27 lines
1017 B
Markdown
27 lines
1017 B
Markdown
|
# Question: Verify
|
||
|
|
### Key: picoCTF{trust_but_verify_2cdcb2de}
|
||
|
|
|
||
|
|
**Core concept: SHA256 Hash**
|
||
|
|
|
||
|
|
We're given a directory full of files, a checksum.txt file, and a ./decrypt.sh.
|
||
|
|
|
||
|
|
First, I checked the contents of the checksum.txt file. It contained a SHA256 hash of some file in the directory.
|
||
|
|
Since all the files were in the same directory, I just generaterdid the SHA256 hashes of the entire directory using `sha256sum files/*`.
|
||
|
|
|
||
|
|
I copied the hash from the checksum.txt file and pasted it alongside the sha256sum command, to filter the contents using `grep`.
|
||
|
|
|
||
|
|
```bash
|
||
|
|
ctf-player@pico-chall$ sha256sum files/* | grep 55b983afdd9d10718f1db3983459efc5cc3f5a66841e2651041e25dec3efd46a
|
||
|
|
55b983afdd9d10718f1db3983459efc5cc3f5a66841e2651041e25dec3efd46a files/2cdcb2de
|
||
|
|
```
|
||
|
|
Then, I ran the ./decrypt.sh script with the file I found in the checksum.txt file.
|
||
|
|
|
||
|
|
```bash
|
||
|
|
ctf-player@pico-chall$ ./decrypt.sh files/2cdcb2de
|
||
|
|
picoCTF{trust_but_verify_2cdcb2de}
|
||
|
|
```
|
||
|
|
|
||
|
|
Voila! Found the flag!
|
||
|
|
|
||
|
|
Output: picoCTF{trust_but_verify_2cdcb2de}
|