How to find a salt in a string

Question

I have a salt that while decoded is not in an openSSL readable format. The salt is in the DES3 encryption standard and looks something like this Salted__}..O.G....^..GZ LbvbJ5eYm...R...,@.M.U...

I know that this flag is formatted incorrectly since whenever I execute openssl des3 -d -salt -in file.des3 -out file.txt -k <password> it returns bad decrypt. I was wondering how the flag is supposed to be formatted and if outside the dots there are any other characters that dont belong

Thank you

Answer 1

Someone's here for picoCTF... eheheh

In the openssl encryption format, for that cipher, the first 8 bytes are the ascii codes for the string "Salted__" and the next 8 bytes represent the salt... So if we have the following "Salted__12345678", as the first 16 bytes from the file, the Salt is "12345678"... But, when trying to decrypt a file using the OpenSSL tool, the tool already knows how to get the salt, and knows the value of the salt, so there's no need for you to get that value, unless you want to use another tool.

(Just a small side-note) If you're indeed doing the picoCTF, you should use the Webshell for the decryption, because of the version of OpenSSL. For some people it worked...

Hope it answered your question.