CTF - STiBaRC Bank Info Leak

Posted by herronjo at 9:07 PM on 11/5/2020 EST:

I am excited to announce the first of possibly a number greater than one capture the flag challenges, sponsored by STiBaRC! If you think you can solve it, and it is difficult and time consuming, the description of the challenge is below:

Uh oh! It looks like the STiBaRC Bank just had a breach, and their single customer, Ron Williams, had his credit card information leaked! Fortunately, the bank has some level of protection, and the card number is at least obscured in the database.

The bank does store the last four digits of the card number, along with the expiration date and the fact that it is a Visa card in plain text though, which is fortunate for us. They also store a combination of the credit card number and CVV security number hashed together using MD5 digested using hex. A bad move for a bank, but it makes the job all the easier. We can also see that Mr. Ron Williams has a whopping total of $5 on his account, and whoever gets the card info first and spends the money gets to keep it.

Here's what we know:
-The card is issued by Visa
-The last four digits of the card are 7335
-The card expires on 11/26
-The hashed information is stored like so: <16 digit card number>-<3 digit CVV>
so if the card number was 1234123412341234 and the CVV was 123, it would be 1234123412341234-123 hashed, which would be hashed as e1b5f6f9e960e19e8b8c66800dc1f317
-The hash of the solution is 8c061b8981ebbadf71349e6e78d893f4
-There is $5 on the card, and whoever gets this first gets to keep it
-You're going to have to brute force this, try to optimize using what you know

The challenge can be found and and answers can be submitted at <a href="https://staging.laphatize.com/challenges/U1TIsX5SghkCCW1RsxBT" target="_blank">https://staging.laphatize.com/challenges/U1TIsX5SghkCCW1RsxBT</a>

˄ 5  ˅ 0

No comments
Log in to post a comment!