MISTasks/Technical/picoCTF/t1/q4.md

27 lines
1017 B
Markdown

# Question: Verify
### Key: picoCTF{trust_but_verify_2cdcb2de}
**Core concept: SHA256 Hash**
We're given a directory full of files, a checksum.txt file, and a ./decrypt.sh.
First, I checked the contents of the checksum.txt file. It contained a SHA256 hash of some file in the directory.
Since all the files were in the same directory, I just generaterdid the SHA256 hashes of the entire directory using `sha256sum files/*`.
I copied the hash from the checksum.txt file and pasted it alongside the sha256sum command, to filter the contents using `grep`.
```bash
ctf-player@pico-chall$ sha256sum files/* | grep 55b983afdd9d10718f1db3983459efc5cc3f5a66841e2651041e25dec3efd46a
55b983afdd9d10718f1db3983459efc5cc3f5a66841e2651041e25dec3efd46a files/2cdcb2de
```
Then, I ran the ./decrypt.sh script with the file I found in the checksum.txt file.
```bash
ctf-player@pico-chall$ ./decrypt.sh files/2cdcb2de
picoCTF{trust_but_verify_2cdcb2de}
```
Voila! Found the flag!
Output: picoCTF{trust_but_verify_2cdcb2de}