{"id":389,"date":"2014-05-29T09:31:41","date_gmt":"2014-05-29T14:31:41","guid":{"rendered":"http:\/\/www.rajatswarup.com\/blog\/?p=389"},"modified":"2014-06-03T00:02:48","modified_gmt":"2014-06-03T05:02:48","slug":"defcon-ctf-quals-2014-hackertool","status":"publish","type":"post","link":"https:\/\/www.rajatswarup.com\/blog\/2014\/05\/29\/defcon-ctf-quals-2014-hackertool\/","title":{"rendered":"DefCon CtF Quals 2014 writeup &#8211; hackertool"},"content":{"rendered":"<p><code>hey, we need to check that your connection works, torrent this file and md5 it<\/code><\/p>\n<p><a href=\"http:\/\/services.2014.shallweplayaga.me\/hackertool.torrent_fe3b8b75e9639d35e8ac1d9809726ee2\">http:\/\/services.2014.shallweplayaga.me\/hackertool.torrent_fe3b8b75e9639d35e8ac1d9809726ee2<\/a><\/p>\n<p>The torrent file when loaded into Vuze showed that the file name was every_ip_address.txt.  So I downloaded some of the file and observed the format.  The format of the file was &#8220;0.0.0.1\\n0.0.0.2\\n&#8230;. &#8220;.<\/p>\n<p>So I wrote a quick python script to calculate the md5:<\/p>\n<pre>#!\/bin\/python\r\nimport hashlib\r\nm = hashlib.md5()\r\nfsize = 0\r\na = ''\r\nfor i in xrange(256):\r\n    for j in xrange(256):\r\n        for k in xrange(256):\r\n            for l in xrange(256):\r\n                a = str(i)+'.'+str(j)+'.'+str(k)+'.'+str(l)+'\\n'\r\n                fsize += len(a)\r\n                m.update( a )\r\nprint m.hexdigest()\r\n<\/pre>\n<p>The flag was &#8220;1a97f624cc74e4944350c04f5ae1fe8d&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>hey, we need to check that your connection works, torrent this file and md5 it http:\/\/services.2014.shallweplayaga.me\/hackertool.torrent_fe3b8b75e9639d35e8ac1d9809726ee2 The torrent file when loaded into Vuze showed that the file name was every_ip_address.txt. So I downloaded some of the file and observed the format. The format of the file was &#8220;0.0.0.1\\n0.0.0.2\\n&#8230;. &#8220;. So I wrote a quick python [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[196],"tags":[222,224],"class_list":["post-389","post","type-post","status-publish","format-standard","hentry","category-programming","tag-ctf","tag-defcon"],"_links":{"self":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/comments?post=389"}],"version-history":[{"count":4,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/389\/revisions"}],"predecessor-version":[{"id":393,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/389\/revisions\/393"}],"wp:attachment":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/media?parent=389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/categories?post=389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/tags?post=389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}