Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Kimmax Tried attach the short string in front(or end), then decode with base64. Got some binary code. Save it in a file, then test with trid. But cannot find file type. Could you give some help?
-
@Kimmax After base64 decode the long string. Found b'3\x01x\xc8*\xb6' are both in short and long. After remove it, still no clue. T_T
-
oh geez... I'm thinking this all night. Still cant figure out the answer.
However, find multiple bugs on the devRant new desktop page.
Eg:
console.log;
duplicate input key ('password');
the js code are mixed with tab and 4 space, and not minified;
the delete button is binded to class '.rantlist-delete', which doesn't work;
the http request for fetching badges sending every 3s with unencrypted query string on URL; -
Kimmax111067y@sunfishcc there is no such thing as an "unencrypted query", well besides really transmitting encrypted data. This fields are being protected by the transport layer (HTTPS) and while it might not be common to transmit these fields in a GET query parameter, it's standard to send these as cookies, which are as exposed as query parameters. Just hit up some random site and the chance that you'll see PHP session ids being transmitted is high and they are as valuable as those tokens.
-
@Kimmax sorry for lack of security knowledge. I'm working on this part. Definitely learn something.
-
Kimmax111067y@sunfishcc asking is the first step to learn something new :)
And you're not the first one thinking about that one. I wrote a little bit more detailed post to shed some light on this: https://devrant.com/rants/1256569/
Hope this helps -
Kimmax111067y@rellic absolutely! Keep the result to yourself for now please, I think I'll drop a big hint for others to come in the evening or something :)
Do you think I should keep this target skill level or but some more beef into it? -
.
..
...
....
.....
......
.......
........
.........
..........
.........
........
.......
......
.....
....
...
..
. -
Got it! The parser was not happy about it at first but after slight modification it parsed it
-
Oops next time tell people to keep it for themselves in the start post. I accidentally shared the first part because I'm not in the mood to decode the message itself xD
-
@Kimmax
wcBMAxqqW80aYJqQAQgAcMWwQKYwEVcxfycxE7fvCcRdVY8EjgzqA1rKazFSMYwm
gTUv82W0jpFmegKSitlNW465ZPTnkEsS2FSTsonNa7vnVcH7eYFPFF8VMoI3cf7d
GALd7J7vzWuIPbw2Zbx5uUAxFhRQZxNdEu9S7hP7JB+n1V+NoRLpo6CEL5wiEb5G
ri6IJIZpb4ajiEBNwHvRbaUywglIc+oZnFQlEsw48VA9uMWWIaBKbo8wX+qoIUyM
9PhFaNIhaaV9njqk1EKQY6ltPmC7cire+gm5BBU3OVu3arEV6dLxAiSiUQLIZFWB
L5cbQTvuxqKuLOaVt5j6glDcLV74Tkt6T1FoqU7YUNLgAeSserCUk9z3JXRlOMKy
ccTu4WT04GXgs+HaB+CK4lFAyUzg8uVhUwBXLTvpZHml4Jje4F3R8fd1cNNZdIeo
Q8SfwePK+OCG4ww1H5Qml3IM4C3iEs3TCeDF4CvgX+SE/4g+CxoHO6x2cWt98RcT
4pf3Wzzh5GsA
=k2R2 -
sorry about the newlines, the web ui seems to be a bit broken and won't let me delete these
(eeit: managed to fix it with my phone) -
Kimmax111067yOkay so here's a hint for everyone who's struggling with this:
Find the missing parts of the two sentences. Combine them to form a new word. The word is a popular service. The short string is the right side of the domain.
To solve the rest you need GPG or similar.
You should be able to finish from here -
@Kimmax oh, I did not even solve the second missing word :D I just typed the first word into the address bar to google for some hints and Firefox auto-completed it
-
@Kimmax Just to be precise, SSL/TLS run on top of TCP (or another reliable transfer protocol), so technically it's above the transport layer, i.e. application layer. I'm studying this stuff now 😌
-
Kimmax111067y@MrGrumpyDev while you're not wrong I was referring to the Hypertext _transfer_ protocol, HTTPS being the (application layer?) that transports your data
Points for you tho :) -
@Kimmax Well, you wrote transport layer 😋 HTTPS is just a protocol available on the application layer, while on the transport layer there are TCP, UDP, and other (generally) less-known protocols.
Thanks for the points :) -
Kimmax111067y@D3add3d
HQEMAxqqW80aYJqQAQf/fV8yJCCsiCTnfU10P+vBPv0S+YjxhLVXXzPd3pNWTKRmrwf0/wTmxHpMYjrGC6xaqzqA4pu9+uN8Jvde5yCAkYNDBxfqRRn4EFGHEAZxOWC51682ILNw2FvS0aISQKkx4K0B18K91959QflOgy/hfoIo3rFUPqhGbam7D90JhgqEx/Wu9Y8IeP/FI7JeEba3PU93StsLiKxnX+HwZHESen64R6C7gN1zRnraWi0tq1JCD0x+qThlCJQiiVKwhpugpk1gVGMj/l0OigNxqAVvEWwU+U+3Sbg3ij/ZVys1OqsDfxDzuOQNNM9Y09QGUBBB3R7XD0vXMJ3pBfXG3jBXF9KFAaPgVts4nTF/6ybb1u/z0/ksrUko0s3nY+7O+eJJekrMY7ZOhDxGv0uLuPOQam3zx/kf7sZTS1jt47uQm/XWUspsnAYTt61mQm1l/xsvs7qMnmLAkSaBJxXSJQog6jsIhYDRk/G/5xnTPj6GmxHi3wTBg0rZurawTZgxu6lekp0tyzynBg===N07S
I hope I didn't break it while reformatting -
Kimmax111067y@D3add3d too bad :(
Would you like to show the others how you solved this? While I initially thought I would show how myself, I think a view from someone who actually did it himself could be cool -
@Kimmax yea, I was thinking about doing a YouTube video but I think I will just write it
-
@Kimmax I decided to do a video afterall, you will just have to excuse my voice because I have a flu and Windows decided to almost mute my microphone as soon as I stared recording
It is uploading right now, I will post the link once it has finished uploading and processing -
Kimmax111067y@D3add3d well made, thanks!
To be clear: I didn't mean to raise any questions about 9/11 or similar, it's just a internet meme / joke I thought would be funny to sign as POTUS :)
Thinking of a new challenge right now, maybe something that takes a little more effort to brake
Tagging some of the confused ones, in case they didn't solved yet and still want to see how:
@sunfishcc @LucaScorpion @Codex404 @andrebreda @CogInTheWheel @vlatkozelka @ewpratten @gitpull @xewl (you were right btw) @Aitkotw
Have a nice day!
You copy and ____
You throw it in the ____
MwF4yCq2 is what you need
Combine them and you shall succeed
hQEMAxqqW80aYJqQAQgAl8d8lKc8aOf9g16t3qJdwJTm5P2CzPhx94BUX8/lFrTC
2w0sPjFV1l+M1fau6H19uYHohNeNv1nqHfRyXO7rYylp5Y7YGp2CLpx5ApTSG1a4
lvUccxy5OddnNMlA+s5jDSWRw0j32tv1fQvALS6C/UjtNA7P6+nfEaEZHfSqvoFj
gr5cptzjsmTw3FsWsgMP08WDXRyQ1jgwaqBG/51IOkUL2xexi+xbo0pL2sW2AyoW
UlVmUzzpszNWph5l+UjqUPbihYh+X37mBWRZ/BmhP5AKS0XtMABZZTdH2a+FynAd
7I7XU4TKqBDTbviJbPbfT+2YQH9P4SZOP8sYWeLFxtJaAVr1JUfpCW05S/1VgR2T
WmmP6UVagIRBJGy9vog1Q7j74YXJAiS334JQnSq3RU2q3AQ4S7TO/Lspv3tgkDi/
aARzU8iT0cA+X67TCa74lG51oPWyihEG9OzN
=MT3J
rant