How I Cracked Your Challenge (Coding Challenge 1)

Hello World!!!

This post is about solving one simple CTF challenge from RingerZer0. This is the first challenge from the coding section named “hash me please”, where in we have 2 seconds to hash the displayed message using sha512 algorithm and send the answer back to the server using the link https://ringzer0team.com/challenges/13/%5Bhash_of_the_message]

The following solution code is written in Python and uses the selenium web drivers.

import hashlib
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
usr = "username"
pas = "password"
driver = webdriver.Firefox()
driver.get ("https://ringzer0team.com/login")
elem = driver.find_element_by_name ("username")
elem.send_keys(usr)
elem = driver.find_element_by_name ("password")
elem.send_keys(pas)
elem.send_keys (Keys.RETURN)
driver.get ("https://ringzer0team.com/challenges/13")
element = driver.find_element_by_class_name ("message")
element_text = element.text
print element_text
new_string = element_text [26:]
print new_string
new_string_1 = new_string [:-24]
print new_string_1
hash_1 = hashlib.sha512(new_string_1)
print "\n***********\n"
hash_object = hash_1.hexdigest()
print hash_object
driver.get ("https://ringzer0team.com/challenges/13/%s" %hash_object)

Most of the code is self-explanatory. The first is the normal login part where in user credentials are supplied log in into the Ringerzer0.

 usr = "username"
 pas = "password"
 driver = webdriver.Firefox()
 driver.get ("https://ringzer0team.com/login")
 elem = driver.find_element_by_name ("username")
 elem.send_keys(usr)
 elem = driver.find_element_by_name ("password")
 elem.send_keys(pas)
 elem.send_keys (Keys.RETURN)

The next task is to fetch the message in order to hash it. Below is the sample message displayed when the challenge is accessed. The message changes every 2 seconds.

----- BEGIN MESSAGE -----peifEOAdlUcTVWK6SIjctgqkstkK432j7bpCQPF1AHLmtljbUsddytnRNyrHskRql6S1MnTcVupeGygqRkufEIXh6eOopvFBsns4Bc7mxnr4LyksIFycdlkaqZpGlU7D7qyztvLQI3KkrVDZq22ueduv2K1duYHsf5RyqteZmPaDBDtRwlcAowVh6MkrBSJGNq44K9UWPUqgoJYKV0aamWhjzsA0aaxNrsI1ssO7c4eqD21pS2p5OxfdPF4QFsuWL2O3ks1nm5EQXv5GnlB2IG5oc05IjpuUi8NsqEGDzajnvfTJqlBZRxdUn9sxoNhxMUP3pmwPmG2HLLh1WIRE5UpjUHG8lNvXybQNncsAIl8kXfbJNSeJDuSn1omc2I0rKG5YJoohzmsmstW5c1EGlnUdC6guF6LfCG4cVjkkwCwOWjKYaevlsfpUcvfIsQOVnIX8R7jdzGRlPraQwv2PBhzEDEcVlQGzpty6qHaQeR2T92zworbQzBk25nNh4jGjD5fUCgAHYtqXmQkA8mhxOspKF3RzcoIGjOqMURjIaAwmgHNeUVCydR8JKQ8N4HjemAR7h0Gir2vxA9CkV4JYMHxnow0i4angA4dIVKRcCdA3c2eXXNMAlaNzxEIrEVy5QBEBbmEEp4ysXCgKfSbrTOQgipxNbVIRndjppNUFHiXuK35QM68vLPCT4Zx5L5NY9WepAYU77HsIBopdlnzW21GXR3SsZwhYjmdJaXH8v0GWfV0q8pc1hIOYCxhrTpg3BjDC7aAt16f6R5mQlpHsYmhqJoHtENm5XPxVQXeIUkECgQir6QKU2RbC6JWAn8vaOTWvH13rbxThe2zbI9VBRX4NwQeJPzKtjwPQoI7q6RybJXchXYJELDi8jmHYMhiVEYBTwz9tgxvPkxX8mxDY0LWaXtZAB8l6WNPjdODjbYZmmNlyaOm1p82dsSDTQPPDtvMw9gFb4vng8zE8dR0sQSw8A0ShGyKZTnlTtRUod8ubxZaAG0TnJgla64hDsSsc
----- END MESSAGE -----

Now in order to locate and fetch the message element from the webpage, I used driver.find_element_by_class_name. This is used when you want to locate an element by class attribute name.

 element = driver.find_element_by_class_name ("message")
 element_text = element.text
 print element_text

Now in order to eliminate —– BEGIN MESSAGE —– and —– END MESSAGE —– I used string_variable [26:] and string_variable [:-24]. Below mentioned method truncates the string at specific positions.

 new_string = element_text [26:]
 print new_string
 new_string_1 = new_string [:-24]
 print new_string_1

Once the message is obtained it is hashed and driver.get function is used to send the obtain hashed to the described URL, which solves the challenge :).

 hash_1 = hashlib.sha512(new_string_1)
 print "\n***********\n"
 hash_object = hash_1.hexdigest()
 print hash_object
 driver.get ("https://ringzer0team.com/challenges/13/%s" %hash_object)

 

Advertisements

Author: Gray Wolf

Son, Brother and Cyber Security Enthusiast...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s