credstuff

03/29/2022

By: draNx

Tags: crypto PicoCTF-2022

Problem Description:

We found a leak of a blackmarket website's login credentials. Can you find the password of the user cultiris and successfully decrypt it? Download the leak here. The first user in usernames.txt corresponds to the first password in passwords.txt. The second user corresponds to the second password, and so on.

Hints:

Reveal Hints

Maybe other passwords will have hints about the leak?

Credstuff

First, open the tar file using

tar -xf

This gives you the necessary files. We can grep for the line of the cultiris user using

cat usernames.txt | grep -n cultiris

which returns:

378:cultiris

So now, we simply look for the 378th line in the passwords file

cat passwords.txt | head -n 378 | tail -n 1

Returning the flag: cvpbPGS{P7e1S_54I35_71Z3} Since this looks like a rotation (specifically ROT-13), we plug into dcode.fr or some similar website and find the actual flag.

Flag: picoCTF{C7r1F_54V35_71M3}