Password Check

Challenge:

We have a list of password hashes from De Monne Financial. For the most part, their users use pretty secure passwords. Check the list and see if any of these password hashes have been compromised using external sources. Submit the count of the hash that has been the most compromised along with the actual password. Submit the flag as flag{#_password}.

Link to List

Solution:

Based on the challenge description the first “external source” that came to mind that could provide a “count of the hash that has been the most compromised” was Troy Hunt’s Have I Been Pwned service, specifically his Pwned Passwords. Troy provides a search service that will tell you how many times a provided password has been observed in his compromised credentials dataset.

#!/usr/bin/python3
import requests

with open('hashes.txt') as f:
    hashes = {str(line.rstrip('\n')).upper(): 0 for line in f}

for hash in hashes:
    r = requests.get(f'https://api.pwnedpasswords.com/range/{hash[:5]}')

    if r.status_code == 200:
        hits = r.text.splitlines()
        found = [i for i, data in enumerate(hits) if hash[5:] in data]
        if found:
            hashes[hash] = int(hits[found[0]].split(':')[1])
    else:
        print("{r.status_code} {r.reason}")

max_compromised = max(hashes, key=hashes.get)
print(f"{hashes[max_compromised]} {max_compromised}")

The script takes a couple minutes to complete but eventually outputs the hash with greatest “compromised count”, along with the count value.

$ python3 solve_password.py

55001 C2577430D91716490DC5D33C20D901E008B696E7

A quick Google search for the hash provides me the plaintext password, ncc1701, making the completed flag, flag{55001_ncc1701}.

Published:

Updated:

Leave a comment