Advanced+ Unlocker

This challenge gives us the following description:

Solve me to unlock the advanced category of challenges!

Well, I had a flag to give you. It was my password wrapped in IGE{}, but then someone hashed the flag: 72ad6954b3c211e9bb78f3346da02b7b


Credit: Jonny D.

So from the description, we get the flag’s hash and a very important detail: the hashed flag was wrapped in IGE{}, so we can’t get the flag from public hash databases.

So without the ability to find the hash from public databases, we have to crack the hash by ourselves. From the description, we can also deduce that the flag is created from a password, so I decided to try using the rockyou.txt wordlist. To achieve this I created the following python script

import hashlib

# The hash
_hash = '72ad6954b3c211e9bb78f3346da02b7b'

prefix = 'IGE{'
subfix = '}'

# Opens the rockyou.txt file in read-only mode
f = open('./rockyou.txt', "r", encoding="latin-1")

# Returns True if the generated hash is the same as provided hash else it returns False
def check_hash(content):

    # Creates the complete flag from the password
    string = prefix + content + subfix

    # Gets the hash from the string
    res = hashlib.md5(string.encode())
    print('Trying string: ' + string + '     ' + res.hexdigest())
    # If the flag is found then announce that it was found and return True
    if res.hexdigest() == _hash:
        print('Flag found: ' + string)
        print('Flag found: ' + string)
        print('Flag found: ' + string)
        return True
    return False

while True:
    # read one password from the list and remove white spaces before and after
    password = f.readline().strip()

    # if the flag was found then exit the loop
    if check_hash(password):

Running the script gives us the flag: IGE{galacticforce}

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.