$ cat writeup.md…

miscfreeeasy

Cred Hunter

hackthebox

Task: Parse mixed emails and passwords, find valid credential pairs where the firstname from the email appears as a substring in the password. Solution: Extract firstname from email local part (all chars except last), check substring match against all passwords, sort pairs lexicographically.

regex parsing string_matching credential_pairing

substring_searchemail_parsinglexicographic_sorting

$ ls tags/ techniques/

regex parsing string_matching credential_pairing

substring_searchemail_parsinglexicographic_sorting

Cred Hunter - HackTheBox

Challenge Info

Field	Value
Event	HackTheBox
Category	Programming/Misc
Difficulty	Easy
Target	94.237.56.175:43741
Flag	`HTB{th4t_1s_4n_0bvi0us_p41r1ng}`

Description

The data leaked quietly - unnoticed, unguarded, and brimming with opportunity. You're in deep now. A tangle of credentials spilled from a forgotten system connected to CygnusCorp's sprawling digital perimeter. Half garbage, half gold. Somewhere in this chaos are access keys - real names, real logins, real passwords. You just have to find the ones that match.

Analysis

This is a web-based coding challenge using Monaco editor interface. The task involves:

Input: N strings containing a mix of emails and passwords
Email Format: CygnusCorp uses firstname + first_letter_of_lastname@domain
- Example: [email protected] (Alice J.)
- Example: [email protected] (Josh R.)
Valid Pair: An (email, password) pair is valid when the firstname (extracted from email) appears as a substring in the password
Output: All valid pairs sorted lexicographically by email, then by password

Key Insight

The email format firstnameX@domain means:

Local part = firstname + first_letter_of_lastname
Therefore: firstname = local_part[:-1] (remove last character)

For example:

[email protected] -> firstname = lisabeth
[email protected] -> firstname = nevin
[email protected] -> firstname = joice

Solution

Algorithm

Parse input - Read N strings
Classify strings - Separate emails from passwords using regex
Extract firstnames - For each email, get local_part[:-1]
Find pairs - For each (email, password) combination, check if firstname is substring of password
Sort and output - Sort pairs lexicographically (email first, then password)

Python Solution

import re

def solve():
    n = int(input())
    lines = []
    for _ in range(n):
        lines.append(input().strip())
    
    # Email pattern: firstname + first letter of lastname @ domain
    email_pattern = re.compile(r"^[a-z]+@[a-z0-9.-]+\.[a-z]{2,}$", re.IGNORECASE)
    
    emails = []
    passwords = []
    
    for line in lines:
        if "@" in line and email_pattern.match(line):
            local_part = line.split("@")[0]
            if len(local_part) >= 2:
                firstname = local_part[:-1]  # All except last letter
                emails.append((line, firstname))
        else:
            passwords.append(line)
    
    pairs = []
    for email, firstname in emails:
        for password in passwords:
            if firstname in password:
                pairs.append((email, password))
    
    pairs.sort(key=lambda x: (x[0], x[1]))
    
    for email, password in pairs:
        print(f"{email} {password}")

solve()

Example Walkthrough

Input:

17
[email protected]
nevin2024!@
[email protected]
...
[email protected]
2025joiceTheDev!@

Processing:

[email protected] -> firstname = lisabeth
[email protected] -> firstname = nevin
[email protected] -> firstname = joice

Matching:

lisabeth found in lisabeth2024 -> valid pair
nevin found in nevin2024!@ -> valid pair
joice found in 2025joiceTheDev!@ and joiceqwerty2025 -> two valid pairs

Output (sorted):

[email protected] 2025joiceTheDev!@
[email protected] joiceqwerty2025
[email protected] lisabeth2024
[email protected] nevin2024!@

Complexity Analysis

Time: O(N^2 * M) where N = number of strings, M = average string length
- Separating emails/passwords: O(N)
- Checking all pairs: O(emails * passwords * avg_length)
Space: O(N) for storing emails and passwords

Given constraints (N <= 10^4), the O(N^2) approach is acceptable.

Key Indicators

Use this technique when you see:

Email format with embedded name information
Need to correlate credentials based on pattern matching
Substring matching between different data types
Lexicographic sorting requirements

Lessons Learned

Email parsing - Understanding corporate email naming conventions can reveal personal information
Credential correlation - Users often include their name/username in passwords (bad practice!)
Simple solutions work - O(N^2) brute force is often sufficient for CTF constraints
Case sensitivity matters - The matching was case-sensitive (no .lower() needed)