Damjan Cvetko

Damjan Cvetko

Developer, System Architect, Hacker.

1 minute read

Challenge: While Santa was changing his password he was flying very fast through the sky. Normally, the password is successfully changed when he touches 100 stars (iterations). But this time something went wrong and after touching the 10th star (iteration) one reindeer kicked his computer. Now he missed the remaining 90 stars. Can you help us find what password Santa was typing?

This was a tough one, I did not solve it until nearly 3 days later and even then I got a hint about it. I should not that the “iterations” par came as a hint later.

Initially I tried cracking it again. As a 10 characters long password. With 10 SHA2 iterations. Then as some sort of reversible encryption.. In the end it was again much simpler than the hole I initially dug for myself.

If Sana usually touches 100 start (SHA256 iterations) and this time he only did 10, what do you need to do, to get to the actual result? Run SHA256 90 times.

After getting the actual hash? Well, some good old OSINT, or with other words… Just google it.

Googling a14bbace930fc3f38fe3de773bf6bdb65c53ae50556e475acbf8d4e7f23c39ff will get you one hit, a pastebin: https://pastebin.com/i2T8fupQ

Flag: xmas{R3ind33r_Dancer}

What did I learn: Pure brute force usually doesn't help.

Recent posts

See more