mrn00b0t

Interfacing between technophile and technophobe

Password in a Haystack

This is my solution to the McAfee ATR Hax 2021 forensics challenge Password in a Haystack. You are provided with a username (steve557), a text file containing thousands of passwords, and a set of password rules. Only one of the thousands of passwords will meet the rules.

The rules are as follows:

  • All passwords must be 6-12 printable characters in length
  • Each password must contain at least 3 unique digits
  • Passwords must not contain 3 consecutive characters of the username, nor its reverse

Important thing to note – digits means numbers, not characters!

I solved this using Python; as always I am MrN00b0t so there may be a neater answer!

rawfile = open("output.txt", "r")
rawpass = rawfile.readlines()
consec = []
user = "steve557"
revuser = "755evets"
i = 0
#create list of username segments of three consecutive characters
while i < 6:
    consec.append(user[i:i+3])
    consec.append(revuser[i:i+3])
    i+=1
for rawpassword in rawpass:
    password = rawpassword.strip().lower()
    digitcount = 0
    #count the number of unique digits
    for elem in set(password):
        if elem in "0123456789":
            digitcount += 1
    #check three of the password logic statements
    if (5 < len(password) < 13) and password.isprintable() and (digitcount > 2):
        j = 0
        usernotinpass = True
        #where the first three checks are passed, perform the final check
        while j < len(consec):
            if consec[j] in password:
                usernotinpass = False
            j += 1
        #only the correct password can reach this point with usernotinpass = True
        if usernotinpass:
            print("ATR[" + password + "]")

When run, this spits out the flag ATR[1-r-d4-n33dl]

%d bloggers like this: