This is my solution to the McAfee ATR Hax 2021 forensics challenge Password in a Haystack. You are provided with a username (steve557), a text file containing thousands of passwords, and a set of password rules. Only one of the thousands of passwords will meet the rules.
The rules are as follows:
- All passwords must be 6-12 printable characters in length
- Each password must contain at least 3 unique digits
- Passwords must not contain 3 consecutive characters of the username, nor its reverse
Important thing to note – digits means numbers, not characters!
I solved this using Python; as always I am MrN00b0t so there may be a neater answer!
rawfile = open("output.txt", "r")
rawpass = rawfile.readlines()
consec = []
user = "steve557"
revuser = "755evets"
i = 0
#create list of username segments of three consecutive characters
while i < 6:
consec.append(user[i:i+3])
consec.append(revuser[i:i+3])
i+=1
for rawpassword in rawpass:
password = rawpassword.strip().lower()
digitcount = 0
#count the number of unique digits
for elem in set(password):
if elem in "0123456789":
digitcount += 1
#check three of the password logic statements
if (5 < len(password) < 13) and password.isprintable() and (digitcount > 2):
j = 0
usernotinpass = True
#where the first three checks are passed, perform the final check
while j < len(consec):
if consec[j] in password:
usernotinpass = False
j += 1
#only the correct password can reach this point with usernotinpass = True
if usernotinpass:
print("ATR[" + password + "]")
When run, this spits out the flag ATR[1-r-d4-n33dl]
mrn00b0t 