Prompt

We have created a python script for you to break into as training. See if you can figure out a password that will authenticate with the program.

Tutorial Video

Walk-Through

This challenge involves analyzing vulnerabilities in a compiled Python program. The uncompyle program can be used to convert the compiled program back into Python code. The result of running uncompyle can be seen below:

import sys

def main():
    if len(sys.argv) != 2:
        print 'Invalid args'
        return
    password = sys.argv[1]
    counter = 0
    vals = list('tfzbwlyzljylawhzzdvyk')
    if len(password) != len(vals):
        print 'incorrect'
        return
    while counter < len(password):
        x = ord(password[counter]) + 7
        if x > ord('z'):
            x -= 26
        if chr(x) != vals[counter]:
            print 'incorrect'
            return
        counter += 1

    print 'correct'


if __name__ == '__main__':
    main()

An analysis of this code reveals that the password is comprised of each character in vals shifted 7 positions forward in the alphabet, with a wraparound. This is an implementation of a shift cipher. To solve the challenge, you would need to reverse this by shifting each character in vals backwards 7 positions in the alphabet.

Questions

What is a secret key that will pass validation?

Shift each character in the vals array backwards 7 positions in the alphabet. You can use a tool such as cyberchef to do this.

©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.