Wayback Challenge
by ent0xE - Sunday November 17, 2024 at 03:22 PM
#1
The solution is pretty simple, not really reversing needed:

1.Generate a pw-list with the "V1" binary from 2013-12-10 00:00:00 until 2013-12-11 23:59:59 (172800 passwords).
2.Rewrite the decrypt.py script so you can bruteforce with this passwordlist.

i dont post the flag this time, my hints tough:
good luck
Reply
#2
Are you certain this is the correct time ? 2013-12-11 13:01:25
Reply
#3
great Budyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Ban reason: Selling in HTB | /Thread-CPTS-FULL-EXAM-WRITEUP (Permanent)
Reply
#4
(11-18-2024, 07:09 AM)test888 Wrote: Are you certain this is the correct time ? 2013-12-11 13:01:25

unless its per instance randomized, yes; but the generation of the pwlist is pretty simple as well, and the bruteforce takes max 1 min.

i ran a test again, it's depended on you current time setting (for the adjustment with faketime), the correct time in unix epoch is: 1386784885; its also part of the flag.

python-script to generate pwlist:
import subprocess from datetime import datetime, timedelta from pwn import * start_time = datetime(2013, 12, 10, 0, 0, 0) end_time = datetime(2013, 12, 11, 23, 59, 59) cmd = f"echo '20\nyes\nyes' | ./V1" def run_with_faketime(current_time):     result = subprocess.run(['faketime', current_time.strftime("%Y-%m-%d %H:%M:%S"), 'sh', '-c', cmd], capture_output=True, text=True)     match = re.search(r'Generated password:\s*(\S+)', result.stdout)     if match:         password = match.group(1)         print(password) current_time = start_time while current_time <= end_time:     run_with_faketime(current_time)     current_time += timedelta(seconds=1)
Reply
#5
(11-18-2024, 10:58 AM)ent0xE Wrote:
(11-18-2024, 07:09 AM)test888 Wrote: Are you certain this is the correct time ? 2013-12-11 13:01:25

unless its per instance randomized, yes; but the generation of the pwlist is pretty simple as well, and the bruteforce takes max 1 min.

python-script to generate pwlist:
import subprocess from datetime import datetime, timedelta from pwn import * start_time = datetime(2013, 12, 10, 0, 0, 0) end_time = datetime(2013, 12, 11, 23, 59, 59) cmd = f"echo '20\nyes\nyes' | ./V1" def run_with_faketime(current_time):     result = subprocess.run(['faketime', current_time.strftime("%Y-%m-%d %H:%M:%S"), 'sh', '-c', cmd], capture_output=True, text=True)     match = re.search(r'Generated password:\s*(\S+)', result.stdout)     if match:         password = match.group(1)         print(password) current_time = start_time while current_time <= end_time:     run_with_faketime(current_time)     current_time += timedelta(seconds=1)

Understood, thank you!
Reply
#6
(11-18-2024, 11:17 AM)test888 Wrote:
(11-18-2024, 10:58 AM)ent0xE Wrote:
(11-18-2024, 07:09 AM)test888 Wrote: Are you certain this is the correct time ? 2013-12-11 13:01:25

unless its per instance randomized, yes; but the generation of the pwlist is pretty simple as well, and the bruteforce takes max 1 min.

python-script to generate pwlist:
import subprocess from datetime import datetime, timedelta from pwn import * start_time = datetime(2013, 12, 10, 0, 0, 0) end_time = datetime(2013, 12, 11, 23, 59, 59) cmd = f"echo '20\nyes\nyes' | ./V1" def run_with_faketime(current_time):     result = subprocess.run(['faketime', current_time.strftime("%Y-%m-%d %H:%M:%S"), 'sh', '-c', cmd], capture_output=True, text=True)     match = re.search(r'Generated password:\s*(\S+)', result.stdout)     if match:         password = match.group(1)         print(password) current_time = start_time while current_time <= end_time:     run_with_faketime(current_time)     current_time += timedelta(seconds=1)

Understood, thank you!

see my edit... its depended on your current set OS-Time, cause its calculated from that. in UTC+0 its December 11, 2013 6:01:25 PM
Reply
#7
(11-18-2024, 11:22 AM)ent0xE Wrote:
(11-18-2024, 11:17 AM)test888 Wrote:
(11-18-2024, 10:58 AM)ent0xE Wrote:
(11-18-2024, 07:09 AM)test888 Wrote: Are you certain this is the correct time ? 2013-12-11 13:01:25

unless its per instance randomized, yes; but the generation of the pwlist is pretty simple as well, and the bruteforce takes max 1 min.

python-script to generate pwlist:
import subprocess from datetime import datetime, timedelta from pwn import * start_time = datetime(2013, 12, 10, 0, 0, 0) end_time = datetime(2013, 12, 11, 23, 59, 59) cmd = f"echo '20\nyes\nyes' | ./V1" def run_with_faketime(current_time):     result = subprocess.run(['faketime', current_time.strftime("%Y-%m-%d %H:%M:%S"), 'sh', '-c', cmd], capture_output=True, text=True)     match = re.search(r'Generated password:\s*(\S+)', result.stdout)     if match:         password = match.group(1)         print(password) current_time = start_time while current_time <= end_time:     run_with_faketime(current_time)     current_time += timedelta(seconds=1)

Understood, thank you!

see my edit... its depended on your current set OS-Time, cause its calculated from that. in UTC+0 its December 11, 2013 6:01:25 PM

Yeah, ended up figuring it out. Your hint was very useful, gave you rep!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  All reversing challenge - HTB - Flags @ 02/03/2025 fr34cker 7 3,559 03-27-2026, 08:01 AM
Last Post: escowbang
  Last Resort - HTB challenge - Solve together? mt01 27 3,808 01-31-2026, 11:42 AM
Last Post: TechArtificer
  HTB Challenge - Pivot Chain | flag tony_boom23 0 859 08-09-2025, 11:21 PM
Last Post: tony_boom23
  HTB challenge The Suspicious Reviewer writeup and flag inqwert 0 840 08-09-2025, 05:50 PM
Last Post: inqwert
  HTB Phoenix Pipeline challenge flag inqwert 1 919 08-07-2025, 10:00 PM
Last Post: DAV33D



 Users browsing this thread: 1 Guest(s)