RingZer0CTF - Hash me if you can
September 22, 2022•188 words
We need to create a small script in order to be quick enough to solve this challenge, as we cannot possibly copy the message, hash it and send the correct request in under two seconds.
The script to solve this challenge is fairly straightforward, here it is:
import requests
import hashlib
x = requests.get('http://challenges.ringzer0team.com:10013/')
if '----- BEGIN MESSAGE -----' in x.text:
start = x.text.index('----- BEGIN MESSAGE -----') + len('----- BEGIN MESSAGE -----') + 15 #15 is required to exclude the br html tag and some newlines, the same goes for the other 15 on the next line
stop = x.text.index('----- END MESSAGE -----') - 15
message = x.text[start:stop]
result = hashlib.sha512(message.encode('utf-8')).hexdigest()
url = 'http://challenges.ringzer0team.com:10013/?r=' + result
y = requests.get(url)
print(y.text)
What it does is look for the position of the message inside the HTML response received from the server, hashes it using the correct algorithm and sends it over to the server to retrieve the FLAG.