One of the most contested parts of the #DerbyCake contest was the hint on the Vanilla cake. It was just a long string of 1s and 0s. The hint that I kept telling everyone is that the “binary is binary” and I meant it. You weren’t supposed to hash or do anything special with it.
The reason this particular challenge is in the contest is that I run into this scenario a lot. Many times when I access binary password fields in either the Windows registry or in database servers the data comes out in 1s and 0s or some other binary format and I have to convert it back into its original hash format.
The solution there-for is pretty straight forward. You start with your very long binary string: (I’m using ruby, but its pretty much the same in Python or another language)
cakestring = '01111101011110101110111111100110101110010001000111010101010110010000100110100010011011110110010001111110101010101010111110100111000111101101001011010010001100011110101100100110101011011011001110100001010110100100101000100010100111110011100001000110100101101100101010110011011000100010001110111100011011100001011011100001111111000110101111110111101111011101110001000100010010001001001010001100101010100000000111000000100110001100011011100010010101001110000011100001100000010111111100100000011101100100011001110101'
Then you “pack” the binary into a string format:
reverse1 = [cakestring].pack("b*")
And finally into the hex format of the SHA512 hash (most people got that it was a 512 hash due to the 512 bits:
puts "Hash: #{reverse1.unpack("H*")}"
That easy. Resulting in a easily cracked SHA512 hash (that is, if you got all the hints in the DerbyCon presenters slides)
Hash: be5ef7679d88ab9a9045f6267e55f5e5784b4b8cd764b5cd855a5244f91c626953cd46c43d7668873fd6efbd3b221249315580031963472a078781fe046e62ae
Password: correct horse battery staple
Here is how you would generate such a challenge if you were so inclined:
#!/usr/bin/env ruby
require 'digest/sha2'
password = "correct horse battery staple"
puts "Password: #{password}"
forwards1 = Digest::SHA512.hexdigest(password)
puts "Hash: #{forwards1}"
forwards2 = forwards1.scan(/../)
forwards3 = []
forwards2.each do |f2|
forwards3 << f2.hex.chr
end
forwards4 = forwards3.join
puts "Binary: #{forwards4.unpack("b*")}"
You can find a write up of the rest of the challenges and hints over on Ryan Fenno’s blog here: http://slae412.wordpress.com/2013/10/04/derbycake-2013-write-up/
Sorry to everyone who beat their head upside the wall for hours on this one. I was actually expecting this to be the first challenge to fall.
Posts
0 comments:
Post a Comment