247CTF - The Encrypted Flag

Posted on 2026-02-26 Edited on 2026-02-27 In ctf Views: Disqus: Word count in article: 105 Reading time ≈ 1 mins.

Decrypt an OpenSSL-encrypted file. The file was encrypted with openssl enc using a password.

Vulnerability

OpenSSL's enc command uses EVP_BytesToKey for password derivation, which is relatively weak compared to modern key derivation functions. Common passwords can be cracked with a good wordlist.

Solution

Step 1: Identify the encryption

1 2	file encrypted_flag.enc encrypted_flag.enc: openssl enc'd data with salted password

Step 2: Convert to crackable format

1	openssl2john encrypted_flag.enc > hash

Step 3: Crack the password

1
2
3

john hash --wordlist=rockyou.txt
john --show hash
encrypted_flag.enc:*7¡Vamos!

Step 4: Decrypt

1	openssl enc -d -aes-256-cbc -in encrypted_flag.enc -pass pass:"Vamos!" -out flag

247CTF{flag_content_here}