\> PicoCTF 2022 Writeups

This website contains Jackwin Hui's writeups for the 2022 PicoCTF competition.

PicoCTF2022 - credstuff

Description

We found a leak of a blackmarket website's login credentials. Can you find the password of the user cultiris and successfully decrypt it? Download the leak here. The first user in usernames.txt corresponds to the first password in passwords.txt. The second user corresponds to the second password, and so on.

Information

Point Value: 100 points

Category: Cryptography

Hints

  1. Maybe other passwords will have hints about the leak?

Solution

We use the command grep -n -r "cultiris" . to find the line number in which the username "cultiris" appears. jackwin@COMPUTER ~ % grep -n -r "cultiris" .
./usernames.txt:378:cultiris
 We find the username to be on line 378 of usernames.txt, meaning the password on line 378 of passwords.txt corresponds to cultiris's password. We find the string "cvpbPGS{P7e1S_54I35_71Z3}" on line 378, which seems to be encoded with a cipher. After trying a couple of different ciphers out, we realize that it is encoded using a ROT13 cipher, so using the command echo 'cvpbPGS{P7e1S_54I35_71Z3}' | tr 'A-Za-z' 'N-ZA-Mn-za-m' gives us the flag. jackwin@COMPUTER ~ % echo 'cvpbPGS{P7e1S_54I35_71Z3}' | tr 'A-Za-z' 'N-ZA-Mn-za-m'
picoCTF{C7r1F_54V35_71M3}
 We can also use CyberChef to decode and the "ROT13 Brute Force" recipe and "picoCTF" in the crib (known plaintext string), which shows the flag is rotated by 13 and gives us the flag too.

Flag

picoCTF{C7r1F_54V35_71M3}