PW Crack 4

Description: Can you crack the password to get the flag? Download the password checker here and you'll need the encrypted flag and the hash in the same directory too. There are 100 potential passwords with only 1 being correct. You can find these by examining the password checker script.
Difficulty: Medium

🔎 Solution

This challenge is essentially the same as PW Crack 3, but with a longer list of possible passwords. The approach remains straightforward - simply add a brute-force routine to iterate through all candidates until the correct one is found.

for pw in pos_pw_list:
    if hash_pw(pw) == correct_pw_hash:
        print(f"Correct password: {pw}")
        flag = str_xor(flag_enc.decode(), pw)
        print(f"Flag: {flag}")
        break

Executing the brute-force reveals the valid password: 9f63.

> python level4.py
Please enter correct password for flag: 9f63
Welcome back... your flag, user:
picoCTF{fl45h_5pr1ng1ng_d770d48c}

🚩Flag

picoCTF{fl45h_5pr1ng1ng_d770d48c}

🔎 Solution​

🚩Flag​

🔎 Solution

🚩Flag