DerbyCon 9 – DomainTools CTF – Crypto

Continuing with write-ups for events from DerbyCon is the DomainTools CTF.  I’ll be contributing solutions for every challenge in the CTF, broken up by the same section names that they used.  When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description.  First up: the crypto challenges!

Challenge: Data Blob in the Log! (10 Points)

Directions: You keep noticing a weird string in your log files. Decipher the string for the challenge flag!

The string in question is: “vevf!”

Solution: A simple 13 character rotation (ROT-13) solves this as “iris!” (CyberChef recipe), which is a DomainTools product.

Challenge: SHA1 is dead, long live SHA1! (10 Points)

Directions: What’s the SHA1 sum of the string ‘dns’?

Solution: This is a simple command in a *nix shell:

user@system:~$ echo "dns" | sha1sum
a6a3bb38694366355d11b439926dcf5ee823806b -

Challenge: Get XOR’d! (20 Points)

Directions: A string has been encrypted using single-byte XOR. Can you decrypt it and get the flag?


Solution: First recognize that the hex values, when broken up, are all printable ASCII characters.  Convert from hex to ASCII, then use an XOR brute force and review results until you find the answer of “HACKTHEPLANET” from a key of ‘0x03’ (CyberChef recipe).

Challenge: DB Pwn3d! (20 Points)

Directions: You just compromised a database with passwords stored as md5 unsalted hashes. Crack the hash of the ‘admin’ password!


Solution: While you could quickly find this using John the Ripper or Hashcat using a wordlist like RockYou or Twitter Banned, it’s much easier to simply search your favorite search engine which will quickly return this as a commonly known MD5 for “Password123” (example result).


Okay, that’s it for the first round… next up is the Forensics section of the DomainTools CTF.  Until next time, good hunting!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by

Up ↑

%d bloggers like this: