Hash Me If You Can

Written by kova.tuuli

For this challenge, my initial thought was to write a simple JavaScript script to extract the message from the page and hash it using SHA–512. Then, I would do a page redirect to the correct page. The script I wrote is shown below. (The function sha512 was found on StackOverflow)

function sha512(str) {
    return crypto.subtle.digest('SHA-512', new TextEncoder("utf-8").encode(str)).then(buf => {
        return Array.prototype.map.call(new Uint8Array(buf), x=>(('00'+x.toString(16)).slice(-2))).join('');
    });
}

let message = document.querySelector('.message')
let messageText = message.innerText.split('\n')[1]

window.location = `http://challenges.ringzer0team.com:10013/?r=${sha512(messageText)}`

I attempted to run this. However, because the site is served over HTTP instead of HTTPS, the browser didn’t allow access to crypto.subtle. I tried to find a way to bypass this, including using fetch from an HTTPS site, but nothing worked.

So I turned to scripting on my own machine in Nushell. I wrote the following script that accomplished the task:

#!/usr/bin/env nu

let message = (
        http get "http://challenges.ringzer0team.com:10013" # get the original page
        | lines # split into lines
        | get 39 # get the 40th line, which contains the message
        | str trim # trim whitespace
        | split row "<" # get rid of the <br> tag
        | get 0 # get rid of the <br> tag
)

let sha_hash = (
        $message
        | sha512sum # hash the message
        | split row " " # get rid of the extra ' -'
        | get 0 # get rid of the extra ' -'
)

let url = $"http://challenges.ringzer0team.com:10013/?r=($sha_hash)" # set up the response URL
http get $url | grep --ignore-case --only-matching 'FLAG-[a-z0-9]*' # get the flag from the response