Press "Enter" to skip to content

[IceCTF2016]Kitty – 70pt

Question:

They managed to secure their website this time and movedthe

hashing to the server :(. We managed to leak this hash ofthe

admin's password though!

c7e83c01ed3ef54812673569b2d79c4e1f6554ffeb27706e98c067de9ab12d1a.

Can you get the flag? kitty.vuln.icec.tf

Solution:

題目給出了一個網址和一串sha256的加密字串 , 那先點進網頁看看源始碼

發現其密碼是有一定格式的

{IceCTF2016}[Web](Stage2)Kitty - 70pt

即是例如Aa00% 這樣 , 那我們完全可以寫一程式窮舉所有的可能性

故得出以下算法

{IceCTF2016}[Web](Stage2)Kitty - 70pt

運行效果:

{IceCTF2016}[Web](Stage2)Kitty - 70pt

1秒多就解出來了

然後拿著密碼去網頁登入

{IceCTF2016}[Web](Stage2)Kitty - 70pt

IceCTF{i_guess_hashing_isnt_everything_in_this_world}

Comments