PW crack 5

pw_crack_5/level5.flag.txt.enc

@@ -0,0 +1 @@
+_&1#K

pw_crack_5/level5.hash.bin

@@ -0,0 +1 @@
+B8sYީ<>ɶ<EFBFBD><C9B6>$";

pw_crack_5/level5.py

@@ -0,0 +1,41 @@
+#!/home/maxime/.pyvenv/bin/python3
+import hashlib
+
+### THIS FUNCTION WILL NOT HELP YOU FIND THE FLAG --LT ########################
+def str_xor(secret, key):
+    #extend key to secret length
+    new_key = key
+    i = 0
+    while len(new_key) < len(secret):
+        new_key = new_key + key[i]
+        i = (i + 1) % len(key)        
+    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
+###############################################################################
+
+flag_enc = open('level5.flag.txt.enc', 'rb').read()
+correct_pw_hash = open('level5.hash.bin', 'rb').read()
+
+
+def hash_pw(pw_str):
+    pw_bytes = bytearray()
+    pw_bytes.extend(pw_str.encode())
+    m = hashlib.md5()
+    m.update(pw_bytes)
+    return m.digest()
+
+
+def level_5_pw_check():
+    user_pw = input("Please enter correct password for flag: ")
+    user_pw_hash = hash_pw(user_pw)
+    
+    if( user_pw_hash == correct_pw_hash ):
+        print("Welcome back... your flag, user:")
+        decryption = str_xor(flag_enc.decode(), user_pw)
+        print(decryption)
+        return
+    print("That password is incorrect")
+
+
+
+level_5_pw_check()
+

pw_crack_5/sol.py

@@ -0,0 +1,15 @@
+#!/home/maxime/.pyvenv/bin/python3
+from pwn import *
+
+for i in range(0x7e77, 0x10000):
+    p = process("./level5.py", shell=True)
+    p.recvuntil(b": ")
+    p.sendline("{:x}".format(i).encode())
+    log.info("trying {:x}".format(i).encode())
+    try:
+        res = p.recvline_contains(b"picoCTF")
+        log.success(res)
+        break
+    except:
+        p.close()
+