diff --git a/Miscellaneous/My Friend John/MyFriendJohn.zip b/Miscellaneous/My Friend John/MyFriendJohn.zip new file mode 100644 index 0000000..81219eb Binary files /dev/null and b/Miscellaneous/My Friend John/MyFriendJohn.zip differ diff --git a/Miscellaneous/My Friend John/README.md b/Miscellaneous/My Friend John/README.md new file mode 100644 index 0000000..cff54aa --- /dev/null +++ b/Miscellaneous/My Friend John/README.md @@ -0,0 +1,21 @@ +## My Friend John +The main idea is learning how to use tools for cracking password protected zip files. + +#### Step-1: +We can open [`MyFriendJohn.zip`](./MyFriendJohn.zip) using [7zip](https://www.7-zip.org/) and extract `use-rockyou.zip`. + +#### Step-2: +Now we need a password to open `use-rockyou.zip`. There's a really popular wordlist called rockyou which can be downloaded [here](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt). + +#### Step-3: +We can use [fcrackzip](https://github.com/hyc/fcrackzip)'s dictionary attack: `fcrackzip -v -u -D -p rockyou.txt use-rockyou.zip` using rockyou. + +#### Step-4: +We now see `custom-list.txt` and `custom-list.zip`. We can use the custom word list to unlock the the zip file: `fcrackzip -v -u -D -p custom-list.txt custom-list.zip`. + +#### Step-5: +The last zip file is called `brute-force-pin.zip`. A pin is usually between 4 and 6 numeric digits. `fcrackzip -b -c "1" -l 4-6 -v -u brute-force-pin.zip`. The `-c "1"` means only use numeric digits when bruteforcing. + +#### Step-6: +Finally we get a `flag.txt` and the flag becomes: +`CTFlearn{s0_n0W_y0uv3_M3t_J0hN}` \ No newline at end of file diff --git a/Programming/The Credit Card Fraudster/README.md b/Programming/The Credit Card Fraudster/README.md new file mode 100644 index 0000000..7a98d8c --- /dev/null +++ b/Programming/The Credit Card Fraudster/README.md @@ -0,0 +1,17 @@ +## The Credit Card Fraudster +The main idea is checking numbers in a given range against the Luhn algorithm + +#### Step-1: +Implement the Luhn algorithm which works like this: +1. Start from the least significant (right most) digit +2. Take the sum of the digits from right to left but double every second digit. If the digit doubled is greater than 10, take the sum of the digits on that doubled value +3. If the final value can divide evenly into 10, passes the Luhn check, otherwise it does not + +#### Step-2: +Now we need to get the range of numbers that fit the credit card number in the format of `543210******1234`. This would mean all numbers from `5432100000001234` to `5432109999991234` with an increment of `10000` + +#### Step-3: +Loop through all possible numbers, check if it's divisible by `123457` and passes the Luhn check. + +#### Step-4: +The flag is revealed after running the script. \ No newline at end of file diff --git a/Programming/The Credit Card Fraudster/solve.py b/Programming/The Credit Card Fraudster/solve.py new file mode 100644 index 0000000..7c1d92b --- /dev/null +++ b/Programming/The Credit Card Fraudster/solve.py @@ -0,0 +1,27 @@ +min_val = 5432100000001234 +max_val = 5432109999991234 +inc = 10000 + +def luhn_check(num): + def sum_of_digits(n): + s = str(n) + t = 0 + for c in s: + t += int(c) + return t + + string = str(num) + total = 0 + double = False + for i in range(len(string) - 1, -1, -1): + c = string[i] + if double: + total += int(c)*2 if int(c)*2 < 10 else sum_of_digits(int(c)*2) + else: + total += int(c) + double = not double + return total%10 == 0 + +for i in range(min_val, max_val, inc): + if i%123457 == 0 and luhn_check(i): + print(i) \ No newline at end of file