Klaus' Log

Do 31 Januar 2019

Overthewire vortex Wargame - Level 5

Posted by Klaus Eisentraut in ctf   

This is a post from my vortex Wargame series. Please find the links to my previous solutions here: Level #0 and #1, Level #2, Level #3, Level #4.

Level 5

After the last level with medium difficulty, Level #5 was way too easy. The challenge is to crack an MD5 hash, but we even have the source code, so we don't even need to reverse engineer it.

echo '\x15\x5f\xb9\x5d\x04\x28\x7b\x75\x7c\x99\x6d\x77\xb5\xea\x51\xf7' | tr -d '\\x' > hash.txt

We download JohnTheRipper and compile it:

git clone --depth 1 -b bleeding-jumbo https://github.com/magnumripper/JohnTheRipper
cd JohnTheRipper/src/
make -s clean && make -sj4
cd ../run/

After compiling JohnTheRipper, we use it to crack the hash. We have a hint that the length of the password is exactly 5 characters, therefore this hash will fall after around one minute on my crappy laptop:

$ ./john --format=raw-md5 --max-len=5 --incremental --fork=4 hash.txt
Using default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8x3])
Node numbers 1-4 of 4 (fork)
Press 'q' or Ctrl-C to abort, almost any other key for status
rlTf6            (?)
1 1g 0:00:01:05 DONE (2019-01-30 00:04) 0.01517g/s 3832Kp/s 3832Kc/s 3832KC/s rlSfl..rlCxe
Waiting for 3 children to terminate
3 0g 0:00:01:05 DONE (2019-01-30 00:04) 0g/s 24661Kp/s 24661Kc/s 24661KC/s a{"A#..a{"O[
4 0g 0:00:01:05 DONE (2019-01-30 00:04) 0g/s 21399Kp/s 21399Kc/s 21399KC/s D"~|9..D^^}j
2 0g 0:00:01:05 DONE (2019-01-30 00:04) 0g/s 31084Kp/s 31084Kc/s 31084KC/s 7:o7h..7:o.P
Use the "--show --format=Raw-MD5" options to display all of the cracked passwords reliably
Session completed

We start the executable, enter the cracked password rlTf6 and get the password for the next level:

vortex5@vortex:~$ /vortex/vortex5
You got the right password, congrats!
$ cat /etc/vortex_pass/vortex6