Past Demons
Challenge:
We've had a hard time finding anything on spookyboi. But finally, with some search engine finessing, an analyst found an old, vulnerable server spookyboi used to run. We extracted a database, now we need your help finding the password.
Submit the password as the flag:
flag{password}
.
Solution:
The provided Zip archive contained a SQLite database file named "out.db"
$ file out.db
out.db: SQLite 3.x database, last written using SQLite version 3032003
I opened the database with sqlite3
and checked the schema to get an idea of the database structure.
$ sqlite3 out.db
sqlite> .schema
CREATE TABLE users (
uid integer primary key autoincrement,
username text not null unique,
email text
);
CREATE TABLE sqlite_sequence(name,seq);
CREATE TABLE passwd (
pid integer primary key autoincrement,
passwd text not null,
uid integer,
foreign key (uid) references users (uid));
There is a users and passwd that are linked via the uid field, foreign key (uid) references users (uid)
, so I issue a query to join the two tables and search for spookyboi.
sqlite> SELECT username,passwd FROM users INNER JOIN passwd ON users.uid == passwd.uid WHERE users.username == "spookyboi";
spookyboi|59DEA36D05AACAA547DE42E9956678E7
The password appears to be hashed (and wasn't accepted as the challenge flag) but my password cracking rig made short work of it:
The 128 bit-length leaves ambiguity around which type of hash this was since there are a number of hashing functions that produce 128-bit hashes. My first assumption was MD5 as it is one of the most commonly used hashing functions and one I'd expect to see stored in a SQLite database. A quick attempt with a large wordlist didn't produce a password so I tried again treated the hash as NTLM, the next most popular 128-bit hashing function.
$ hashcat.bin -O -w4 -m1000 59DEA36D05AACAA547DE42E9956678E7 -a0 /data/wrdlists/weakpass_2
After about ten seconds Hashcat produced the cracked password 59dea36d05aacaa547de42e9956678e7:zxcvbnm
The completed flag is, flag{zxcvbnm}
.
Leave a comment