Spoiler Alert

challenge at https://ringzer0ctf.com/challenges/51

I Lost my password can you find it?

First, download the file and unzip it.
In order to resolve this challenge, you need to decrypt something called “cpassword” that is easy thanks to this:“Microsoft published the AES encryption key used to protect cpassword attributes in Group Policy preference items (CVE-2014-1812 / MS14-025).”
If you use Windows, you can download this program that does not require installation: https://bitbucket.org/grimhacker/gpppfinder/downloads/

Once downloaded you have to find the following file inside the unzipped challenge file: Policies\{75DE8F0A-DEC0-441F-AE29-90DFAFCF632B}\User\Preferences\Groups\Groups.xml
Once opened, you will see: cpassword=PCXrmCkYWyRRx3bf+zqEydW9/trbFToMDx6fAvmeCDw
This base64 string is broken. You need to add “=” at the end to make it fine.

Once done, execute the program with that base64 password and you will get the following:

gp3finder_v5.0.exe -D PCXrmCkYWyRRx3bf+zqEydW9/trbFToMDx6fAvmeCDw=

Group Policy Preference Password Finder (GP3Finder) 5.0.0
Copyright (C) 2020 Oliver Morton
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See GPLv2 License.

INFO: gp3finder: Decrypted password is 10 characters.
INFO: gp3finder: ———-
INFO: gp3finder: LocalRoot!
INFO: gp3finder: ———-

Author : Puckiestyle


Posted on

Leave a Reply

Your email address will not be published. Required fields are marked *