Official write-up for a challenge in NasCon CTF '23
Name
5 Times's a Charm
Description
A ransomware attack hit my machine and it turned one of my saved passwords into this. Please help me recover it.
febad5d079bf253c0c76791687c47cfb
Hint
The attacker sent me a message saying "You rock!".
The cipher-text given to us instantly lets us know it's a hash. By the looks of it, it looks like an MD5 digest. Let us confirm this by using hash-identifier. Hash identifier confirms that the cipher text is most probably an MD5 digest.
The first thing that probably anyone does after being given a hash, that needs to be cracked, is go to CrackStation.
Unfortunately, CrackStation is not able to crack the hash :(
After being lost for a while and not knowing what to do, we are given a hint. We take up the hint (provided above), which hints us at the use of our most favorite wordlist rockyou.txt. We go ahead and fire up John the Ripper to try and crack the hash using the rockyou wordlist.
echo "febad5d079bf253c0c76791687c47cfb" > hash
john hash --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt
Even John the Ripper fails us:
Frustrated, we try and look at the problem statement again and we notice how the name is weird. Could the '5 Times' indicate anything other than 'MD5'? That leads to...
We get an amazing idea that maybe someone hashed a password 5 times as the name of the challenge is '5 Times's a Charm' and we write up a simple script (or ask ChatGPT to write it) to hash each password in a wordlist 5 times before comparing it with the target hash. Here is a simple script that does exactly that. We fire up the script, providing it with the wordlist /usr/share/wordlists/rockyou.txt and viola!
The challenge is not always hard. Try to make the most out of the information given to you, including the name, description and hints.