rishitsaiya · vivian-dai · Sep 7, 2021 · Dec 11, 2021
diff --git a/Miscellaneous/My Friend John/MyFriendJohn.zip b/Miscellaneous/My Friend John/MyFriendJohn.zip
diff --git a/Miscellaneous/My Friend John/README.md b/Miscellaneous/My Friend John/README.md
@@ -0,0 +1,21 @@
+## My Friend John
+The main idea is learning how to use tools for cracking password protected zip files.
+
+#### Step-1:
+We can open [`MyFriendJohn.zip`](./MyFriendJohn.zip) using [7zip](https://www.7-zip.org/) and extract `use-rockyou.zip`.
+
+#### Step-2:
+Now we need a password to open `use-rockyou.zip`. There's a really popular wordlist called rockyou which can be downloaded [here](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt).
+
+#### Step-3:
+We can use [fcrackzip](https://github.com/hyc/fcrackzip)'s dictionary attack: `fcrackzip -v -u -D -p rockyou.txt use-rockyou.zip` using rockyou.
+
+#### Step-4:
+We now see `custom-list.txt` and `custom-list.zip`. We can use the custom word list to unlock the the zip file: `fcrackzip -v -u -D -p custom-list.txt custom-list.zip`.
+
+#### Step-5:
+The last zip file is called `brute-force-pin.zip`. A pin is usually between 4 and 6 numeric digits. `fcrackzip -b -c "1" -l 4-6 -v -u brute-force-pin.zip`. The `-c "1"` means only use numeric digits when bruteforcing.
+
+#### Step-6:
+Finally we get a `flag.txt` and the flag becomes:
+`CTFlearn{s0_n0W_y0uv3_M3t_J0hN}`
diff --git a/Programming/The Credit Card Fraudster/README.md b/Programming/The Credit Card Fraudster/README.md
@@ -0,0 +1,17 @@
+## The Credit Card Fraudster
+The main idea is checking numbers in a given range against the Luhn algorithm
+
+#### Step-1:
+Implement the Luhn algorithm which works like this:
+1. Start from the least significant (right most) digit
+2. Take the sum of the digits from right to left but double every second digit. If the digit doubled is greater than 10, take the sum of the digits on that doubled value
+3. If the final value can divide evenly into 10, passes the Luhn check, otherwise it does not
+
+#### Step-2:
+Now we need to get the range of numbers that fit the credit card number in the format of `543210******1234`. This would mean all numbers from `5432100000001234` to `5432109999991234` with an increment of `10000`
+
+#### Step-3:
+Loop through all possible numbers, check if it's divisible by `123457` and passes the Luhn check.
+
+#### Step-4:
+The flag is revealed after running the script.
diff --git a/Programming/The Credit Card Fraudster/solve.py b/Programming/The Credit Card Fraudster/solve.py
@@ -0,0 +1,27 @@
+min_val = 5432100000001234
+max_val = 5432109999991234
+inc = 10000
+
+def luhn_check(num):
+    def sum_of_digits(n):
+        s = str(n)
+        t = 0
+        for c in s:
+            t += int(c)
+        return t
+
+    string = str(num)
+    total = 0
+    double = False
+    for i in range(len(string) - 1, -1, -1):
+        c = string[i]
+        if double:
+            total += int(c)*2 if int(c)*2 < 10 else sum_of_digits(int(c)*2)
+        else:
+            total += int(c)
+        double = not double
+    return total%10 == 0
+
+for i in range(min_val, max_val, inc):
+    if i%123457 == 0 and luhn_check(i):
+        print(i)