CTFtime.org

can_you_c_the_password?

by talb / hackwali

Tags: password-cracking 

Rating:

Download the challenge archive, extract it, open `Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Preferences/Groups/Groups.xml`:

```xml

<Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}"><User clsid="{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}" name="n00b_us3r" image="0" changed="2020-11-15 00:57:07" uid="{A8043038-7235-4F5E-BE8C-3076F5D31FE8}"><Properties action="C" fullName="" description="" cpassword="HlQWFdlPXQTU7n8W9VbsVTP245DcAJAUQeAZZfkJE/Q8ZlWgwj7CqKl6YiPvKbQFO7PWS7rSwbVtSSZUhJSj5YzjbkKtyXR5fP9VQDEieMU" changeLogon="0" noChange="0" neverExpires="0" acctDisabled="0" userName="n00b_us3r"/></User>
</Groups>
```

By giving this cpassword to gp3finder, we get the flag:

```bash
$ python cli.py -D HlQWFdlPXQTU7n8W9VbsVTP245DcAJAUQeAZZfkJE/Q8ZlWgwj7CqKl6YiPvKbQFO7PWS7rSwbVtSSZUhJSj5YzjbkKtyXR5fP9VQDEieMU

Group Policy Preference Password Finder (GP3Finder) 5.0.0
Copyright (C) 2020 Oliver Morton
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See GPLv2 License.

INFO: gp3finder: Decrypted password is 38 characters.
INFO: gp3finder: --------------------------------------
INFO: gp3finder: vulncon{s3cur1ty_h4s_3volv3d_s0__much}
INFO: gp3finder: --------------------------------------
```

Comments