The Challenge

The Solution

This challenge was a complete dick on the day. All the clues following Cough RockYou Cough weren’t listed, and hashed was set to encoded, as the webpage says. Needless to say, I wasted a shitload of time and effort on this challenge.

For those who know their wordlists, rockyou.txt is the big one. It is one of the largest word lists you will use, coming in at 60MB when compressed. Off the top of my head, it has over 2.5 million words.

This is why you don’t quote numbers off the top of your head. It’s over 14 freakin’ million words.

So like a dick, I originally made many duplicates of this wordlist and encoded them. Binary, hexadecimal, base64… but I was completely off. The directories and files are hashed. Thanks dook.

The clues make it a bit easier. First, we’re clued in to the existence of a common file. Let’s say robots.txt. Now, we know that file is HASHED AND NOT GODDAMN ENCODED. So we can test the output of various hashes and see if they exist.

Let’s make a list of some hashing algorithms we can try…

Alright. Let’s go down the list. MD5 first.

We’re using the -n option to suppress the newline character that’d be appended to the string “robots.txt” normally, so we don’t get a garbage hash.

Let’s try it out.

Alrighty. Now let’s hash rockyou.txtNOTE: don’t actually run this, I borked the command. See further below.

We’re gonna read each of the 14 million words from rockyou.txt, then echo them, pass them through a pipe to md5sum, then append them to rockyoumd5.txt. If we’re sm0rt, this should be a complete hashed wordlist. This took ages to run.

When it finally does complete, let’s quickly check that we got what we asked for.

Alright, it appended a – to each of our hashes. Let’s do a bit of cleanup.

This grabs the first “field” (our hash) that’s been delimited by a space and outputs to a new text file.

It’s at this point in my writeup that I noticed all my hashes were the same. I messed up my bash command. Use this instead.

The first time you declare a bash variable, don’t prepend a $.

Clean it up…

Now let’s use dirb to see if any of our hashes match a directory.

If you were patient, you’d see a lot more generated words. I sorta gave up a few minutes into generating the wordlist because I knew I’d already hashed it.

It looks like we hit something with e3ceb5881a0a1fdaad01296d7554868d. Let’s see what’s inside.

Booyah.