Skip to main content
  1. CTF Writeups/
  2. BackdoorCTF 2024/

I Like McDonalds

·
Cry 100pt Hash
subzcuber
Author
subzcuber
i like to imagine i’m funny

Points: 100

My friend has created his own hashing service and has given it to me to crack it, can you help me with it. He has promised me a burger for this as I like McDonald’s so much , can you help me get some? please :) :)

Author: gr00t

There was probably some good hash collision solution idk, but we were given 128 tries to get 64 correct answers. And on every wrong try the thing directly told us what it wanted, so…

Just go through the ./solve.py script, there was nothing to do

import pwn
import codecs
import re

words = [
    "Apple", "Breeze", "Candle", "Dolphin", "Echo", "Forest", "Galaxy", 
    "Harmony", "Island", "Journey", "Kite", "Lantern", "Mountain", 
    "Nectar", "Ocean", "Puzzle", "Quasar", "Rainbow", "Sunset", 
    "Thunder", "Umbrella", "Velvet", "Whisper", "Xylophone", "Yonder", 
    "Zephyr", "Acorn", "Blossom", "Cactus", "Dream", "Ember", 
    "Feather", "Giraffe", "Horizon", "Illusion", "Jigsaw", 
    "Kaleidoscope", "Lullaby", "Meadow", "Nightingale", "Oasis", 
    "Petal", "Quicksand", "Riddle", "Starfish", "Tapestry", 
    "Universe", "Vortex", "Willow", "Xenon", "Yearn", "Zenith", 
    "Amethyst", "Change this word", "Cascade", "Dusk", "Teri maa ki", "Fable", 
    "Glimmer", "Hummingbird", "Infinity", "Jolt", "Kismet", "Luminary"
]

HOST = "34.42.147.172"
PORT = "8004"
r = pwn.remote(HOST, PORT)

for i in range(64):
    print(r.recvuntil(b'token:').decode())
    WORD = words[i]
    HEX_WORD = codecs.encode(WORD.encode(), "hex").decode()
    # print(f"{HEX_WORD=}")
    TOKEN = HEX_WORD
    OUTPUT = f"{HEX_WORD} {TOKEN}"
    print(OUTPUT)
    r.sendline(OUTPUT.encode())
    RETURN_STRING = r.recvline().decode()
    print(RETURN_STRING)
    # NEW_TOKEN = RETURN_STRING.split("Expected token: ")[1].strip()
    MATCH = re.search(r'Expected token: (\w+)', RETURN_STRING)
    if MATCH:
        NEW_TOKEN = MATCH.group(1)
        # print(NEW_TOKEN)
    else:
        NEW_TOKEN = TOKEN
    NEW_OUTPUT = f"{HEX_WORD} {NEW_TOKEN}"
    print(r.recvuntil(b'token:').decode())
    print(NEW_OUTPUT)
    r.sendline(NEW_OUTPUT.encode())
print(r.recvall().decode())
Success! 64/64 valid tokens verified

Congratulations! You beat the challenge!
flag{C0ngr4ts_0n_f1nd1ng_Th1s_H4sh_c0ll1s10ns_N0w_G0_h4v3_4_D0ubl3_Ch33s3_Burg3r}
flag{C0ngr4ts_0n_f1nd1ng_Th1s_H4sh_c0ll1s10ns_N0w_G0_h4v3_4_D0ubl3_Ch33s3_Burg3r}
Reply by Email

Related

La Casa de Papel
Cry 50pt Hash Collision
not sure but ez
RSAabc
Cry 50pt Rsa
reverse the encryption
Colors
Cry Cyberchef