Pico CTF

Verify

Description

People keep trying to trick my players with imitation flags. I want to make sure they get the real thing! I'm going to provide the SHA-256 hash and a decrypt script to help you know that my flags are legitimate.

sh -p 54653 ctf-player@rhea.picoctf.net Using the password 83dcefb7. Accept the fingerprint with yes, and ls once connected to begin. Remember, in a shell, passwords are hidden!

Checksum: 467a10447deb3d4e17634cacc2a68ba6c2bb62a6637dad9145ea673bf0be5e02

To decrypt the file once you've verified the hash, run ./decrypt.sh files/"file".

Hints

  1. Checksums let you tell if a file is complete and from the original distributor. If the hash doesn't match, it's a different file.
  2. You can create a SHA checksum of a file with sha256sum "file" or all files in a directory with sha256sum "directory"/"/directory".
  3. Remember you can pipe the output of one command to another with |. Try practicing with the 'First Grep' challenge if you're stuck!

Solution

picoCTF{trust_but_verify_c6c8b911}

CLI

Kappajester83-picoctf@webshell:~$ ssh -p 49936 ctf-player@rhea.picoctf.net

The authenticity of host '[rhea.picoctf.net]:49936 ([3.136.191.228]:49936)' can't be established. ED25519 key fingerprint is SHA256:QKdv+RGJL0UYRDM66IiGQ5dsXOX7DQFqB7umTylh+IU. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '[rhea.picoctf.net]:49936' (ED25519) to the list of known hosts.

ctf-player@rhea.picoctf.net's password:

Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 6.5.0-1016-aws x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantagez

This system has been minimized by removing packages and content that are not required on a system that users do not log into. To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

ctf-player@pico-chall$ cat checksum.txt

467a10447deb3d4e17634cacc2a68ba6c2bb62a6637dad9145ea673bf0be5e02
ctf-player@pico-chall$ sha256sum files/*
4666cbea94c25fe9c9f3bf5066a8c911d451a9add3edf33cf0dded9877ea74d0 files/047MJYW7
48985dcd07f0571bb58e7c1a78ec18ea53a0d867f4d2e1e45adb8b3467b51a73 files/0CbGv6a3
===
582c5612f897614bf196d23001fe6bdf164dd456de1ebc30fe70e4b88d6ac154 files/zUmtlpHw
9e35308b50fc97b8ee3181c5213a3f1e2526fda5a4fa2bbeeaf21e62e08f5652 files/zjK7vU2n
02992978dd1e83db4b24ecb2c9b73ee1e706e468f1639fb84cf1c82bbc081b95 files/zlkIRSOv

ctf-player@pico-chall$ sha256sum files/* | grep

"467a10447deb3d4e17634cacc2a68ba6c2bb62a6637dad9145ea673bf0be5e02"
467a10447deb3d4e17634cacc2a68ba6c2bb62a6637dad9145ea673bf0be5e02 files/c6c8b911


ctf-player@pico-chall$ file files/c6c8b911

files/c6c8b911: openssl enc'd data with salted password

ctf-player@pico-chall$ ./decrypt.sh files/c6c8b911

picoCTF{trust_but_verify_c6c8b911}