../316_writeup

316 CTF

316 CTF writeup

challenges over at: https://316ctf.com/

This CTF challenge requires you do a lot of hashcracking. The way you would generally approach this is using

  1. John the ripper
  2. Hashcat

But an unconventional approach would be to use this python script and let it run overnight. This will solve all the problems for you.

Note: Works on linux machines. Run this bash script first to install the necessary dependencies

	#!/bin/bash

	error_exit() {
	    echo "$1" 1>&2
	    exit 1
	}

	# Check if pip is installed
	if ! command -v pip &> /dev/null
	then
	    error_exit "pip could not be found. Please install pip first."
	fi

	# Check if Selenium is already installed
	if pip show selenium &> /dev/null
	then
	    echo "Selenium is already installed."
	fi

	echo "Installing Selenium..."
	if pip install selenium
	then
	    echo "Selenium installed successfully."
	else
	    error_exit "There was an issue installing Selenium. Check the traceback above for details."
	fi

	CHROMEDRIVER_URL="https://storage.googleapis.com/chrome-for-testing-public/127.0.6533.72/linux64/chromedriver-linux64.zip"
	DESTINATION_DIR="$HOME/Desktop"

	TEMP_DIR=$(mktemp -d)

	if ! command -v curl &> /dev/null
	then
	    error_exit "curl could not be found. Please install curl first."
	fi

	if ! command -v unzip &> /dev/null
	then
	    error_exit "unzip could not be found. Please install unzip first."
	fi

	echo "Downloading ChromeDriver..."
	if curl -L "$CHROMEDRIVER_URL" -o "$TEMP_DIR/chromedriver.zip"
	then
	    echo "Download complete."
	else
	    error_exit "Failed to download ChromeDriver."
	fi

	echo "Unzipping ChromeDriver..."
	if unzip "$TEMP_DIR/chromedriver.zip" -d "$TEMP_DIR"
	then
	    echo "Unzipping complete."
	else
	    error_exit "Failed to unzip ChromeDriver."
	fi

	if mv "$TEMP_DIR/chromedriver-linux64/chromedriver" "$DESTINATION_DIR"
	then
	    echo "ChromeDriver moved to $DESTINATION_DIR."
	else
	    error_exit "Failed to move ChromeDriver to $DESTINATION_DIR."
	fi

	rm -rf "$TEMP_DIR"

	echo "ChromeDriver installation completed successfully."

	# URL of the latest Google Chrome for Linux

	DESTINATION_DIR="/opt/google/chrome"

	TEMP_DIR=$(mktemp -d)

	# Ask the user if they have Google Chrome installed
	read -p "Do you already have Google Chrome installed? (Y/N): " has_chrome

	if [[ "$has_chrome" =~ ^[Yy]$ ]]
	then
	    echo "You already have Google Chrome installed. Exiting the script."
	    exit 0
	fi

	echo "Downloading Google Chrome..."
	if wget -q -O google-chrome-stable_current_amd64.deb https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
	then
	    echo "Download complete."
	else
	    error_exit "Failed to download Google Chrome."
	fi
	echo "Following requires your sudo password"
	sudo dpkg -i google-chrome-stable_current_amd64.deb

	echo "Google Chrome installation completed successfully."

Make sure you say ā€œNā€ to having chrome. This is because it requires the specific version which you may not have. After this you can run this python script.

Just make sure to enter your email address and password in the script for a smooth login.

	#!/usr/bin/env python3

	import time
	from selenium import webdriver
	from selenium.webdriver.common.by import By
	from bs4 import BeautifulSoup
	from selenium.webdriver.support.ui import WebDriverWait
	from selenium.webdriver.support import expected_conditions as EC
	from selenium.common.exceptions import TimeoutException

	print('wait...')
	
	home_directory = os.path.expanduser("~")
	file_path = os.path.join(home_directory, "Desktop" , "chromedriver")
	
	service = webdriver.ChromeService(executable_path= file_path) # path to chromedriver executable
	driver = webdriver.Chrome(service = service)

	email = ''
	password = ''

	login_url = f'https://play.316ctf.com/login'
	driver.get(login_url)
	driver.find_element(By.NAME,'name').send_keys(email)
	driver.find_element(By.NAME,'password').send_keys(password)
	driver.find_element(By.NAME, "_submit").click()

	def open_file(file_path):
		with open(file_path,'r') as fp:
			possible_passwords = fp.readlines()
		return possible_passwords

	file_path = r'/home/.../dictionary-list.txt' # path to dictionary list
	possible_passwords = open_file(file_path)

	def start_page():
		challenge_url = 'https://play.316ctf.com/challenges#Huntsville%20#1-121'
		driver.get(challenge_url)
		delay = 3 #seconds
		try:
			myElem = WebDriverWait(driver,delay).until(EC.presence_of_element_located((By.ID, 'challenge-input')))
		except TimeoutException:
			print('page took too long')

	start_page()

	for password in possible_passwords:
		possible_answer = password
		driver.find_element(By.ID, 'challenge-input').send_keys(possible_answer)
		driver.find_element(By.ID, 'challenge-submit').click()
		time.sleep(0.9)
		result = driver.find_element(By.ID, 'result-message').text
		if result == 'correct':
			print(f'GOT IT: {password}')
			break
		elif result == "You're submitting flags too fast. Slow down.":
			print(f'too fast: {password}')
			driver.refresh()
			start_page()
			time.sleep(5)
		else:
			print(f'WRONG: {password}')
		answer_field = driver.find_element(By.ID, 'challenge-input')
		answer_field.clear()
		time.sleep(1)

If you want to go the more traditional way then the following would help you

hashcat -m 0 -a 0 hash.txt dictionary-list.txt --show

Just run

hashcat --help

to understand the possible things this boy can do.