DIMVA CTF 2013 - Trivia50 (II) Writeup
This trivia wanted that our input hashed with an “unkown” method must starts this string:“1000000”. Also the first chars of our hashed input is provided, for example the hash of 123 is “4f68465”. Detecting the hash algorithm was extremely easy, infact we can check all the hasing methods supported with hash_algos() and see who with input “123” return “4f68465”:
<?php
$arr=hash_algos();
for($i=0;$i<count($arr);$i++){
if(preg_match('/^4f68465/', hash($arr[$i],"123")))
echo $arr[$i]."\n";
}
?>
The returned “salsa20”. Knowing this we can now just set up a bruteforce script to catch wich string starts with “1000000”:
<?php
for($i=1;$i<9999999000;$i++){
if(preg_match('/^1000000/', hash("salsa20",$i)))
echo $i."::::::::".hash("salsa20",$i)."\n";
}
?>
The number was 460825513.
Razor4x