Interactive Coloring

drag iconDrag any color from the left toolbar to an area or text in the page. A blue outline will indicate a droppable element.

drag iconOn mobile, wait a tiny bit until you drag the color drop.

WargamesMY CTF December 2018: Missing Word

WargamesMY CTF 2018: Missing Word

The challenge in WargamesMY CTF 2018 require us to crack a portion of the flag which is the missing 6 characters consist of upper case and lower case denominate as XXXXXX as per below:

wgmy{h3r3_1s_y0ur_XXXXXX_br0!}

The SHA256 hashsum of the complete flag were given.

86775fe0718f57c5bcc3c32c198ece3e6a732406e3f32e3aa285059247da6652

Obviously it is a password cracking challenge therefore we will be using Hashcat for this task.

First, we need to generate a custom wordlists. We simply use this Python Wordlist Generator script found on github. (I promise i will learn more later how to generate wordlists using Hashcat itself :P)

We modified the code a bit to suit the requirement.


But it seems like it will take forever and the output wordlists size were huge. Then the idea is to split the wordlists into 2 part and generate only the last 3 character for the first part while generate only the first 3 character for the second part of the wordlists. We will use Hashcat combinator mode (-a 1) later.

Finish generated both part of the wordlists within few seconds and total file size only less than 5mb this time.

Let’s crack it!

Hashcat argument:
-a 1 : combinator mode (combine both wordlists)
-m 1400 : cracking sha256 mode
missing_word.hash : the sha256 hash file
left.txt : first part of the wordlists
right.txt : second part of the wordlists

With less than hour (22 minutes to be exact) we managed to crack it and we got first blood for the challenge.

wargamesmy missing word

Flag : wgmy{h3r3_1s_y0ur_pRiZEe_br0!}

Update: As mentioned above, here is the way how we can solve this challenge using Hashcat.

Hashcat with GPU:

 

This website use cookies to ensure that you have the best experience on this website.