By: draNx

Tags: crypto PicoCTF-2022

Problem Description:

We found a leak of a blackmarket website's login credentials. Can you find the password of the user cultiris and successfully decrypt it? Download the leak here. The first user in usernames.txt corresponds to the first password in passwords.txt. The second user corresponds to the second password, and so on.


Reveal Hints Maybe other passwords will have hints about the leak?


First, open the tar file using

tar -xf

This gives you the necessary files. We can grep for the line of the cultiris user using

cat usernames.txt | grep -n cultiris

which returns:


So now, we simply look for the 378th line in the passwords file

cat passwords.txt | head -n 378 | tail -n 1

Returning the flag: cvpbPGS{P7e1S_54I35_71Z3} Since this looks like a rotation (specifically ROT-13), we plug into dcode.fr or some similar website and find the actual flag.

Flag: picoCTF{C7r1F_54V35_71M3}