PicoCTF 2017 - Hash101

Hash101

Prove your knowledge of hashes and claim a flag as your prize! Connect to the service at shell2017.picoctf.com:15412

UPDATED 16:12 EST 1 Apr.

1
2
3
4
5
6
7
8
9
10
11
$ nc shell2017.picoctf.com 15412
Welcome to Hashes 101!

There are 4 Levels. Complete all and receive a prize!


-------- LEVEL 1: Text = just 1's and 0's --------
All text can be represented by numbers. To see how different letters translate to numbers, go to http://www.asciitable.com/

TO UNLOCK NEXT LEVEL, give me the ASCII representation of 0110010101100001011100100111010001101000
> 

Using online ASCII <–> Binary Converter:

1
2
3
0110010101100001011100100111010001101000

hello

Step 2: Convert earth to hex, then that hex to binary

1
2
hello --to-hex--> 68656c6c6f
68656c6c6f --to-binary--> 448378203247

Step 3:

1
2
A Hashing Function intakes any data of any size and irreversibly transforms it to a fixed length number. For example, a simple Hashing Function could be to add up the sum of all the values of all the bytes in the data and get the remainder after dividing by 16 (modulus 16)                                                                                   
TO UNLOCK NEXT LEVEL, give me a string that will result in a 12 after being transformed with the mentioned example hashing function                             

We need the ASCII value of a number/letter who’s modulo-16 (Remainer after dividing by 16) is 12

16+16+16+12 = 60 –to-ascii–> < (Less than character)

Step 4:

1
2
3
4
5
6
7
--------------- LEVEL 4: Real Hash ---------------                                       
A real Hashing Function is used for many things. This can include checking to ensure a file has not been changed (its hash value would change if any part of it is changed). An important use of hashes is for storing passwords because a Hashing Function cannot be reversed to find the initial data. Therefore if someone steals the hashes, they must try many different inputs to see if they can "crack" it to find what password yields the same hash

. Normally, this is too much work (if the password is long enough). But many times, people's passwords are easy to guess... Brute forcing this hash yourself is not a good idea, but there is a strong possibility that, if the password is weak, this hash has been cracked by someone before. Try looking for websites that have stored already cracked hashes.   
                                                                                         
TO CLAIM YOUR PRIZE, give me the string password that will result in this MD5 hash (MD5, like most hashes, are represented as hex digits):                                        
699c0be567e2cbc16214dc4bc531cf4d                                                         

To solve, search online for an MD5 Decrypter https://hashkiller.co.uk/md5-decrypter.aspx

1
699c0be567e2cbc16214dc4bc531cf4d MD5 : lymph

Enter lymph to get the flag. Enter it to gain your points