PW Crack 5

Description: Can you crack the password to get the flag? Download the password checker here and you'll need the encrypted flag and the hash in the same directory too. Here's a dictionary with all possible passwords based on the password conventions we've seen so far.
Difficulty: Medium

🔎 Solution

The main difference between this challenge and the previous two is that the list of possible passwords is now stored in a separate file, dictionary.txt.

Our approach is to write a simple brute-force routine that reads each password from the file, hashes it, and compares the result with the stored hash. Once a match is found, we use that password to decrypt the flag.

with open('dictionary.txt', 'r') as f:
    for line in f:
        pw = line.strip()
        if hash_pw(pw) == correct_pw_hash:
            print(f"[+] Found password: {pw}")
            flag = str_xor(flag_enc.decode(), pw)
            print(f"[+] Flag: {flag}")
            break

Running the brute-force script reveals the correct password: eee0, which successfully unlocks the flag.

> python level5.py 
Please enter correct password for flag: eee0
Welcome back... your flag, user:
picoCTF{h45h_sl1ng1ng_fffcda23}

🚩Flag

picoCTF{h45h_sl1ng1ng_fffcda23}

🔎 Solution​

🚩Flag​

🔎 Solution

🚩Flag