Hacktober 2020 CTF - Trick or Treat
Oct 17, 2020
Challenge Description
We found a script being used by DEADFACE. It should be relatively straightforward, but no one here knows Python very well. Can you help us find the flag in this Python file?
Solution
On this chalange, we where given a simple Python program source code:
from hashlib import md5 as m5 def show_flag(): b = 'gginmevesogithoooedtatefadwecvhgghu' \ 'idiueewrtsadgxcnvvcxzgkjasywpojjsgq' \ 'uegtnxmzbajdu' c = f"{b[10:12]}{b[6:8]}{b[4:6]}{b[8:10]}" \ f"{b[4:6]}{b[12:14]}{b[2:4]}{b[0:2]}" \ f"{b[14:16]}{b[18:20]}{b[16:18]}{b[20:22]}" m = m5() m.update(c.encode('utf-8')) d = m.hexdigest() return f"flag{{{d}}}" def show_msg(): print(f'Smell my feet.') show_msg()
We instantly concluded that we need to execute the show_flag() function rather than the show_msg() function, with a print() Function
from hashlib import md5 as m5 def show_flag(): b = 'gginmevesogithoooedtatefadwecvhgghu' \ 'idiueewrtsadgxcnvvcxzgkjasywpojjsgq' \ 'uegtnxmzbajdu' c = f"{b[10:12]}{b[6:8]}{b[4:6]}{b[8:10]}" \ f"{b[4:6]}{b[12:14]}{b[2:4]}{b[0:2]}" \ f"{b[14:16]}{b[18:20]}{b[16:18]}{b[20:22]}" m = m5() m.update(c.encode('utf-8')) d = m.hexdigest() return f"flag{{{d}}}" def show_msg(): print(f'Smell my feet.') #show_msg() print(show_flag())
Running the modified code again, give us the flag:
m3dsec@local:~/ht/prog/02_Trick_or_Treat$ python3 trickortreat.py
flag{2f3ba6b5fb8bb84c33b584f981c2d13d}