Ulli Weichert/ April 3, 2022/ IT-Security, Write-Ups/ 0Kommentare

credstuff

Description

We found a leak of a blackmarket website's login credentials. Can you find the password of the user cultiris and successfully decrypt it?
Download the leak here.
The first user in usernames.txt corresponds to the first password in passwords.txt. The second user corresponds to the second password, and so on.

Solving

1. We got a tar file - extract that and you will get a leak directory
   tar -xvf leak.tar
2. Then look at the two files... usernames.txt and passwords.txt
3. Cause of the Hints, we know that the entries are corresponding. That means, that the linenumber of the username is the same linenumber for the password.
4. So you could list the linenumbers in vi and get the password.
5. When you got the password, you will find out, that this string is rot13 encoded.
6. Send this string into the decoder you trust and you will get the flag!

But because this is boring, I thought of writing this script 😀

#!/usr/bin/env python

import codecs

user="cultiris"
counter=1

with open("leak/usernames.txt","r") as userfile:
    for line in userfile:
#        print(line.strip())
        if line.strip() == user:
            print("Found user " + user + " at line " + str(counter) + ".")
            break
        counter+=1

with open("leak/passwords.txt","r") as passwdfile:
    all_lines = passwdfile.readlines()
    index = counter - 1

    print("Getting corresponding line with password")

    flag_enc = all_lines[index]

    print("Password looks encoded (rot13)... " + flag_enc)
    print("decoding...")

    flag = codecs.decode(flag_enc, 'rot_13')

    print("Got it!")
    print(">>   " + flag)