This is my solution to the McAfee ATR Hax 2021 forensics challenge Password in a Haystack. You are provided with a username (steve557), a text file containing thousands of passwords, and a set of password rules. Only one of the thousands of passwords will meet the rules.
The rules are as follows:
- All passwords must be 6-12 printable characters in length
- Each password must contain at least 3 unique digits
- Passwords must not contain 3 consecutive characters of the username, nor its reverse
Important thing to note – digits means numbers, not characters!
I solved this using Python; as always I am MrN00b0t so there may be a neater answer!
rawfile = open("output.txt", "r") rawpass = rawfile.readlines() consec =  user = "steve557" revuser = "755evets" i = 0 #create list of username segments of three consecutive characters while i < 6: consec.append(user[i:i+3]) consec.append(revuser[i:i+3]) i+=1 for rawpassword in rawpass: password = rawpassword.strip().lower() digitcount = 0 #count the number of unique digits for elem in set(password): if elem in "0123456789": digitcount += 1 #check three of the password logic statements if (5 < len(password) < 13) and password.isprintable() and (digitcount > 2): j = 0 usernotinpass = True #where the first three checks are passed, perform the final check while j < len(consec): if consec[j] in password: usernotinpass = False j += 1 #only the correct password can reach this point with usernotinpass = True if usernotinpass: print("ATR[" + password + "]")
When run, this spits out the flag ATR[1-r-d4-n33dl]