Posts: 42
Threads: 2
Joined: Aug 2024
Nov 17, 2024, 03:22 PM
(This post was last modified: Nov 17, 2024, 03:32 PM by ent0xE.)
The solution is pretty simple, not really reversing needed:
1.Generate a pw-list with the "V1" binary from 2013-12-10 00:00:00 until 2013-12-11 23:59:59 (172800 passwords).
2.Rewrite the decrypt.py script so you can bruteforce with this passwordlist.
i dont post the flag this time, my hints tough:
good luck
Posts: 104
Threads: 4
Joined: Oct 2023
Are you certain this is the correct time ? 2013-12-11 13:01:25
Posts: 29
Threads: 8
Joined: Jun 2024
great Budyyyyyyyyyyyyyyyyyyyyyyyyyyyy This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Selling in HTB | /Thread-CPTS-FULL-EXAM-WRITEUP
Posts: 42
Threads: 2
Joined: Aug 2024
Nov 18, 2024, 10:58 AM
(This post was last modified: Nov 18, 2024, 11:20 AM by ent0xE.)
(Nov 18, 2024, 07:09 AM)test888 Wrote: Are you certain this is the correct time ? 2013-12-11 13:01:25
unless its per instance randomized, yes; but the generation of the pwlist is pretty simple as well, and the bruteforce takes max 1 min.
i ran a test again, it's depended on you current time setting (for the adjustment with faketime), the correct time in unix epoch is: 1386784885; its also part of the flag.
python-script to generate pwlist:
import subprocess
from datetime import datetime, timedelta
from pwn import *
start_time = datetime(2013, 12, 10, 0, 0, 0)
end_time = datetime(2013, 12, 11, 23, 59, 59)
cmd = f"echo '20\nyes\nyes' | ./V1"
def run_with_faketime(current_time):
result = subprocess.run(['faketime', current_time.strftime("%Y-%m-%d %H:%M:%S"), 'sh', '-c', cmd], capture_output=True, text=True)
match = re.search(r'Generated password:\s*(\S+)', result.stdout)
if match:
password = match.group(1)
print(password)
current_time = start_time
while current_time <= end_time:
run_with_faketime(current_time)
current_time += timedelta(seconds=1)
Posts: 104
Threads: 4
Joined: Oct 2023
(Nov 18, 2024, 10:58 AM)ent0xE Wrote: (Nov 18, 2024, 07:09 AM)test888 Wrote: Are you certain this is the correct time ? 2013-12-11 13:01:25
unless its per instance randomized, yes; but the generation of the pwlist is pretty simple as well, and the bruteforce takes max 1 min.
python-script to generate pwlist:
import subprocess
from datetime import datetime, timedelta
from pwn import *
start_time = datetime(2013, 12, 10, 0, 0, 0)
end_time = datetime(2013, 12, 11, 23, 59, 59)
cmd = f"echo '20\nyes\nyes' | ./V1"
def run_with_faketime(current_time):
result = subprocess.run(['faketime', current_time.strftime("%Y-%m-%d %H:%M:%S"), 'sh', '-c', cmd], capture_output=True, text=True)
match = re.search(r'Generated password:\s*(\S+)', result.stdout)
if match:
password = match.group(1)
print(password)
current_time = start_time
while current_time <= end_time:
run_with_faketime(current_time)
current_time += timedelta(seconds=1)
Understood, thank you!
Posts: 42
Threads: 2
Joined: Aug 2024
(Nov 18, 2024, 11:17 AM)test888 Wrote: (Nov 18, 2024, 10:58 AM)ent0xE Wrote: (Nov 18, 2024, 07:09 AM)test888 Wrote: Are you certain this is the correct time ? 2013-12-11 13:01:25
unless its per instance randomized, yes; but the generation of the pwlist is pretty simple as well, and the bruteforce takes max 1 min.
python-script to generate pwlist:
import subprocess
from datetime import datetime, timedelta
from pwn import *
start_time = datetime(2013, 12, 10, 0, 0, 0)
end_time = datetime(2013, 12, 11, 23, 59, 59)
cmd = f"echo '20\nyes\nyes' | ./V1"
def run_with_faketime(current_time):
result = subprocess.run(['faketime', current_time.strftime("%Y-%m-%d %H:%M:%S"), 'sh', '-c', cmd], capture_output=True, text=True)
match = re.search(r'Generated password:\s*(\S+)', result.stdout)
if match:
password = match.group(1)
print(password)
current_time = start_time
while current_time <= end_time:
run_with_faketime(current_time)
current_time += timedelta(seconds=1)
Understood, thank you!
see my edit... its depended on your current set OS-Time, cause its calculated from that. in UTC+0 its December 11, 2013 6:01:25 PM
Posts: 104
Threads: 4
Joined: Oct 2023
(Nov 18, 2024, 11:22 AM)ent0xE Wrote: (Nov 18, 2024, 11:17 AM)test888 Wrote: (Nov 18, 2024, 10:58 AM)ent0xE Wrote: (Nov 18, 2024, 07:09 AM)test888 Wrote: Are you certain this is the correct time ? 2013-12-11 13:01:25
unless its per instance randomized, yes; but the generation of the pwlist is pretty simple as well, and the bruteforce takes max 1 min.
python-script to generate pwlist:
import subprocess
from datetime import datetime, timedelta
from pwn import *
start_time = datetime(2013, 12, 10, 0, 0, 0)
end_time = datetime(2013, 12, 11, 23, 59, 59)
cmd = f"echo '20\nyes\nyes' | ./V1"
def run_with_faketime(current_time):
result = subprocess.run(['faketime', current_time.strftime("%Y-%m-%d %H:%M:%S"), 'sh', '-c', cmd], capture_output=True, text=True)
match = re.search(r'Generated password:\s*(\S+)', result.stdout)
if match:
password = match.group(1)
print(password)
current_time = start_time
while current_time <= end_time:
run_with_faketime(current_time)
current_time += timedelta(seconds=1)
Understood, thank you!
see my edit... its depended on your current set OS-Time, cause its calculated from that. in UTC+0 its December 11, 2013 6:01:25 PM
Yeah, ended up figuring it out. Your hint was very useful, gave you rep!
|
