Description
The server asks you to compute the MD5 hash of a word several times. Answer each prompt correctly to get the flag.
Setup
Connect to the server with netcat.
nc saturn.picoctf.net <PORT>Solution
Want to try it yourself first?
The guided walkthrough reveals hints one step at a time.
Step 1
Connect and read the promptObservationI noticed the challenge description says the server asks you to compute an MD5 hash, which suggested the first action is simply connecting via netcat and carefully reading the full server prompt before computing anything.Connect with netcat. The server asks you to MD5-hash the text between quotes, excluding the quotes themselves. Read the word it gives you.bashnc saturn.picoctf.net <PORT>What didn't work first
Tried: Sending a response immediately without reading the full prompt first
The server sends a multi-line prompt that includes both the instruction and the quoted word to hash. If you send a reply before reading to the end of the prompt, you will hash the wrong token or miss it entirely and the server will reject your answer. Always read the complete server output before computing and replying.
Learn more
MD5 (Message Digest 5) is a cryptographic hash function that produces a fixed 128-bit (32 hex character) digest from any input. Hash functions are deterministic - the same input always produces the same output - and designed to be one-way: you cannot reverse a hash to recover the original input.
The server sends the prompt: please md5 hash the text between quotes excluding the quotes. The quoted word changes each time.
Step 2
Compute the MD5 hash and replyObservationI noticed the server prompt explicitly requests an MD5 hash of a specific quoted word, which suggested using md5sum with echo -n to avoid a trailing newline altering the digest before pasting only the 32-character hex output back into the netcat session.In a separate terminal, run md5sum with the word (using echo -n to avoid hashing the newline). Copy the resulting 32-character hex digest and paste it back into the netcat session. Repeat for each round.bashecho -n 'computers' | md5sumExpected output
524164822d03894ee68052e183e7ea36 -
What didn't work first
Tried: Running 'echo computers | md5sum' without the -n flag
Without -n, echo appends a newline character to the string before piping it to md5sum, so you are hashing 'computers\n' instead of 'computers'. The resulting digest is completely different and the server rejects it every time. The fix is to always include -n: 'echo -n computers | md5sum'.
Tried: Pasting the full md5sum output ('524164822d03894ee68052e183e7ea36 -') into the netcat session
md5sum prints the 32-character hex digest followed by two spaces and a dash (representing stdin). The server expects only the 32-character hex digest. Pasting the trailing ' -' causes the server to reject the answer. Copy only the first 32 characters of the md5sum output.
Learn more
echo -nprints the string without appending a newline character. Hashingcomputers\nproduces a completely different digest than hashingcomputers, so the-nflag is essential. On macOS, usemd5 -s computersinstead.The server repeats the challenge several times before printing the flag. Each round, copy the word from the netcat output, compute its MD5 in the other terminal, then paste the hex digest back. The server closes the connection after a few seconds of inactivity, so work quickly. If the manual approach is too slow, write a short Python script using the hashlib and socket modules (or pwntools) to automate reading each word, computing its MD5, and sending the reply.
While MD5 is fast and widely supported, it is cryptographically broken for security purposes - collision attacks have been demonstrated. Modern systems use SHA-256 or SHA-3 instead. MD5 still appears in CTFs and legacy systems, so recognizing it is an important skill.
Interactive tools
- Hash IdentifierIdentify unknown hash types by length and prefix. Covers MD5, SHA-1, SHA-256, SHA-512, bcrypt, NTLM, and more.
- Checksum CalculatorCompute CRC32, SHA-1, SHA-256, SHA-384, and SHA-512 hashes for text or uploaded files. Verify against known hashes.
Flag
Reveal flag
picoCTF{4ppl1c4710n_r3c31v3d_...}
echo -n is required to suppress the trailing newline - hashing a word with a newline attached produces a completely different MD5 than the server expects.