Description
The server asks you to compute the MD5 hash of a word several times. Answer each prompt correctly to get the flag.
Setup
Connect to the server with netcat.
nc saturn.picoctf.net <PORT>Solution
Walk me through it- Step 1Connect and read the promptConnect with netcat. The server asks you to MD5-hash the text between quotes, excluding the quotes themselves. Read the word it gives you.bash
nc saturn.picoctf.net <PORT>Learn more
MD5 (Message Digest 5) is a cryptographic hash function that produces a fixed 128-bit (32 hex character) digest from any input. Hash functions are deterministic - the same input always produces the same output - and designed to be one-way: you cannot reverse a hash to recover the original input.
The server sends the prompt: please md5 hash the text between quotes excluding the quotes. The quoted word changes each time.
- Step 2Compute the MD5 hash and replyIn a separate terminal, run md5sum with the word (using echo -n to avoid hashing the newline). Copy the resulting 32-character hex digest and paste it back into the netcat session. Repeat for each round.bash
echo -n 'computers' | md5sumLearn more
echo -nprints the string without appending a newline character. Hashingcomputers\nproduces a completely different digest than hashingcomputers, so the-nflag is essential. On macOS, usemd5 -s computersinstead.The server repeats the challenge several times before printing the flag. Each round, copy the word from the netcat output, compute its MD5 in the other terminal, then paste the hex digest back. There is no strict time limit - you can work at your own pace.
While MD5 is fast and widely supported, it is cryptographically broken for security purposes - collision attacks have been demonstrated. Modern systems use SHA-256 or SHA-3 instead. MD5 still appears in CTFs and legacy systems, so recognizing it is an important skill.
Flag
picoCTF{...}
echo -n is required to suppress the trailing newline - hashing a word with a newline attached produces a completely different MD5 than the server expects.