[ root-me ] Hash-SHA2

密码：a7c9d5a37201c08c5b7b156173bea5ec2063edf9

关于SHA2一些研究后，我们发现，与SHA2加密文本的长度为64 
但是，我们有65个字符，十六进制字符从0到F，但在该SHA2我们数k 
所以，误差在这里，我们只是删除'K'，然后使用在线SHA2裂解
我们发现，纯文本是：4dM1n 
知道，我们讨论解决这个纯文本与SHA-1，我们发现：

a7c9d5a37201c08c5b7b156173bea5ec2063edf9

[ root-me ] File - PKZIP

I have the "rockyou.txt" file found on internet with a number of word lists. here is my python code.

import zipfile, tqdm, sys


 zip_file = zipfile.ZipFile("crackme.zip")

ar = [""]*(14344391)
i = 0
with open("rockyou.txt", "r") as f:
for line in tqdm.tqdm(f):
ar[i] = line.strip()
i += 1
found = 0
for j in tqdm.tqdm(range(len(ar))):
try:
zip_file.extractall(pwd=ar[j])
print "password is:", ar[j]
found = 1
break
except:
pass
if not found:
print "password not found"

或

使用fcrackzip，我们可以尝试猜解密码，因为我们必须从某个地方开始，让我们做一些asumptions：密码是3至5个字符长（-length 3-5），并且仅由小写字母和数字（-字符集A1）。此外，这种方法使大量假阳性的，让我们告诉fcrackzip试图通过解压缩存档（检查密码-使用-解压缩）：

1. $ time fcrackzip --brute-force --charset a1 --lenght 3-5 --use-unzip ch5.zip
2. PASSWORD FOUND!!!!: pw == 14535
3. real 37m39.416s
4. user 4m5.507s
5. sys 12m34.115s

我们以前的假设不是那么坏的毕竟！

$ unzip ch5.zip


Archive:  ch5.zip


[ch5.zip] readme.txt password:


inflating: readme.txt

$ cat readme.txt


Use ZIP password to validate this challenge.


Utiliser le mot de passe de l'archive pour valider le challenge.

密码：14535

[ root-me ]Pixel Madness

对我来说，我在python中创建了一个小脚本，通过将每个白色像素表示为0，黑色像素表示为1，直接在控制台中绘制图像，然后将0替换为空间，将1替换为█

首先，我创建了一个文件“lines.txt”，其中包含由点“。”分隔的这些行。：

0x3+1x1+0x1+0x1+0x7+1x2+0x15+1x1+0x8+1x1+0x8+1x1+0x1+1x1+0x1+1x1+0x1+1x1+0x1+1x1+0x3+1x1+0x1+1x1+0x3+1x1+0x1+1x4+0x2+1x1+0x25.0x2+1x1+0x4+1x1+0x4+1x3+0x1+1x2+0x2+1x8+0x11+1x4+0x1+1x3+0x6+1x2+0x4+1x1+0x4+1x2+0x7+1x4+0x4+1x2+0x7+1x2+0x3+1x2+0x3.0x3+1x1+0x2+1x1+0x2+1x1+0x11+1x2+0x2+1x3+0x7+1x1+0x4+1x2+0x2+1x2+0x7+1x1+0x6+1x1+0x2+1x1+0x4+1x3+0x1+1x1+0x4+1x1+0x2+1x1+0x2+1x1+0x3+1x1+0x2+1x3+0x2+1x2+0x3.1x1+0x2+1x1+0x4+1x1+0x2+1x1+0x1+1x1+0x2+1x1+0x2+1x1+0x1+1x2+0x2+1x2+0x1+1x2+0x3+1x1+0x3+1x1+0x2+1x2+0x1+1x3+0x3+1x1+0x2+1x1+0x4+1x2+0x1+1x1+0x4+1x1+0x3+1x2+0x12+1x2+0x1+1x1+0x3+1x7+0x3.0x3+1x1+0x7+1x1+0x1+1x1+0x4+1x1+0x2+1x2+0x2+1x2+0x4+1x1+0x2+1x1+0x1+1x2+0x1+1x8+0x1+1x1+0x4+1x1+0x5+1x1+0x3+1x2+0x2+1x1+0x1+1x2+0x2+1x1+0x3+1x2+0x9+1x1+0x1+1x2+0x2+1x3+0x2+1x1.0x7+1x1+0x4+1x1+0x4+1x1+0x1+1x1+0x1+1x7+0x3+1x1+0x1+1x2+0x3+1x1+0x1+1x6+0x1+1x1+0x3+1x1+0x2+1x1+0x14+1x2+0x8+1x1+0x10+1x2+0x3+1x2+0x1+1x1+0x1.0x6+1x5+0x4+1x1+0x7+1x1+0x2+1x1+0x3+1x2+0x4+1x1+0x8+1x1+0x3+1x2+0x1+1x2+0x3+1x1+0x8+1x1+0x2+1x2+0x1+1x1+0x3+1x7+0x5+1x2+0x2+1x1+0x2+1x2+0x3.0x1+1x1+0x2+1x1+0x1+1x2+0x5+1x1+0x6+1x2+0x3+1x1+0x2+1x1+0x1+1x2+0x20+1x8+0x1+1x1+0x1+1x1+0x4+1x2+0x3+1x1+0x2+1x2+0x3+1x2+0x7+1x2+0x3+1x2+0x4.0x2+1x1+0x3+1x5+0x5+1x2+0x7+1x1+0x4+1x2+0x2+1x1+0x2+1x2+0x1+1x1+0x3+1x1+0x6+1x2+0x2+1x2+0x3+1x2+0x2+1x3+0x1+1x1+0x6+1x3+0x3+1x5+0x3+1x1+0x4+1x1+0x5.0x4+1x2+0x3+1x2+0x3+1x1+0x5+1x2+0x2+1x1+0x1+1x1+0x1+1x1+0x1+1x2+0x9+1x1+0x3+1x1+0x2+1x1+0x1+1x1+0x2+1x1+0x1+1x2+0x2+1x1+0x2+1x1+0x1+1x1+0x4+1x3+0x1+1x1+0x2+1x2+0x3+1x2+0x3+1x1+0x5+1x1+0x4+1x1+0x2.0x6+1x5+0x4+1x1+0x1+1x1+0x2+1x2+0x6+1x1+0x1+1x7+0x4+1x3+0x3+1x1+0x4+1x1+0x2+1x2+0x4+1x1+0x6+1x1+0x6+1x8+0x3+1x1+0x5+1x1+0x7.0x2+1x1+0x3+1x6+0x4+1x1+0x1+1x3+0x4+1x1+0x2+1x2+0x4+1x1+0x5+1x1+0x2+1x1+0x3+1x2+0x3+1x1+0x2+1x3+0x1+1x1+0x2+1x2+0x3+1x3+0x2+1x3+0x9+1x1+0x4+1x2+0x7+1x2

然后，我写了python脚本：

1. #!/usr/bin/python
2. # -*- coding: utf8 -*-
3. result=""
4. lines=open("lines.txt","r").read()
5. lists = lines.split(".")
6. for i in range(len(lists)):
7. lists[i] = lists[i].split("+")
8. for j in range(len(lists[i])):
9. result+= lists[i][j][0] * int(lists[i][j][2:])
10. result+="\n"
11. result = result.replace("0"," ")
12. result = result.replace("1","█")
13. print result

答案是 SOLUTION

[ root-me ]Shift cipher

In a shift-ciphered text the key consists of only one character: it is added (modulo 256) for each of the character of the original message to obtain the ciphertext.

Since the key space is only of 256 elements is not a problem do a bruteforce and visually inspect each transposition to find a message with sense.

The following python code solves the challenge:

1. with open('ch7.bin') as f:
2. msg = f.read()
3. for x in range(256):
4. print ''.join([chr((ord(y) + x) % 256) for y in msg])

shift cipher，经典的密码类型，透过字母的位移来达成简易的加密，最有名的例子就是Caesar cipher凯萨加密法。

题目提供了一个binary档案，里面有一串密文：

L|ky+*^*zo*kvsno|*kom*vo*zk}}*cyvksr

稍微观察一下，发现「*」一直出现。其实还满好猜测的，如果是一个句子，会一直出现的不外乎就是「空格」，查一下ASCII表格，空格是32，而星号则是42，推测位移量应该是10，写个简单的程式转换一下字串：

1 2 3 4 5

<?php $file = fopen( "ch7.bin" , "r" ); $code = str_split(fgets($file)); for ($i = 0 ; $i < count($code) ; $i++) echo chr(ord($code[$i]) - 10 );

输出结果是一串法文，不过没关系，我们只要看懂pass就是知道后面那个字串应该就是密码了：

Bravo! Tu peux valider avec le pass Yolaihu

[ root-me ]Hash - SHA-2

After some researches about SHA2 , we found that the length of an encrypted text with SHA2 is 64
However , we have 65 chars , and the hexadecimal chars goes from 0 to F , but in this sha2 we have ’k’ 
So, the error is here, we’ll just remove the ’k’ and then use an online sha2 cracker
we Found that the plain-text is: 4dM1n
Know , we hash this plain-text with SHA-1 and we found :

a7c9d5a37201c08c5b7b156173bea5ec2063edf9

题目标题写着SHA2，这题应该又是一个解密问题。

但题目叙述中却说，解码的过程中可能会出现错误而且加密的方式未知。

96719db60d8e3f498c98d94155e1296aac105ck4923290c89eeeb3ba26d3eef92

就先尝试把这串hash值拿去SHA224跟SHA256解密，果然找不到任何结果。看到上面题目这样叙述以后，仔细看了一下这个字串，发现里面竟然有”k”，SHA加密法的字元范围是[af]跟[0-9]，所以不可能有”k”字元出现在hash字串中。另外一点，题目提供的hash值长度是65字元，SHA224长度是56字元，而SHA256长度则是64字元，显然当中的”k”值是多余的。

去除k字元以后再做一次SHA256解密，就成功得到了密码：

4dM1n

但题目要求说提交的答案要是这个密码的SHA-1加密值，就在把这个字串做SHA-1加密即可得解：

a7c9d5a37201c08c5b7b156173bea5ec2063edf9

[ root-me ] Hash - Message Digest 5

Using Kali Linux enter the following on the command line :

findmyhash MD5 -h 7ecc19e1a0be36ba2c6f05d06b5d3058

After a while it shows the result weak.

[Root-Me] Encoding - UU

网站(https://www.root-me.org/en/Challenges/Criptoanalisis/Encoding-UU)





显而易见的是，存在着编码消息。

B5F5R>2!S:6UP;&4@.RD*4$%34R`](%5,5%)!4TE-4$Q%"@``

使用uudecode的这种解码  http://decode.urih.com。

好了这就是密码

Very simple ;)
PASS = ULTRASIMPLE

PASS： ULTRASIMPLE