Verify

Description

Solution

1. Step 1Identify the correct file
   Run sha256sum files/* | grep ... to find which file matches checksum.txt. In the provided dataset, files/00011a60 is the winner.

   sha256sum files/* | grep 03b52eabed517324828b9e09cbbf8a7b0911f348f76cf989ba6d51acede6d5d8

   Copied!
   Learn more

   SHA-256 is a cryptographic hash function that takes any input and produces a fixed 256-bit (64 hex character) digest. It has three critical properties: it is deterministic (same input always produces the same hash), collision-resistant (it is computationally infeasible to find two different inputs with the same hash), and one-way (you cannot reverse the hash to find the input).

   Hash verification is the standard method for confirming file integrity. When you download software, operating system images, or forensic evidence files, you compare the downloaded file's hash against the expected value to confirm nothing was tampered with or corrupted in transit. This is called a checksum verification.

   • sha256sum file computes the SHA-256 hash of a file.
   • sha256sum files/* computes hashes for all files in the directory - pipe through grep to find the matching one.
   • Other common hash tools: md5sum (MD5, weak - avoid for security), sha1sum (SHA-1, deprecated), sha512sum (SHA-512, stronger than SHA-256).
2. Step 2Decrypt
   Use the supplied script (./decrypt.sh files/00011a60) or run openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -salt -in files/00011a60 -k picoCTF manually.

   ./decrypt.sh files/00011a60

   Copied!
   Learn more

   openssl enc is OpenSSL's symmetric encryption/decryption command. Breaking down the flags: -d means decrypt, -aes-256-cbc specifies AES-256 in Cipher Block Chaining mode, -pbkdf2 uses the PBKDF2 key derivation function (more secure than the old default), -iter 100000 runs 100,000 iterations of PBKDF2 to slow brute-force attacks, -salt includes a random salt, and -k picoCTF provides the password.

   PBKDF2 (Password-Based Key Derivation Function 2) is an algorithm that deliberately makes password-to-key derivation slow and computationally expensive. This is desirable: if an attacker obtains the ciphertext, they cannot quickly brute-force the password because each guess requires 100,000 hash iterations. Modern alternatives include Argon2 and bcrypt.

   The shell script decrypt.sh wraps this command to make it accessible without knowing the OpenSSL flags. Reading shell scripts is a useful skill - even simple wrapper scripts often reveal the exact commands, parameters, and logic used, which you can then call directly or adapt.

3. Step 3Alternate brute-force
   If you don't want to compute hashes, loop over every file and try to decrypt each until one yields plaintext, and redirect output to flag.txt to capture the flag.

   for f in files/*; do openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -salt -in "$f" -k picoCTF; done > flag.txt

   Copied!
   Learn more

   This bash for loop iterates over every file matching files/* and attempts to decrypt each with the known password. Only the correct file will decrypt to readable plaintext - the others will either fail with an error or produce garbage binary. Redirecting stdout to flag.txt captures the flag when the correct file is processed.

   This brute-force approach trades CPU time (decrypting every file) for the convenience of skipping the hash computation step. It is a valid strategy when the file count is small. With hundreds of files and slow PBKDF2 iterations it would be noticeably slower, making the hash-first approach more efficient.

   This also demonstrates the power of the shell as a scripting environment: a complex multi-file operation is accomplished in a single line. Looping over files, chaining commands with pipes, and redirecting output are foundational shell skills used constantly in security work - from processing logs to automating exploit attempts.

Flag

picoCTF{trust_but_verify_0...}

Only the file whose hash matches checksum.txt decrypts to the flag.