SOLUTION TO THE ROTOHASH CHALLENGE (BOUNTYCON 2022)
Note: This solution is provided by Sudip Shah and in his exact words and methodology. Enjoy! The Challenge: Challenge Lets see what the script.py contains : script.py As previously mentioned about programming, I didn’t properly understand the code but after multiple glances at the code, I came to know that the string is rotated and then hashed to md5 value. And yes, as you might have guessed, md5 hashes can’t be decrypted and can only be cracked. I saw the input rotation is an integer so yes the numbers, then I tried fuzzing the numbers from 1 to (length of the string ) and printing it inside the rotate function. Then I tried rotating the string through negative integers. The code snippet looked as, fuzzing and printing the rotatefunction without hashing to see what’s happening Then I got some ideas from this source . Now it’s time to hop into the server and try it . A netcat connection was sent and we were to input the integer and output would be the rotated then md5...