🚩 We have had enough of everybody reading our flags. Since all of our cryptography implementations have been broken, we decided not to roll our own!
🔥 rockyou.txt
https://github.com/brannondorsey/naive-hashcat/releases/tag/data
C:\code>scp rockyou.txt kali@192.168.56.104:~
The authenticity of host '192.168.56.104 (192.168.56.104)' can't be established.
ECDSA key fingerprint is SHA256:y3q0XQftXvEDW53cDSPTC9r3nzdGksi/XgZnfoh/vU4.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Warning: Permanently added '192.168.56.104' (ECDSA) to the list of known hosts.
kali@192.168.56.104's password:
rockyou.txt 100% 133MB 38.0MB/s 00:03┌──(kali㉿kali)-[~]
└─$ bruteforce-salted-openssl -t 32 -f ./rockyou.txt -d sha256 encrypted_flag.enc -1
Warning: using dictionary mode, ignoring options -b, -e, -l, -m and -s. ^Z
zsh: suspended bruteforce-salted-openssl -t 32 -f ./rockyou.txt -d sha256 encrypted_flag.enc
(algorithm)crypto
┌──(kali㉿kali)-[~]
└─$ openssl enc -d -aes-256-cbc -in encrypted_flag.enc -out result.txt
enter AES-256-CBC decryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
┌──(kali㉿kali)-[~]
└─$ cat result.txt
247CTF{...}
BoB 13th 최강포린이👮