TheBlacksheep->Homepage->Challenges->Questions, Hints->My first challenge published

Topic: "My first challenge published" (page 2 of 2)

< 1 2
Author Post
unknown user
RE: My first challenge published
yes, that does sounds like him.
17.09.2007 22:02:41
EMail
sniperkid
groupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmaster
RE: My first challenge published
QuoteQuote:
I'm guessing people are just scared to run PHP code from me on their servers.


damn straight :nono:.
United Kingdom18.09.2007 13:34:43
private message Website
unknown user
RE: My first challenge published
QuoteQuote from sniperkid:
QuoteQuote:
I'm guessing people are just scared to run PHP code from me on their servers.


damn straight :nono:.



If you can't audit 30 lines of code to determin wether or not they are safe, suspicious, or evil. Maybe that's just your failing.
strlen
stripslashes
isset
base64_encode base64_decode
md5

nothing is printed to the html, that is not either an md5 or base64 encoded. If you don''t trust the stripslashes, remove them you only make the challenge harder.

I used brainfuck because it is so obviously secure. But do try and find vulnerabilities.
18.09.2007 13:56:09
EMail
unknown user
RE: My first challenge published
Here's that zip challenge. And yes it's full of linguistic mistakes. It was created ages ago, and I just didn't care. Plus it adds to the mystique of the challenge :)

you can get the zipfile by pasting these bytes to an application that can handle them
 50 4b 03 04 14 00 00 00 08 00 00 00 00 00 bf 04 4e 4e e1 06 00 00 20 04 00 00 0d 00 00 00
 63 68 61 6c 6c 65 6e 67 65 2e 74 78 74 00 48 01 b7 fe 25 25 25 25 25 25 25 25 25 25 25 25
 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25
 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25
 25 25 25 25 25 25 0d 0a 25 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 25 0d 0a 25 09
 09 09 52 68 69 63 61 6e 27 73 20 5a 69 70 20 43 68 61 6c 6c 65 6e 67 65 09 09 09 09 20 20
 20 20 20 25 0d 0a 25 09 09 09 09 09 20 20 20 20 20 20 20 20 20 20 20 20 52 68 69 63 61 6e
 32 30 30 30 40 79 61 68 6f 6f 2e 63 6f 6d 20 20 20 20 20 25 0d 0a 25 25 25 25 25 25 25 25
 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25
 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25
 25 25 25 25 25 25 25 25 25 25 0d 0a 0d 0a 0d 0a 50 01 00 fe ff 4f 88 01 00 fe ff 6b a0 01
 00 fe ff 2c 30 01 00 fe ff 20 50 01 00 fe ff 6c 40 01 00 fe ff 65 10 01 00 fe ff 74 80 01
 00 fe ff 20 60 01 00 fe ff 6d 28 01 00 fe ff 65 c8 01 00 fe ff 20 b8 01 00 fe ff 6a 30 01
 00 fe ff 75 e8 01 00 fe ff 73 d8 01 00 fe ff 74 78 01 00 fe ff 20 70 01 00 fe ff 73 48 01
 00 fe ff 74 90 01 00 fe ff 61 10 01 00 fe ff 72 00 01 00 fe ff 74 d0 01 00 fe ff 20 58 01
 00 fe ff 6f 98 01 00 fe ff 66 20 01 00 fe ff 66 08 01 00 fe ff 20 20 01 00 fe ff 62 30 01
 00 fe ff 79 90 01 00 fe ff 20 88 01 00 fe ff 74 18 01 00 fe ff 65 20 01 00 fe ff 6c 30 01
 00 fe ff 6c 68 01 00 fe ff 69 38 01 00 fe ff 6e 30 01 00 fe ff 67 20 01 00 fe ff 20 60 01
 00 fe ff 79 50 01 00 fe ff 6f a0 01 00 fe ff 75 70 01 00 fe ff 3a 60 01 00 fe ff 20 00 01
 00 fe ff 74 00 01 00 fe ff 68 00 01 00 fe ff 61 00 01 00 fe ff 74 00 01 00 fe ff 20 00 01
 00 fe ff 74 00 01 00 fe ff 68 00 01 00 fe ff 65 00 01 00 fe ff 20 00 01 00 fe ff 70 00 01
 00 fe ff 61 00 01 00 fe ff 73 00 01 00 fe ff 73 00 01 00 fe ff 77 00 01 00 fe ff 6f 00 01
 00 fe ff 72 00 01 00 fe ff 64 00 01 00 fe ff 20 00 01 00 fe ff 69 00 01 00 fe ff 73 00 01
 00 fe ff 20 00 01 00 fe ff 69 00 01 00 fe ff 6e 00 01 00 fe ff 20 00 01 00 fe ff 54 00 01
 00 fe ff 68 00 01 00 fe ff 69 00 01 00 fe ff 73 00 01 00 fe ff 0d 00 01 00 fe ff 0a 00 01
 00 fe ff 70 00 01 00 fe ff 61 00 01 00 fe ff 72 00 01 00 fe ff 61 00 01 00 fe ff 67 00 01
 00 fe ff 72 00 01 00 fe ff 61 00 01 00 fe ff 70 00 01 00 fe ff 68 00 01 00 fe ff 2c 00 01
 00 fe ff 20 00 01 00 fe ff 61 00 01 00 fe ff 6e 00 01 00 fe ff 64 00 01 00 fe ff 20 00 01
 00 fe ff 6f 00 01 00 fe ff 6e 00 01 00 fe ff 6c 00 01 00 fe ff 79 00 01 00 fe ff 20 00 01
 00 fe ff 69 00 01 00 fe ff 6e 00 01 00 fe ff 20 00 01 00 fe ff 74 00 01 00 fe ff 68 00 01
 00 fe ff 69 00 01 00 fe ff 73 00 01 00 fe ff 20 00 01 00 fe ff 70 00 01 00 fe ff 61 00 01
 00 fe ff 72 00 01 00 fe ff 61 00 01 00 fe ff 67 00 01 00 fe ff 72 00 01 00 fe ff 61 00 01
 00 fe ff 70 00 01 00 fe ff 68 00 01 00 fe ff 2e 00 01 00 fe ff 20 00 01 00 fe ff 49 00 01
 00 fe ff 74 00 01 00 fe ff 27 00 01 00 fe ff 73 00 01 00 fe ff 20 00 01 00 fe ff 68 00 01
 00 fe ff 69 00 01 00 fe ff 64 00 01 00 fe ff 64 00 01 00 fe ff 65 00 01 00 fe ff 6e 00 01
 00 fe ff 20 00 01 00 fe ff 69 00 01 00 fe ff 6e 00 01 00 fe ff 20 00 01 00 fe ff 68 00 01
 00 fe ff 65 00 01 00 fe ff 72 00 01 00 fe ff 65 00 01 00 fe ff 20 00 01 00 fe ff 73 00 01
 00 fe ff 6f 00 01 00 fe ff 6d 00 01 00 fe ff 65 00 01 00 fe ff 68 00 01 00 fe ff 6f 00 01
 00 fe ff 77 00 01 00 fe ff 2e 01 4d 02 b2 fd 0d 0a 0d 0a 0d 0a 54 68 65 20 63 6c 75 65 20
 6f 66 66 63 6f 75 72 73 65 20 69 73 20 66 69 67 75 72 69 6e 67 20 6f 75 74 3a 20 0d 0a 48
 6f 77 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 79 6f 75 20 6c 6f 6e 67 20 66 6f 72 20 73
 6f 20 6d 75 63 68 20 69 73 20 68 69 64 64 65 6e 2c 20 69 6e 20 74 68 65 20 70 72 65 76 69
 6f 75 73 20 70 61 72 61 67 72 61 70 68 2e 0d 0a 0d 0a 0d 0a 49 6e 73 74 65 61 64 20 6f 66
 20 6a 75 73 74 20 74 65 6c 6c 69 6e 67 20 79 6f 75 20 68 6f 77 20 74 6f 20 64 6f 20 74 68
 69 73 2c 20 49 27 6c 6c 20 67 69 76 65 20 79 6f 75 20 61 20 63 6c 75 65 73 20 61 6e 64 20
 68 69 6e 74 73 2e 20 0d 0a 54 68 65 72 65 20 61 72 65 20 73 65 76 65 72 61 6c 20 63 6c 75
 65 73 20 61 6e 64 20 68 69 6e 74 73 20 73 63 61 74 74 65 72 65 64 20 74 68 72 6f 75 67 68
 6f 75 74 20 74 68 69 73 20 63 68 61 6c 6c 65 6e 67 65 2e 20 48 6f 77 65 76 65 72 20 54 6f
 20 0d 0a 67 65 74 20 79 6f 75 20 73 74 61 72 74 65 64 20 73 6f 6c 76 65 20 70 61 72 74 20
 31 2e 0d 0a 0d 0a 0d 0a 4f 77 20 61 6e 64 20 62 65 66 6f 72 65 20 49 20 6c 65 61 76 65 20
 79 6f 75 20 74 6f 20 69 74 2c 20 69 20 73 68 6f 75 6c 64 20 70 72 6f 62 61 62 6c 79 20 74
 65 6c 6c 20 79 6f 75 20 49 20 68 61 74 65 20 20 0d 0a 77 61 73 74 69 6e 67 2f 73 6b 69 70
 69 6e 67 20 62 69 74 73 20 69 6e 20 70 61 72 74 69 61 6c 6c 79 20 70 72 6f 63 65 73 73 65
 64 20 62 79 74 65 73 2e 0d 0a 0d 0a 0d 0a 0d 0a 70 61 72 74 20 31 3a 0d 0a 0d 0a 68 74 74
 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 61 72 63 68 3f 68 6c 3d 6e
 6c 26 69 65 3d 55 54 46 2d 38 26 71 3d 5b 30 78 37 32 20 30 78 36 36 20 30 78 36 33 5d 2b
 5b 79 65 61 72 20 6f 66 20 62 69 72 74 68 20 6f 66 20 22 54 68 65 20 41 66 72 69 63 61 6e
 20 51 75 65 65 6e 22 5d 26 6d 65 74 61 3d 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 52 68
 69 63 61 6e 50 4b 01 02 14 00 14 00 00 00 08 00 d6 04 25 31 bf 04 4e 4e e1 06 00 00 20 04
 00 00 0d 00 00 00 00 00 00 00 01 00 20 00 b6 81 00 00 00 00 63 68 61 6c 6c 65 6e 67 65 2e
 74 78 74 50 4b 05 06 00 00 00 00 01 00 01 00 3b 00 00 00 0c 07 00 00 00 00


in *nix you can probably just type this:
QuoteQuote:

for i in $(cat bytes); do echo -ne "\x$i">>challenge.zip;done


alternatively you can download it linkhere

The solution is pretty simple. Basically a zipfile is a collection of sections. deflate uses huffman, which replaces common bit sequences with shorter sequences. Hence the headers are bit streams. However you can also include files in zip files uncompressed. The sections then look like this:

BFINAL BTYPE [wasted bits until next byte boundary] LEN NLEN [uncompressed data]

BFINAL: 1 bit, 0 for all sections except the last
BTYPE: 2bit's 00 means uncompressed
5 bits are leftover in the byte
LEN: the amount of bytes in this section, 2 bytes little endian
NLEN: complete waste but, 2 more bytes which are the 1's complement of LEN
DATA: de literal data that was stored uncompressed

The 5 bits that were skipped in this file were filled with some non random bits that once extracted got you a nice password sentence. I created a lot of sections with only 1 byte of uncompressed data. That's why you see a lot of 0100FEFF, which are the LEN and NLEN fields


On a linux system you can solve this challenge by typing this into a terminal

QuoteQuote:

od challenge.zip -An -v -tx1 |tr -d '\n ' |tr '[:lower:]' '[:upper:]' | sed -r "s/(..)0100FEFF/\nobase=2;ibase=16;\1\n/g"|grep obase|bc 2>/dev/null |sed "s/^/00000000/g"|rev |cut -c 4-8|rev|tr -d '\n'| sed -r "s/......../ibase=2\;\0\n/g" |grep 1|bc|sed "s/^/obase=16;/g"|bc|sed "s/^/\\\\\\\\x/g" |xargs echo -en


Can anybody find the password?
22.09.2007 14:26:40
EMail

Topic: "My first challenge published" (page 2 of 2)

< 1 2