Avatar

Labs / Get the Password

  • Challenge
  • Released 20 Jun 2025

Get the Password

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

1
Flags
1
Points
Challenge
Solution Available
Pro Exclusive
Start Lab Environment
~1-2 min setup
AWS dedicated
Private instance
Industry standard
Challenge

Solution Steps

1. Understanding the Challenge

The challenge presents a login form with client-side MD5 validation. The password is a common password that exists in MD5 rainbow tables.

2. Opening the Challenge

Open the challenge page in your web browser. You'll see a login form with username and password fields.

3. Accessing Developer Tools

Right-click on the page and select "Inspect" or press F12 to open the browser's Developer Tools. Navigate to the "Console" tab or look at the "Sources" tab to find the JavaScript code.

4. Analyzing the JavaScript Code

In the JavaScript code, you'll find several important elements:

  • A complete MD5 implementation function (very long function with many helper functions)
  • A stored hash variable: const storedHash = "5416d7cd6ef195a0f7622a9c56b55e84"
  • A validation function that compares the MD5 hash of the entered password with the stored hash

5. Understanding the Validation Logic

The validation works as follows:

  1. User enters a password in the password field
  2. JavaScript calculates the MD5 hash of the entered password using the md5() function
  3. If the calculated hash matches the stored hash "5416d7cd6ef195a0f7622a9c56b55e84", login is successful
  4. The flag (the password) is displayed in the success message

6. Finding the Password

Since the password exists in common MD5 rainbow tables, you can use several methods:

Method 1: Using Online MD5 Reverse Lookup

Use an online MD5 reverse lookup tool:

  1. Go to a website like md5decrypt.net, crackstation.net, or hashkiller.co.uk
  2. Enter the hash: 5416d7cd6ef195a0f7622a9c56b55e84
  3. The tool should return the original password

Method 2: Using Command Line Tools

If you have hashcat installed:

hashcat -m 0 -a 0 5416d7cd6ef195a0f7622a9c56b55e84 /path/to/wordlist.txt

Method 3: Using Python Script

You can write a simple Python script to test common passwords:

import hashlib

target_hash = "5416d7cd6ef195a0f7622a9c56b55e84"
common_passwords = ["password", "123456", "admin", "1q2w3e4r", "qwerty"]

for password in common_passwords:
    md5_hash = hashlib.md5(password.encode()).hexdigest()
    if md5_hash == target_hash:
        print(f"Found password: {password}")
        break

Method 4: Using Browser Console

You can also test passwords directly in the browser console:

  1. Open the browser console (F12)
  2. Test the MD5 function with common passwords:
  3. md5("password")
  4. md5("123456")
  5. md5("1q2w3e4r")
  6. Compare the results with the stored hash

7. Getting the Flag

The correct password is: 1q2w3e4r

8. Verification

To verify the solution:

  1. Enter any username in the username field
  2. Enter "1q2w3e4r" in the password field
  3. Click the Login button
  4. The page should show: "Login successful! The flag is: 1q2w3e4r"

9. Technical Details

  • The challenge uses a complete MD5 implementation in JavaScript
  • The stored hash is: 5416d7cd6ef195a0f7622a9c56b55e84
  • The password "1q2w3e4r" is a common test password that exists in many MD5 rainbow tables
  • No server-side validation is used; everything is client-side
  • The MD5 function implements the full MD5 algorithm with all four rounds and proper padding

10. Learning Points

  • Client-side password validation can be easily analyzed and bypassed
  • MD5 hashes of common passwords are easily cracked using rainbow tables
  • Never store sensitive information like passwords in client-side code
  • Always use server-side validation for security-critical operations
  • MD5 is considered cryptographically broken and should not be used for password hashing

11. Alternative Approaches

If the above methods don't work, you can also:

  • Use John the Ripper: john --format=raw-md5 --wordlist=/path/to/wordlist.txt hash.txt
  • Use online hash databases like hashkiller.co.uk or crackstation.net
  • Try common password lists like rockyou.txt
  • Use tools like hashcat with different attack modes

12. Security Implications

This challenge demonstrates several security issues:

  • Client-side password validation is inherently insecure
  • MD5 hashes can be easily reversed using rainbow tables
  • Storing sensitive data in client-side code exposes it to analysis
  • Proper password security requires server-side validation and strong hashing algorithms