RHme2 (Riscure Hack me 2) was a hardware based CTF challenge started back in 2016. Although it’s already over you can download the challenges from their Github page.
All you need is an Arduino (or Arduino compatible) board with an atmega328p chip (Arduino UNO or Arduino Nano). In this post we will solve this challenge by brute forcing it using a second Arduino.
Stuff needed to solve this challenge:
On a recent pentest I got root access to a MySQL database hosting a PHP web application and also an instance of Piwik. I was able to extract the credentials from the database and crack them really fast because they were only hashed using MD5. It looks like Piwik introduced stronger hashes in Piwik 3 but luckily this target is still running version 2.Read more