Another Wednesday, another mission. This time we've got a vulnerability that allows leaking any via as a image - link :)
So we download the attached image and got this:
The immediate conclusion is that the bars represent chars in the file and the ascii value are represented by the bar height. Let's verify this with a short python script
What we do hear we get the height of each bar in a very naive approch - but it's enough here. We don't need anything fancy. After running the script we get the mentioned script.
So the password we are looking for is a 25 char that we have a md5 hash for. It would be impossible to find it without helps in the file. In the script we see that there's additional check for every 5 characters in the pass. We can use that. Quick search in google does not result in any hashes found so we are forecd to crack them on our own.
Probably here we could write something fancy but the most important part is to select a correct charset.
Our script is like this:
My initial approch was to select only lower & upper case letters and I've quickly got some parts of the password but the others were missing.
After running outside the range I was sure that clearly the charset was selected the wrong way. Later I've extended it by whitespace & punctuation - and that was good approch. Running the script again revealed the rest of the pass:
Pie charts are delicious!