credstuff - PicoCTF2022

100 points

3024 solves / 11 850 attempts (26%) (19.03.2022)

AUTHOR: WILL HONG / LT ‘SYREAL’ JONES

Description

We found a leak of a blackmarket website’s login credentials. Can you find the password of the user cultiris and successfully decrypt it? Download the leak here. The first user in usernames.txt corresponds to the first password in passwords.txt. The second user corresponds to the second password, and so on.

usernames.txt

engineerrissoles
icebunt
fruitfultry
...

passwords.txt

CMPTmLrgfYCexGzJu6TbdGwZa
GK73YKE2XD2TEnvJeHRBdfpt2
UukmEk5NCPGUSfs5tGWPK26gG
...

Zatem musimy po prostu podporządkować pierwszego user do pierwszego hasła i odnaleźć hasło usera cultiris.

Answer

with open('usernames.txt') as u:
    user = u.readlines()
with open('passwords.txt') as p:
    password = p.readlines()

x = zip(user, password)

for pair in x:
    pair = tuple(element.strip() for element in pair)
    if pair[0]=="cultiris":
        print("User:", pair[0], "Password:",pair[1])

Program wyrzucił mi coś takiego: User: cultiris Password: cvpbPGS{P7e1S_54I35_71Z3}

Domyśliłem się, że może chodzić o jakieś przestawienie liter, widać PGS <- CTF. Spróbowalem ROT13.

# Kod na deszyfrowanie ROT13
echo "cvpbPGS{P7e1S_54I35_71Z3}" | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'

I jest flaga picoCTF{C7r1F_54V35_71M3} :)

credstuff - PicoCTF2022#

Description#

usernames.txt#

passwords.txt#

Answer#

credstuff - PicoCTF2022

Description

usernames.txt

passwords.txt

Answer