The Perfect Beginner CTF Challenge

Indiziert: 2026-05-21

[00:00:00]Hey everyone, I hope you're doing well.

[00:00:02]I'm Gondwa and I wanted to chat about a challenge today.

[00:00:07]Somebody came to my Discord and basically asked about this challenge and I thought, "Hey, this challenge looks really cool." Maybe not in the way how you solve it because while it's pretty a pretty interesting way to solve it, there are actually three ways and all of them are pretty cool. It's pretty easy.

[00:00:23]It's a pretty easy challenge, but the way it was constructed, I really enjoyed it. I really liked it. I'm not sure who's the author actually, but yeah, the code itself is uh I would say a masterpiece for an very easy challenge. So, let's say dive into it. The challenge is from Google's Beginner's Quest. It's a companion CTF to Google CTF qualification round where Google CTF qualification round is usually super hard, Beginner's Quest isn't. It's way easier. And it's one of the first challenges actually. Well, I'm saying one of them because there are actually two of them. One is Guess Password Easy and the other is Guess Password Hard. I have already downloaded them and we can start by looking at the code. So, let's open the code. Here we go. It's in C. It's pretty short. It's just 50 lines. It has, as far as I can tell, at least three different ways you can solve it.

[00:01:20]And yeah, and I think it's like really well done because again, there aren't that many challenges which you can solve in a couple of different ways. All of them seem to be intended based on the code, based on what's in the in the comments as well. So, yeah, let's get into it.

[00:01:38]First of all, what we can see already is that there is SHA-256 hash involved. We have a generate random password function which, just briefly looking at the code, there's a loop. It goes up to 20 characters and it selects using a PRNG, not a cryptographically secure pseudo-random number generator, just a normal pseudo-random number generator.

[00:02:04]It selects 20 characters from A to Z, uh lower case A to Z.

[00:02:09]And it returns it.

[00:02:11]And then we have the main function, and that's it. So, like 50 lines total.

[00:02:16]What we do at the beginning is we set the seed for the pseudo-random number generator to the current time.

[00:02:23]Time actually, when it gets a zero, this This shouldn't be a zero technically.

[00:02:26]This is a pointer, so it should be a null. But, regardless, it will return the current time as an integer, as seconds from the 1st of January, 1970, meaning a normal Unix timestamp.

[00:02:43]Which, as you know if you're a seasoned player, it's a vulnerability on its own, because, well, it's predictable, right? Like, an attacker can kind of guess, "Oh, they have generated the password for it, because that's what's going to happen in a second. They generated the password probably this day, and a day has what, like 86 uh thousand seconds, 86,400 to be exact.

[00:03:07]That's a super low number of variants to iterate through.

[00:03:12]But, here, because we are actually This code is running on a different server, and we can connect to that server, kind of spawn the instance of this challenge as well, at the same time, we don't even have to go through the whole day worth of seconds. We can just go through a couple of seconds, and yeah, we're going to hit it.

[00:03:28]So, this already is one way to solve it, basically. Yeah, just predict what the seed is, and then run this function, and you get the password. That's it. You will get the same password that was on the server, plus minus the differences in, like, what was the exact second there, if there isn't any clock, like, maybe the clock isn't set correctly, the system clock, right? It can be maybe set to 20 seconds too late or too early. Maybe your clock on your system is wrong. But that's just one way to solve it. Another way would be well, because this isn't a pseudo service isn't a CSPRNG, meaning this isn't cryptographically secure. You can probably just knowing a couple of characters, you can yeah, know like where in this stream of numbers you are. You can probably get back to the seed from there.

[00:04:20]But this isn't also the way we are going to solve this challenge.

[00:04:24]It's like yet another way how you could solve it. So, let's take a look what's going on here. We do generate this random password.

[00:04:31]Then we actually or rather the server actually tells the player first five characters. Well, this is based on the description of the challenge. We already know that.

[00:04:41]And then we or rather the server says, "Yeah, like user, what's your guess?

[00:04:46]What do you think the password is, right?" So, the user then input something.

[00:04:52]And then this is well, both the server password and the user password which the user given has given are hashed with SHA-256 using that function which we saw above.

[00:05:09]And then we have this comment.

[00:05:12]Uh actually we have both comments which is worth reading because comments in easy challenges usually contain some hint. Calculate SHA-256 hashes to protect from a timing attack.

[00:05:24]This is true to some extent, but okay.

[00:05:27]Then let's go to the second comment. Do not use str cmp. Do not use string compare as the buffers are not null terminated. Okay, this is a pretty big hint. This is incorrect. It should be null or it should be null because yeah, null written like this is actually a pointer and this is actually the name of a ASCII character they had in mind or you can also say null with a lower case but doesn't matter. We know what they meant.

[00:05:58]So This is a really good hint because well yeah, do not use this because the string is not null terminated but then they go and still use a string variant of a comparison function. What should have been used here is memcmp because memcmp does not care about a null terminator at the end of a string. In case you don't know what I'm talking about is like this but in the C world because strncmp is actually from the C world not C++ but C operates on ASCII Z strings. ASCII zero terminated zero being this null here is a character of value zero and so if you have a string like ASDF then actually at the end in memory there will be a byte of value zero and this says yeah, the string ends here.

[00:06:49]And these functions or all of these like str functions actually just go from the beginning to until they hit a zero byte, a null byte.

[00:06:59]This has caused like a lot of interesting issues in in the history of programming but let's focus on this one. So okay, well they compare the hashes right? So what's the problem here with comparing hashes like okay, let's create maybe do we have a console? We do have a console so let's maybe create a couple of hashes.

[00:07:19]ASDF SHA-256 uh some of course and then let's make another hash just ASDF so we have two different hashes right? And like it kind of looks like a string so what's the problem with comparing two strings like that? Well, because a hash can be represented in a couple of ways.

[00:07:41]This what you see on the screen, is a hexadecimal representation. It's pretty standard. This is usually what you associate with a hash.

[00:07:47]But, it doesn't have to be. For example, hashes can also be encoded as base 64. But, they can also not be encoded as all. Be just a binary blob of um however many bytes.

[00:08:03]And what if we would actually go to the description of this function from OpenSSL, we would learn that yeah, this actually doesn't output a string. What it does output, and we can actually see it from here as well, but they expect bytes from this, not a string. So, it does output uh outputs 20 bytes.

[00:08:24]Okay. So, let's go back to the comparison. So, do you know what kind of strings are equal? For example, strings which are empty.

[00:08:34]An empty string is just a string which has a null byte at the beginning. It can have whatever There can be whatever in memory later on. We don't care about it at all. But, it has this. So, if we compare two empty strings with each other, hey, that actually is equal, right? Like empty strings are equal.

[00:08:52]So, how do we make an empty string?

[00:08:54]Well, we have to find a password that we will give to the server which has the first byte of the hash. So, the first like this here has to be 0 0.

[00:09:09]Okay.

[00:09:10]And then then what? We have no guarantee that the other hash, that the server password hash, will have a zero byte at the beginning. Like, there's no guarantee at all. So, what then?

[00:09:20]Actually, yeah, that's true. But, sooner or later, it will be.

[00:09:26]Meaning, this is a while, right? So, this goes in finitely, basically. So, what we can do is we can try it again and again and again and again and again until this function here generates something like a password which hashed will have a 0 0 at the beginning. It's kind of like Bitcoin mining, I guess, because it's about zero zeros at the beginning, but we are not really >> [clears throat] >> mining Bitcoin here.

[00:09:53]So, first of all, step number one, we need like a string which has zeros at the beginning. We can kind of, you know, kind of guess it, like maybe something like this will have a zero. Uh maybe XYZ will have a zero. Or we can just write a short Python program. So, let's do import hashlib.

[00:10:11]And then we do Mhm, let's maybe I mean, it can be just a number, right? We are not restricted to characters. So, for I in range 10,000 let's do if hashlib sha256 from string of I, we convert I, which is a number, to a string, and then we have to encode it because it this function actually operates on bytes.

[00:10:39]And then we get a digest, not a hex digest, but a digest. This function returns bytes. So, if the zero byte the like first byte actually returns a zero, a null byte then we want to print I.

[00:10:53]Which is the number, right?

[00:10:55]And wow, there's a lot of numbers. Let's go with this one, 286, like the x86 processors, I guess. So, let's verify it.

[00:11:04]286 sha256 sum Yep, it has a null byte at the beginning, two zeros.

[00:11:12]Why two? Because well, hexadecimal number, so two nibbles, two hexadecimal digits is actually one byte.

[00:11:20]Okay. So, yeah, we have this. Now, we just have to contact the server, right?

[00:11:24]And before we contact the server, what I would like to do is I'm going to actually create a file which I'm going to call passwords.

[00:11:33]And I'm going to put 256 here, but I'm going to put it a lot of time. So, I don't want to input it manually. I just want this to happen automatically.

[00:11:42]So, let's do this. Let's do this. And let's Okay, let's We need Well, worst case scenario, we need around 256 or maybe a little bit more because we just might be unlucky.

[00:11:56]And now let's check the address of the server which I have to copy from here.

[00:12:01]There we go.

[00:12:03]Okay. Let's see if we can connect to the server.

[00:12:07]Yeah, we can. Okay, proof of work disabled. Password blah blah blah.

[00:12:11]You're a guest from 196. Wrong. Wait a second. That's okay.

[00:12:15]So, now let's feed this netcat that uh passwords file which I created.

[00:12:22]Okay. And now we basically just have to wait. And uh sooner or later, the server will actually generate a password which will have the zeros at the beginning. Now, what we can do of course, we can just like make another like open another console and do it in parallel because I mean, why not? We just have to We shouldn't DDoS the server, but because there is this like delay of 1 second, this isn't really problematic. So, let's do uh we have this and we do passwords again.

[00:12:56]And let's see how long does it take. I'm actually going to speed up this video in case it takes a little bit longer.

[00:13:19]Okay, and there we go. We have a flag.

[00:13:23]Did you have a great time looking for the seed? Well, we didn't look for the seed. We actually did it the third way, which was again intended based on the hint.

[00:13:33]So, there we go.

[00:13:36]And there are other great challenges on the Google CTF's website, but if you also want to check other great challenges, you can go to hackerkana.com, which is my educational website, and if you go to the uh let's make this a little bit bigger.

[00:13:52]If you go to the exercises tab, there are even more challenges to solve. So, if you like and enjoy CTF challenges, check us out.

[00:14:01]And that's it for today. I wish you a great evening. Have fun. Goodbye, and cheers.