Feat(ctf): add challange

challenges/cryptography/build/dockerfile

@@ -0,0 +1,27 @@
+FROM python:3.12-slim AS builder
+WORKDIR /app
+COPY hash.py .
+RUN python hash.py | tee text.txt;
+
+FROM alpine:latest as production
+RUN apk update && apk upgrade;
+RUN apk add openssl nmap-ncat;
+
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup;
+WORKDIR /app
+
+# 2. Copy the result from builder AND your shell script
+COPY --from=builder /app/text.txt .
+COPY script.sh .
+
+# 3. FIX PERMISSIONS: 
+RUN chmod +x script.sh && \
+    chown appuser:appgroup text.txt script.sh
+
+# 4. Switch to the non-root user
+USER appuser
+EXPOSE 5000
+
+ENV FLAG ""
+# 5. Execute the script
+CMD ["ncat", "-lkp", "5000", "-e", "/bin/sh ./script.sh"]

challenges/cryptography/build/hash.py

@@ -0,0 +1,28 @@
+import hashlib
+import sys
+
+string_to_hashed = (
+    "server123",
+    "password123",
+    "letmein"
+)
+
+
+def hashString():
+    h1 = hashlib.md5()
+    h1.update(string_to_hashed[0].encode())
+    hashed1 = h1.hexdigest()
+    h2 = hashlib.sha1()
+    h2.update(string_to_hashed[1].encode())
+    hashed2 = h2.hexdigest()
+    h3 = hashlib.sha256()
+    h3.update(string_to_hashed[2].encode())
+    hashed3 = h3.hexdigest()
+    return hashed1, hashed2, hashed3
+
+def main():
+    h1 , h2 , h3 = hashString()
+    print(h1 , h2 , h3)
+    sys.exit(0)
+if __name__ == "__main__":
+    main()

challenges/cryptography/build/script.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+path="${PWD}/text.txt"
+
+if [[ ! -f "$path" ]]; then
+    echo "Error: file does not exist at $path" >&2
+    exit 1
+fi
+
+FIRST_HASH=$(cut -d " " -f1 "$path")
+SECOND_HASH=$(cut -d " " -f2 "$path")
+THIRD_HASH=$(cut -d " " -f3 "$path")
+echo "this hash for a  weak password can you figure it out $FIRST_HASH : "
+read FIRST_ANSWER
+FIRST_HASH_ANSWER=$(echo -n ${FIRST_ANSWER} | openssl dgst -md5 -hex | cut -d " " -f2 )
+while [[ ! "$FIRST_HASH_ANSWER" == "$FIRST_HASH" ]]; do
+  echo "Wrong try again :"
+  read FIRST_ANSWER
+FIRST_HASH_ANSWER=$(echo -n ${FIRST_ANSWER} | openssl dgst -md5 -hex | cut -d " " -f2 )
+done
+echo "Good job you did it, there is  another password can you find it $SECOND_HASH :"
+read SECOND_ANSWER
+SECOND_HASH_ANSWER=$(echo -n ${SECOND_ANSWER} | openssl dgst -sha1 -hex | cut -d " " -f2 )
+while [[ ! "$SECOND_HASH_ANSWER" == "$SECOND_HASH" ]]; do
+  echo "Wrong try again :"
+  read SECOND_ANSWER
+SECOND_HASH_ANSWER=$(echo -n ${SECOND_ANSWER} | openssl dgst -sha1 -hex | cut -d " " -f2 )
+done
+
+echo  "Almost there last password $THIRD_HASH"
+read THIRD_ANSWER
+THIRD_HASH_ANSWER=$(echo -n ${THIRD_ANSWER} | openssl dgst -sha256 -hex | cut -d " " -f2 )
+while [[ ! "$THIRD_HASH_ANSWER" == "$THIRD_HASH" ]]; do
+  echo "Wrong try again :"
+  read THIRD_ANSWER
+THIRD_HASH_ANSWER=$(echo -n ${THIRD_ANSWER} | openssl dgst -sha256 -hex | cut -d " " -f2 )
+done
+echo "Congratulation , you made it :${FLAG:-flag{test}}"
+

challenges/cryptography/build/text.txt

@@ -0,0 +1 @@
+8a16a6b70505eb1f1ff7cdc0cd5559a7 cbfdac6008f9cab4083784cbd1874f76618d2a97 1c8bfe8f801d79745c4631d09fff36c82aa37fc4cce4fc946683d7b336b63032

challenges/cryptography/solution/main.py

@@ -0,0 +1,27 @@
+import sys
+import random
+import os
+import hashlib
+
+
+def main():
+    curr_path = os.path.dirname(__file__)
+    # put wordlist in the same place with this script
+    # change the name file if needed
+    path_file = os.path.join(curr_path, '100k-most-used-passwords-NCSC.txt')
+    hash_to_find = input('give the hash')
+    print(path_file)
+    with open('100k-most-used-passwords-NCSC.txt') as f:
+        data = f.read()
+        for line in data.split():
+            # you can change algorithm  of hashing
+            h = hashlib.sha256()
+            hash = h.update(line.encode('utf-8'))
+            found_hash = h.hexdigest()
+            if found_hash == hash_to_find:
+                print('found:', line)
+                break
+
+
+if __name__ == '__main__':
+    main()