[Capture The Flag] Please stop and Hash it out

Capture The Flag challenges are hacking puzzles.
You must find a text string flag somewhere and PM it to me and I will tell you if it is correct or not…
Normally it is in the form “CTF{something}” but not always. Good Luck!
This challenge closes on 5/2/2018. After this date, we will discuss it.

Please stop and Hash it out

I was at the Makerspace and people kept arguing over who will create the best CTF challenge.
Some said it was too hard and others said it wasn’t hard enough.
Sometimes you just have to sit down and Hash it out. So, they gave me something to work on.

Here is what we have so far but is it missing a flag? Perhaps, other makers can help?

e2415cb7f63df0c9de23362326ad3c37a9adfc96
86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
13fbd79c3d390e5d6585a21e11ff5ec1970cff0c
58e6b3a414a1e090dfc6029add0f3555ccba127f
b858cb282617fb0956d960215c8e84d1ccf909c6
51e69892ab49df85c6230ccc57f8e1d1606caccc
516b9783fca517eecbd1d064da2d165310b19759
b858cb282617fb0956d960215c8e84d1ccf909c6
86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
d1854cae891ec7b29161ccaf79a24b00c274bdaa
3c363836cf4e16666669a25da280a1865c2d2874
b858cb282617fb0956d960215c8e84d1ccf909c6
a0f1490a20d0211c997b44bc357e1972deab8ae3
6b0d31c0d563223024da45691584643ac78c96e8
58e6b3a414a1e090dfc6029add0f3555ccba127f
07c342be6e560e7f43842e2e21b774e61d85f047
07c342be6e560e7f43842e2e21b774e61d85f047
b858cb282617fb0956d960215c8e84d1ccf909c6
8efd86fb78a56a5145ed7739dcb00c78581c5375
27d5482eebd075de44389774fce28c69f45c8a75
58e6b3a414a1e090dfc6029add0f3555ccba127f
b858cb282617fb0956d960215c8e84d1ccf909c6
32096c2e0eff33d844ee6d675407ace18289357d
c2c53d66948214258a26ca9ca845d7ac0c17f8e7
e69f20e9f683920d3fb4329abd951e878b1f9372
60ba4b2daa4ed4d070fec06687e249e0e6f9ee45
50c9e8d5fc98727b4bbc93cf5d64a68db647f04f
6dcd4ce23d88e2ee9568ba546c007c63d9131c1b
d160e0986aca4714714a16f29ec605af90be704d
d160e0986aca4714714a16f29ec605af90be704d
6dcd4ce23d88e2ee9568ba546c007c63d9131c1b
02aa629c8b16cd17a44f3a0efec2feed43937642
53a0acfad59379b3e050338bf9f23cfc172ee787
c63ae6dd4fc9f9dda66970e827d13f7c73fe841c
6dcd4ce23d88e2ee9568ba546c007c63d9131c1b
a7ee38bb7be4fc44198cb2685d9601dcf2b9f569
e0184adedf913b076626646d3f52c3b49c39ad6d
06576556d1ad802f247cad11ae748be47b70cd9c
02aa629c8b16cd17a44f3a0efec2feed43937642
511993d3c99719e38a6779073019dacd7178ddb9
6dcd4ce23d88e2ee9568ba546c007c63d9131c1b
32096c2e0eff33d844ee6d675407ace18289357d
e0184adedf913b076626646d3f52c3b49c39ad6d
c2b7df6201fdd3362399091f0a29550df3505b6a

@StanSimmons … you might try this one

And @malcolmputer gets another one solved! Good Work!

There are many methods for solving these. Choose whatever tools are easiest for you.

These are starting to get very tempting for someone of my skill level to jump on. Got anything more challenging?

Well, solve the first three, first. Yes, there are much more challenging ones.

On the grounds that I’m the committee chair I feel that it may arise a conflict of interest to join in, then again its a challenge not a contest so even If I win it goes to the next guy

@denzuko just captured the Flag! Good Work!

Anyone else need a hint?

Give it a try…

That one was really fun

You should try the last challenge…

already working on it then I’ll post up mine to see if anyone can crack that one

These three will close on a few days and then we will post another round of three. And we can finally discuss these.

@Brian solved it! Congratulations on the solve! I hope once this closes you will share your solution.

This challenge is CLOSED

The Flag is “CTF{DALLAS_MAKERSPACE}” and the whole decoded string is
“Wake up and smell the CTF{DALLAS_MAKERSPACE}”

@Brian @malcolmputer @denzuko

Would you share how you came up with the flag?

My solution…

# C:\Python64\python

import hashlib

hashes = [
        'e2415cb7f63df0c9de23362326ad3c37a9adfc96',
        '86f7e437faa5a7fce15d1ddcb9eaeaea377667b8',
        '13fbd79c3d390e5d6585a21e11ff5ec1970cff0c',
        '58e6b3a414a1e090dfc6029add0f3555ccba127f',
        'b858cb282617fb0956d960215c8e84d1ccf909c6',
        '51e69892ab49df85c6230ccc57f8e1d1606caccc',
        '516b9783fca517eecbd1d064da2d165310b19759',
        'b858cb282617fb0956d960215c8e84d1ccf909c6',
        '86f7e437faa5a7fce15d1ddcb9eaeaea377667b8',
        'd1854cae891ec7b29161ccaf79a24b00c274bdaa',
        '3c363836cf4e16666669a25da280a1865c2d2874',
        'b858cb282617fb0956d960215c8e84d1ccf909c6',
        'a0f1490a20d0211c997b44bc357e1972deab8ae3',
        '6b0d31c0d563223024da45691584643ac78c96e8',
        '58e6b3a414a1e090dfc6029add0f3555ccba127f',
        '07c342be6e560e7f43842e2e21b774e61d85f047',
        '07c342be6e560e7f43842e2e21b774e61d85f047',
        'b858cb282617fb0956d960215c8e84d1ccf909c6',
        '8efd86fb78a56a5145ed7739dcb00c78581c5375',
        '27d5482eebd075de44389774fce28c69f45c8a75',
        '58e6b3a414a1e090dfc6029add0f3555ccba127f',
        'b858cb282617fb0956d960215c8e84d1ccf909c6',
        '32096c2e0eff33d844ee6d675407ace18289357d',
        'c2c53d66948214258a26ca9ca845d7ac0c17f8e7',
        'e69f20e9f683920d3fb4329abd951e878b1f9372',
        '60ba4b2daa4ed4d070fec06687e249e0e6f9ee45',
        '50c9e8d5fc98727b4bbc93cf5d64a68db647f04f',
        '6dcd4ce23d88e2ee9568ba546c007c63d9131c1b',
        'd160e0986aca4714714a16f29ec605af90be704d',
        'd160e0986aca4714714a16f29ec605af90be704d',
        '6dcd4ce23d88e2ee9568ba546c007c63d9131c1b',
        '02aa629c8b16cd17a44f3a0efec2feed43937642',
        '53a0acfad59379b3e050338bf9f23cfc172ee787',
        'c63ae6dd4fc9f9dda66970e827d13f7c73fe841c',
        '6dcd4ce23d88e2ee9568ba546c007c63d9131c1b',
        'a7ee38bb7be4fc44198cb2685d9601dcf2b9f569',
        'e0184adedf913b076626646d3f52c3b49c39ad6d',
        '06576556d1ad802f247cad11ae748be47b70cd9c',
        '02aa629c8b16cd17a44f3a0efec2feed43937642',
        '511993d3c99719e38a6779073019dacd7178ddb9',
        '6dcd4ce23d88e2ee9568ba546c007c63d9131c1b',
        '32096c2e0eff33d844ee6d675407ace18289357d',
        'e0184adedf913b076626646d3f52c3b49c39ad6d',
        'c2b7df6201fdd3362399091f0a29550df3505b6a' ]

character_map = {}

for i1 in range(32, 128):
    ch = chr(i1).encode()
    m = hashlib.sha1()
    m.update(ch)
    character_map[m.hexdigest()] = ch

rv = ''

for hash in hashes:
    ch = character_map.get(hash, None)
    if ch is None:
        print('No mapping for:', hash)
    else:
        rv += ch.decode()

print(rv)

Usage of SHA1 determined by Googling the first few hashes…
https://www.google.com/search?q=e2415cb7f63df0c9de23362326ad3c37a9adfc96

How did you figure out that to do that? That each was a letter for example?

Googling the first three hashes led to places like this…

https://sha1.gromweb.com/?hash=e2415cb7f63df0c9de23362326ad3c37a9adfc96

…that have single letters for the plain text. Given the nature of cryptographically secure hashes it is safe to assume that pattern continues.

Essentially the same solution as Brian. I pre-calculated a lookup table of the ASCII table space (wrote a short bash), copied that into an excel table, sorted it, and used VLOOKUP on the hashes.

here’s the script I used:

#!/bin/bash

TMPFILE=‘mktemp /tmp/example.XXXXXXXXXX‘ || exit 1

xclip -o > "${TMPFILE}" # build database from clipboard contents

# load crackstation's dictionaries
xdg-open https://crackstation.net

# split database per 20 lines and wait for input to get next 20
split -l 20 "${TMPFILE}" "/tmp/output.txt."

find /tmp/ -iname output.txt.\* | while read file; do
    echo "Reading $file" && xclip -o << $file && echo "Done.."
    echo "Press any key to continue to next set or ^C to quit." && read
done

Broken down it just takes the input buffer, splits it into 20 lines for pasting into crackstation. not as cool as using curl or an actual cracker but then again this is highly efficient since it works no matter which system its ran on and depends on no more than bash and coreutils.

the lack of any ‘=’ characters or anything above ascii ‘f’ and the string length per line was a dead give way:

echo "6dcd4ce23d88e2ee9568ba546c007c63d9131c1b" | wc -c
40
echo $((40 * 4))
160

40 character hex is 160 bits thus sha-1. Sha-2 is 224, 256, 384, or 512 bits. Sha-3 is arbitrary sizes. SHA-0 is unused and MD5 is 128 bit or 32 characters. BASE64 is either 64 or 76 characters per line padded with = characters.

So it was clearly a sha-1 hash.