Verify

Author: Jeffery John

Description

People keep trying to trick my players with imitation flags. I want to make sure they get the real thing! I’m going to provide the SHA-256 hash and a decrypt script to help you know that my flags are legitimate.ssh -p 64644 ctf-player@rhea.picoctf.netUsing the password 6abf4a82. Accept the fingerprint with yes, and ls once connected to begin. Remember, in a shell, passwords are hidden!

Checksum: b09c99c555e2b39a7e97849181e8996bc6a62501f0149c32447d8e65e205d6d2
To decrypt the file once you’ve verified the hash, run ./decrypt.sh files/<file>.

Hints

Checksums let you tell if a file is complete and from the original distributor. If the hash doesn’t match, it’s a different file.
You can create a SHA checksum of a file with sha256sum <file> or all files in a directory with sha256sum <directory>/*.
Remember you can pipe the output of one command to another with |. Try practicing with the ‘First Grep’ challenge if you’re stuck!

Dive-in 🐬

Launch Instance and logging to SSH.

ssh -p 64644 ctf-player@rhea.picoctf.net

Pipe shad256sum and grep the matching checksum:

- ctf-player@pico-chall$ sha256sum * | grep b09c99c555e2b39a7e97849181e8996bc6a62501f0149c32447d8e65e205d6d2
- b09c99c555e2b39a7e97849181e8996bc6a62501f0149c32447d8e65e205d6d2  451fd69b

Decrypt the file using decrypt.sh

ctf-player@pico-chall$ ls /home/ctf-player/drop-in
checksum.txt  decrypt.sh  files
ctf-player@pico-chall$ cd ..
ctf-player@pico-chall$ pwd
/home/ctf-player/drop-in
ctf-player@pico-chall$ ./decrypt.sh files/451fd69b
picoCTF{trust_but_verify_451fd69b}

FLAG : picoCTF{trust_but_verify_451fd69b}

🐉 neospace ~

Explorer

📝 Latest Posts

100+ Docker Concepts you Need to Know

Kubernetes 101

Verify

Description

Hints

Dive-in 🐬

Graph View

Table of Contents

Backlinks