t make any sense.Screenshot from 2018-10-27 10-20-03

We cannot really understand what it is actually. It is an esoteric language called Malbolge. So we have to decode this malbolge script back to ASCII. Surfing through the internet I found this malbolge interpreter.

Link to the interpreter: Malbolge-Tools.

Screenshot from 2018-10-27 10-25-02

Decoding the malbolge text to ASCII we see hex characters. If you look closely over the highlighted text, these are the hexadecimal characters of a ZIP file. Now let us copy and paste this in a text file.

Now the task is to reconstruct the ZIP file using these hex values.

Let us write a simple python script to do so.

Screenshot from 2018-10-27 10-39-26

Now we have successfully reconstructed the whole zip. Let us have a look at the contents inside them.

  1. hello.txt
  2. file.zip

So we extracted these two files now. Looks like “file.zip” is password protected. How can I get the password? But why was “hello.txt” given? It has so many words inside it. I think we need to use a dictionary attack to crack the zip file. Let us do so. Fcrackzip is the tool I normally use. You can use any other tool you want.

Screenshot from 2018-10-27 10-44-37

Yay! We have found the password to crack this zip file. The password is imprudence.

Now let us open this zip file. We find another zip file by the name “flag.zip”

It is also password protected. What should we do now? We have to use “rockyou.txt” which has a really huge collection of commonly used passwords stored inside it. Let us use it.

Screenshot from 2018-10-27 10-50-49

We have now cracked the last zip file with the password rainbow. Now we got a text file with the name flag.txt

let us look at the contents of the text file

Screenshot from 2018-10-27 10-55-11

Hurray!! We did it.

FLAG : flag{Y0u_d1d_1t_br0_k33p_g0inG}

Happy Hacking!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: