SAM, I am
Challenge
Imported from local notes.md.
Solution
Original Notes
SAM, I am
Challenge Summary
- Given: a dumped SAM-hive style challenge with a stated password policy of 5 characters plus complexity and a single hash:
97a3e51e5a006eccac91e0ceabd4965b. - Goal: recover the password and wrap it as
CIT{password}. - Constraints: no file attachment; the challenge is purely a hash-identification and password-recovery task.
Initial Recon / Triage
- Observations: the challenge text explicitly references a dumped SAM hive, which strongly suggests an NTLM hash rather than MD5.
- File identification: the hash length is 32 hex characters, which is consistent with NTLM/MD4 output.
- Entry points: verify the password candidate by hashing it as UTF-16LE with MD4, the standard NTLM construction.
Hypotheses & Approach
- Hypothesis 1: the target digest is an NTLM hash because the prompt specifically mentions the Windows SAM hive.
- Hypothesis 2: the correct password satisfies the 5-character complexity policy with uppercase, lowercase, digit, and symbol classes.
Execution Steps (Reproducible)
Stage 1
Commands:
cd /root/cit2026CTF/SAM_I_am
python3 - <<'PY'
import hashlib
print(hashlib.new('md4', 'C1t!!'.encode('utf-16le')).hexdigest())
PY
Results:
- The NTLM hash of
C1t!!is97a3e51e5a006eccac91e0ceabd4965b, which matches the challenge exactly.
Stage 2
Commands:
cd /root/cit2026CTF/SAM_I_am/artifacts
python3 solve_sam.py
cat password.txt
cat accepted_flag.txt
Results:
- The recovered password is
C1t!!. - Wrapping it per the prompt yields the final flag
CIT{C1t!!}.
Artifacts Produced
artifacts/hash.txt: the provided target hash.artifacts/solve_sam.py: reusable NTLM verifier for the accepted password.artifacts/password.txt: recovered password.artifacts/accepted_flag.txt: final wrapped flag.
Flag
CIT{C1t!!}