The first CTF of the beginner’s quest CTFs: Guess password Easy. A crypto category CTF with the description: You will never guess my password, even if I give you the first 5 letters!
Looking at the challenge, we're provided a sample of the source code and a server to connect to to solve the challenge.
First, connecting to the server to see what we're working with, we get:
$ nc guess-password-easy.2025-bq.ctfcompetition.com 1337
== proof-of-work: disabled ==
Password is mnyko...............
Your guess:
And cross-checking with the source code given to us, we can see that the program first seeds the random number generator with srand(time(0)). Then, enters a while-loop where it generates the random password, prints out the first 5 characters, and prompts you to guess the password.
Taking a deeper look into the code, we can see these important lines:
// Lines 14 to 21
string generateRandomPassword()
{
string res(20, '.');
for (int i = 0; i < 20; ++i) {
res[i] = 'a' + rand() % 26;
}
return res;
}
// line 24 in `main()`
srand(time(0));
// lines 27 and 28 in `main()`
string serverPassword = generateRandomPassword();
cout << "Password is " << serverPassword.substr(0,5) << "..............." << endl;
And in these lines, we can see the most critical line:
srand(time(0)); // line 24
This line tells us that the random number generator is seeded with the current time, provided by the time(0) function. The time(0) functions returns the current date and time, represented as the number of seconds epoch (January 1, 1970, 00:00:00 UTC).
Now to the next thing, we don’t know the exact time the generator was seeded since when we run the server command there can be a delay. But since we get the first 5 digits of the password in our guess, we can create our own password generator using a range of time to seed the it’s generator.
For the generator I created, I will use a 2-hour range, just to be safe (+1 hour and -1 hour). This will give us 3600 password combinations. Since we already get the first 5 digits given to us, we can search the generated passwords for our combination.
To generate these passwords, I created this C++ code:
#include <fstream>
#include <string>
std::string generateRandomPassword()
{
std::string res(20, '.');
for (int i = 0; i < 20; ++i) {
res[i] = 'a' + rand() % 26;
}
return res;
}
int main() {
int seed = time(0);
std::ofstream outputFile("output.txt");
for (int i = -1800; i <= 1800; i++) {
srand(seed + i);
outputFile << "Seed " << i << ": " << seed + i << " - "
<< "Password 1 is: " << generateRandomPassword() << '\n'
<< "Password 2 is: " << generateRandomPassword() << '\n'
<< "Password 3 is: " << generateRandomPassword() << '\n';
}
outputFile << std::endl;
return 0;
}
NOTE:
srandbehaves differently on different operating systems. To get the same random number with the challenge, you need to also use a linux system.
Beginning the process of solving the challenge, I compile my script:
$ g++ main.cpp
Then, I connect to the challenge server:
$ nc guess-password-easy.2025-bq.ctfcompetition.com 1337
== proof-of-work: disabled ==
Password is ftbrh......
Your guess:
After that, I ran the compiled script, then use less to preview the output file:
$ ./a.out
$ less output.txt
Then I typed /ftbrh to search for the password and sure enough:
After typing in the password, I got the flag:
$ nc guess-password-easy.2025-bq.ctfcompetition.com 1337
== proof-of-work: disabled ==
Password is ftbrh......
Your guess: ftbrhpjdhohfnmqqaddv
CTF{flag}
Top comments (0)