MISTasks/Technical/picoCTF/t1/q4.md

Question: Verify

Key: picoCTF{trust_but_verify_2cdcb2de}

Core concept: SHA256 Hash

We're given a directory full of files, a checksum.txt file, and a ./decrypt.sh.

First, I checked the contents of the checksum.txt file. It contained a SHA256 hash of some file in the directory. Since all the files were in the same directory, I just generaterdid the SHA256 hashes of the entire directory using sha256sum files/*.

I copied the hash from the checksum.txt file and pasted it alongside the sha256sum command, to filter the contents using grep.

ctf-player@pico-chall$ sha256sum files/* | grep 55b983afdd9d10718f1db3983459efc5cc3f5a66841e2651041e25dec3efd46a
55b983afdd9d10718f1db3983459efc5cc3f5a66841e2651041e25dec3efd46a  files/2cdcb2de

Then, I ran the ./decrypt.sh script with the file I found in the checksum.txt file.

ctf-player@pico-chall$ ./decrypt.sh files/2cdcb2de
picoCTF{trust_but_verify_2cdcb2de}

Voila! Found the flag!

Output: picoCTF{trust_but_verify_2cdcb2de}