Verify CTF Write-up

An introductory and easy challenge from PICO 2024

This challenge presents a list of fake files with one containing the encrypted flag. It allows us to review details on file hashing, bash scripting, and also reviewing man pages (RTFM).

A directory filled with fake files and one encrypted file containing the encrypted flag
A checksum.txt file that contains the sha256 hash of the encrypted file
A decrypt.sh script to decrypt the encrypted file.

Since there are 302 files a automatic approach is the best solution. I haven't written many shell scripts so I took this as an opportunity to refresh myself. We simply loop through all the files in the directory and compare them to the hash in the checksum.txt using sha256sum.

Look through the sha256sum man page for details of sha256sum and the -c option I used.https://linux.die.net/man/1/sha256sum

solver.sh

// #!/bin/bash
checksum=$"path/to/checksum.txt"
for f in *; do
        echo $checksum $f | sha256sum -c
done

Reviewing the output of the script we see file 'e018b574' has a matching hash.

Connect to the remote server and apply the decrpyt.sh script to obtain the flag.

This CTF from PICO CTF 2024 was rated easy and is more an introduction to hashing, shell scripting and executing programs from a command line but still a fun and quick challenge.

Resources

https://www.freecodecamp.org/news/bash-scripting-tutorial-linux-shell-script-and-command-line-for-beginners/

Previousinterencdec CTF Write-up NextScan Surprise Write-up

Last updated 11 months ago