picoCTF 2025 – Cryptography • Easy
Connecting to the provided webshell, we are presented with a message similar to this:
Insecure password storage detected!
Hash: 482c811da5d5b4bc6d497ffa98491e38
The challenge presents us with an hash. Our goal is to recover the preimage of this hash (the password).
An hash function is irreversible by design, so if the algorithm used is a secure one the only thing left to do is try all possbile passwords.
If the password is secure this process is unfeasable. But since is a CTF we assume that the password chosen is not a secure one.
Instead of trying all possible password we could for example try a list of most common password and see if we get a match that way.
We can look online for a dictionary of password and perform the hashing using most common hashing algorithm like MD5, SHA-1 or SHA-256.
This is easly done by writing a script or by using programs like John The Ripper or Hashcat.
An example dictionary is the famous rockyou.txt, which can be downloaded from sources like Kaggle or GitHub mirrors.
Password-hash databases can be found online, so instead of doing the job ourselves we can lookup the results already. For example, using websites like CrackStation.
Here is an example Python script that tries to crack an MD5 hash using a dictionary file:
import hashlib
def crack_md5(target_hash, dict_file):
try:
with open(dict_file, 'r', encoding='utf-8', errors='ignore') as f:
for line in f:
password = line.strip()
hashed = hashlib.md5(password.encode('utf-8')).hexdigest()
if hashed == target_hash.lower():
return password
return None
except Exception as e:
print(f"Error: {e}")
return None
# Example usage:
# target = "482c811da5d5b4bc6d497ffa98491e38"
# dictionary = "rockyou.txt"
# result = crack_md5(target, dictionary)
# if result:
# print(f"Password found: {result}")
# else:
# print("Password not found in dictionary.")
After submitting the first password you will recieve another hash. Just repeat the process two more times to get the flag.