Skip to main content

call_me

Challenge

Imported from local notes.md.

Solution

Original Notes

call_me

Challenge Summary

  • Given: a bcrypt hash in the prompt and no downloadable files.
  • Goal: recover the plaintext password and submit it as CIT{password}.
  • Constraints: live CTF challenge, no attached files, no extra hint text beyond the title Call me, maybe? No… wrong decade.

Initial Recon / Triage

  • Observations:
    • The challenge description only contained a bcrypt hash: $2b$10$Ni0U3D5ibg1NY6G/k8CDHuXG7m/WNZzuV/9PDPnRzgKs4wUjaTwGO.
    • There were no starting files, so the solve path had to be password recovery.
    • The title suggested a song reference. Call Me Maybe was explicitly the wrong decade, so older phone/song references were the likely clue source.
  • File identification:
    • artifacts/hash.txt and artifacts/hashcat.hash store the target hash.
    • artifacts/check_direct_candidates.py checks a curated list of exact clue-derived candidates with bcrypt.checkpw.
    • artifacts/test_candidates.py, artifacts/clue_words.txt, artifacts/focused_roots.txt, and artifacts/generate_lyric_candidates.py were intermediate helper artifacts used while narrowing the search space.
  • Entry points:
    • Direct candidate testing against the bcrypt hash.
    • Focused cracking based on old song and phone-number references rather than blind brute force.

Hypotheses & Approach

  • Hypothesis 1: the title referred to Blondie's 1980 song Call Me, so artist, soundtrack, and lyric phrases were worth testing.
  • Hypothesis 2: the title more generally pointed at older telephone-themed songs, especially 867-5309/Jenny, which fit the call me theme better than the modern Call Me Maybe reference.

Execution Steps (Reproducible)

Stage 1

Commands:

cd /root/cit2026CTF/call_me
printf '%s\n' '$2b$10$Ni0U3D5ibg1NY6G/k8CDHuXG7m/WNZzuV/9PDPnRzgKs4wUjaTwGO' > artifacts/hash.txt

Results:

  • Confirmed the challenge is a pure bcrypt recovery task with no attached files.

Stage 2

Commands:

cd /root/cit2026CTF/call_me
python3 artifacts/check_direct_candidates.py

Results:

  • The exact-candidate checker returned HIT 8675309jenny.
  • Submitting CIT{8675309jenny} to the platform was accepted as correct.

Stage 3

Commands:

curl -sS -X POST \
	-H 'Authorization: Token ctfd_abf40df278189b08d8eb5d8a9a089891b6c358e927025c14f3a3ba723ef578f4' \
	-H 'Content-Type: application/json' \
	-d '{"challenge_id":35,"submission":"CIT{8675309jenny}"}' \
	https://ctf.cyber-cit.club/api/v1/challenges/attempt

Results:

  • API response returned status: correct.

Artifacts Produced

  • artifacts/hash.txt
  • artifacts/hashcat.hash
  • artifacts/check_direct_candidates.py
  • artifacts/test_candidates.py
  • artifacts/clue_words.txt
  • artifacts/focused_roots.txt
  • artifacts/generate_lyric_candidates.py
  • artifacts/lyric_candidates.txt

Flag

CIT{8675309jenny}