Table of contents
Introduction
Challenge: credstuff
Category: Cryptography
Description:
We found a leak of a black-market website's login credentials. Can you find the password of the user cultiris
and successfully decrypt it? Download the leak here.
The first user in usernames.txt
corresponds to the first password in passwords.txt
. The second user corresponds to the second password, and so on.
Solution
In this challenge, we have been provided with a .tar
file. If we extract that .tar
file then we will get two files, usernames.txt
and passwords.txt
. Here we have to find out the password of the user cultiris
. So let's take a look at usernames.txt
file:
engineerrissoles
icebunt
fruitfultry
celebritypentathlon
galoshesopinion
favorboeing
bindingcouch
entersalad
ruthlessconfidence
coupleelevator
remotesword
researchfall
alertborn
....................
Now, let's see passwords.txt
:
CMPTmLrgfYCexGzJu6TbdGwZa
GK73YKE2XD2TEnvJeHRBdfpt2
UukmEk5NCPGUSfs5tGWPK26gG
kaL36YJtvZMdbTdLuQRx84t85
K9gzHFpwF2azPayAUSrcL8fJ9
rYrtRbkHvJzPmDwzD6gSDbAE3
kfcVXjcFkvNQQPpATErx6eVDd
kDrPVvMakUsNd7BvmJtK3ACY4
dvDvWjzXNk8WwqEzJ5P2FP5YH
86L5w4sH9ZXTCPAa5ExMSPFNh
qXFEg8ZasLxQhUYWnhTemgqxh
gd7panTqNpUvBXBxpGpcqP9X7
Y3KcHyg7kSf6RgX5THyjrw3g1
.........................
Let's find for the cultiris
user:
378 | cultiris
I have found the cultiris
user on line 378. So according to the challenge description, we should have the cultiris
password on line 378.
378 | cvpbPGS{P7e1S_54I35_71Z3}
The first thing that I noticed is that this looks like a flag, but then, I saw that the letter c
comes 13 characters before the letter p
. That clearly means that this is a ROT13
decrypted message. Let's decrypt it using the CyberChef tool. It is the tool that I use to decrypt most of the messages.
Now, we have decrypted the message, and the output that we got is picoCTF{C7r1F_54V35_71M3}
Conclusion
This challenge is all about identifying the decryption algorithm and using it to decrypt the message.
Flag: picoCTF{C7r1F_54V35_71M3}