We can tell that this password is in Hex format due to the 0x at the start of the password. We can covert the hex to ASCII in Linux by simply running the following command.
root@kali:~# echo 0x616761696e74687265653538 | xxd -r -p againthree58
And there we have it. The output is our password!
This password was Base64 Encoded. We can decode it in our Linux terminal.
root@kali:~# echo cGVvcGxlY3Jvd2Q1MQ== | base64 --decode peoplecrowd51
3. 01101101 01100001 01110100 01110100 01100101 01110010 01110011 01100001 01101001 01101100 00110110 00110010
This password was in binary form. You can go BinaryHexConverter and convert it to ASCII.
Our hint here was “shift cipher”, so we can assume that this is a Caesar Cipher. Since we do not know the total amount the letters were shifted by, we will have to brute force the cipher.
To do this I went to Decode.fr and used their Brute Force Attack to decrypt all possible passwords.
We see that mattersail is being used again - as it was previously. So we can assume password reuse, and it would be the correct answer!
1. .–. .-. — ..- -.. .. .-. — -.
This one was pretty simple if you know what you are looking at. This password was in Morse code. So I went to the Morse Code Translator and just pasted in the password to get the answer.
For this question we are provided with the following encryption algorithm - written in Python..
def encrypt(str): ret = "" for char in str: ret += rot7(rot3(char)) return ret
1. qbkl dro owksvc ypp dro wksvcobfob
Since we already have the code, and know how the password is encrypted - all we have to do is enter our encyrpted string.
The code is basically taking a string, and for each character in the string it rotates the letter +3, then +7 and adds it to ret. Once done, it returns the string ret. So for us to get the password from the encryption, just enter the encrypted password and it will reverse it for us.
str = "qbkl dro owksvc ypp dro wksvcobfob" def encrypt(str): ret = "" for char in str: ret += rot7(rot3(char)) return ret
Answer: grab the emails off the mailserver
And that’s all for Cryptography - pretty easy I must say!
Thanks for reading! And stay tuned for the continuation on the NCL Preseason write-ups, VulnHub, and more!