Description
We intercepted a suspicious file from a system, but instead of the password itself, it only contains its SHA-1 hash. Using OSINT techniques, you are provided with personal details about the target. Generate a custom password list and recover the original password by matching its hash. Download: userinfo.txt , hash.txt , and check_password.py .
Download userinfo.txt, hash.txt, and check_password.py.
Read userinfo.txt to understand the target's personal details.
cat userinfo.txt
cat hash.txt
cat check_password.py
Solution
- Step 1Profile the targetRead userinfo.txt carefully. It contains personal details like name, birthdate, favourite things, pet names, or other information people commonly use in passwords.cat userinfo.txt
- Step 2Generate a custom wordlist with cupp or a custom scriptUse CUPP (Common User Passwords Profiler) or write a Python script to generate password candidates from the personal information. Combine name, birthdate, pets, and common suffixes.pip install cuppcupp -i # interactive mode -- enter details from userinfo.txt# Or manually generate candidates:python3 << 'EOF' import hashlib, itertools # Extract key info from userinfo.txt name = "John" lastname = "Smith" birth = "1990" pet = "fluffy" words = [name, lastname, birth, pet, name+lastname, name+birth, pet+"123", name.lower()+"@"+birth, pet.capitalize()] target_hash = open("hash.txt").read().strip() for w in words: for suffix in ["", "!", "123", "@1", "1"]: candidate = w + suffix if hashlib.sha1(candidate.encode()).hexdigest() == target_hash: print("Found:", candidate) break EOF
- Step 3Run check_password.py with the found passwordOnce you have the correct password, run check_password.py to confirm and retrieve the flag.python3 check_password.py FOUND_PASSWORD
Flag
picoCTF{p4ssw0rd_pr0f1l3r_...}
Generate a targeted wordlist from the victim's personal details and crack their SHA-1 hashed password.