This is a level 3 cryptography problem on picoCTF. As we connect to the service running at shell2017.picoctf.com:7691 we are asked either to register or to get flag on pressing register we get this

hc2

now as we can see we are given the hashchain seed what we need to find is the hash before 795076888ed2f9af5d44b4f163b8698e to validate. There is a script  hcexample.py to generate 5 hashes for a given seed value the other that i noticed is that the seed hash is md5 of the given ID all we need to do is brute force the hash that is required. I tweaked the given python script a little to brute force the flag.

hc3

we get the required hash and the user is validated now we connect to the service again and on asked we choose get flag we are asked to authenticate user id, we do it by using the python script given first we find the hash seed.

hc4

good luck getting the flag.

Advertisements