Prompt

We have created a python script for you to break into as training. See if you can figure out a password that will authenticate with the program.

Tutorial Video

Walk-Through

This challenge involves involves analyzing vulnerabilities in a poorly implemented password verification function.

#!/usr/bin/python

import sys

def main():
  if len(sys.argv) != 2:
    print("Invalid args")
    return
  password = sys.argv[1]
  builder = 0
  for c in password:
    builder += ord(c)
  if builder == 1000 and len(password) == 10 and ord(password[1]) == 83:
    print("correct")
  else:
    print("incorrect")

if __name__ == "__main__":
  main()

Question 1 can be solved by hand by calculating the totals for the ASCII character codes in the input. This process can be aided with some code. Below is a solution created with JavaScript.

Questions

What is a secret key that will pass validation?

This can be solved by finding a string of length 10 whose ASCII values sum to 1000 and also has an S (ASCII code 83) as the second character in the string. The values of the other nine character in the string is any combination of characters whos ASCII values sum to 917 (the remaining sum after accounting for the necessary S character).

©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.