confident-hashes
SRC: https://library.m0unt41n.ch/challenges/confident-hashesThis challenge allows the "breaching" of the admin hash and the goal is too reverse the hash function too obtain the password.
Under the hood, this custom hash operates on 32 nibbles (4‑bit words), repeatedly XOR’ing in the low 4 bits of each password character.
Python:
H = "admin_hash"
pwd = []
for i in range(32):
idx = (i*13) % 32
d = int(H[idx], 16)
n = d ^ 12
if n < 10:
pwd.append(chr(ord('0') + n))
else:
pwd.append(chr(58 + (n-10)))
password = ''.join(pwd)
print(password)Once the password was recovered we can login as admin and obtain the flag.
