picoCTF Solutions
picoCTF 2025CryptographyEasy

hashcrack

Published: April 2, 2025Updated: December 9, 2025

Description

A breached server challenges you to identify progressively stronger hashes (MD5, SHA-1, SHA-256). Crack each password to reveal the flag.

Setup

Connect via nc verbal-sleep.picoctf.net 52014.

Each prompt displays a hash; supply the cleartext password to continue.

nc verbal-sleep.picoctf.net 52014
hashcat --example-hashes | grep 482c811da5d5b4bc6d497ffa98491e38 # or use crackstation

Solution

  1. Step 1Crack the MD5 hash
    482c811da5d5b4bc6d497ffa98491e38 → password.
  2. Step 2Crack the SHA-1 hash
    b7a875fc1ea228b9061041b7cec4bd3c52ab3ce3 → letmein.
  3. Step 3Crack the SHA-256 hash
    916e8c4f79b25028c9e467f1eb8eee6d6bbdff965f9928310ad30a8d88697745 → qwertyuiop. Submit each response over the nc session to obtain the final flag.

Flag

picoCTF{UseStr0nG_h@shEs_&PaSswDs!_7f29...}

Online hash databases crack these instantly, demonstrating why weak hashes are dangerous.