Interesting thing I just found but can't figure out. If you look at OkCupid's page source (view-source:okcupid.com/home), the top has an ASCII picture of what looks to be a Macintosh, with:
If you convert the hex to ascii you get Yml0Lmx5LzJ2bXZEZjQK.
Jaxson Hall
Base64 decode that ascii and you get a bitly link that takes you to quiz.okcupid.com/letsplayagame/
Joshua Wood
>looks to be a Macintosh Nah bro, that's totally an HP.
Daniel Murphy
It doesn't seem to actually be a hash, just look like one as it doesn't decrypt.
Chase Cox
Ah, there we go. I'm guessing this is just another hiring quiz thing.
Gavin Cooper
Interesting, the jpeg looks really weird at the bottom, probably a hidden message?
Evan Hernandez
Open the jpg in a text editor and look at the metadata in the xml at the top
specifically the "password" metadata field
Carson Lopez
The whole thing is really noisy. I'm guessing the password for the first zip, "quebra" is either in there or points to it.
Jaxon Murphy
IHuCponG+Z Doesn't work for any of the zips
Parker Green
Jesus christ I'm retarded, I actually hexdumped it, but just glossed over it and started trying to find steganographic data
Nathaniel Walker
That might still be necessary, since the password in the metadata doesn't seem to do anything and the jpeg has "flag.txt" show up in it twice at the end of the file. flag.txt is also the name of the only file in quebra.zip
Nathan Parker
Why would OKC want to hire someone with this kind of skillset anyway?
Julian Ramirez
Yeah, the password was just put in the metadata using ExifTool, so there still could be stuff in the image itself.
Adrian Lopez
The EOI bytes for jpeg are FF D9. Everything after that has been added (this is where you see the flag.txt reference).
Alright cool. the rest of the file is a zip that contains flag.txt which just says "Never tell me the odds."
Anthony Clark
Yeah, I just got that, too.
Caleb Ross
>Never tell me the odds Using "Never tell me the odds" as the password for quebra.zip gives a new flag.txt with the contents "dc40b85276a1f4d7cb35f154236aa1b2"
Zachary Richardson
What was the actual password for quebra.zip?
Ian Johnson
decoding "dc40b85276a1f4d7cb35f154236aa1b2" as hex doesn't seem to result in anything particularly meaningful
Cameron Sullivan
That's a hash that decrypts to "abgrtyu", which is a common password and opens the init.zip
Ian Hall
md5 hash for "abgrty"
Isaac Long
If quebra.zip contains the same data but uses a different password, I wonder if that's sufficient information to determine quebra.zip's password? Which would likely also be the password for another file.
Connor Brooks
>dc40b85276a1f4d7cb35f154236aa1b2 MD5 hash for abgrtyu Can't try unzipping the files, xarchiver is fucking up on me, anyone can try that as password for the second zip?
Michael Cook
Sorry, I hadn't read the updates to the thread. This post was dumb.
Julian Edwards
Great work, that opens init.zip
Liam Morales
"Password" appears 20 times in hackpw.txt Line 20 is: login MD5 is: d56b699830e77ba53855679cb1d252da
Christian Allen
But that doesn't seem to work as the key for map.zip. Adding a newline to "login" to get a different md5 doesn't work any better
Jordan Perry
It is, I posted as above here So now it has some instructions but I didn't get them to work. ---
Perform the following steps to obtain the key:
* count the number of times the word password appears in hackpw.txt, this will be $a
* take the md5 of line $a from hackpw.txt to create $b
* use $b as the key
---
"password" shows up 28 times, line 28 is "wont allow anonymous logins. If this is true try getting an account on the system." and the md5 of that is "a72bb057359c22d578668e8ae1f38041" which doesn't work as a password.
Benjamin Johnson
>"password" shows up 28 times What? it shows up 20 times
Noah Thomas
Notepad++ tells me it comes up 28 times, not 20. How did you get that?
Also I think we need to open almost.zip to get the ps.txt first, before map.zip
Aiden Taylor
it depends whether you're doing a case insensitive search or not. "password" shows up 20 times. "[pP]assword shows up 28
Nolan Long
If I count it myself I come to 24, this is weird.
Dylan Collins
Yeah... maybe it's for something else
readme says to use it as " the key" not password...
grep -c "password" hackpw.txt
Robert Morris
what
Tyler Watson
The hash for line 28 is 024b0350a988f8150501ac685e2811da it opens ps.txt
Ayden Clark
> -c, --count print only a count of matching lines per FILE Not matching words, oops.
Sebastian Gomez
Ah, so it was 28 I just got the wrong hash somehow. Where/how did you get yours?
Alexander Roberts
Well I got traffic.pcap, but I'm not familiar with tcpdump so
At least we now know this is a new quiz, the EXIF on this says July 24th, and that it was edited with Photoshop on a mac.
How did you get map.zip open?
Zachary James
Ah, yes. My mistake.
James Jenkins
see the squares at the bottom of mmsf.jpg? They're binary
Juan Taylor
At the top too.
Asher Evans
I actually didn't even see the squares, wow.
Caleb Hill
The top is just repeating 1 and 0, the bottom says "Rokkuman".
Andrew Jackson
this was a good game
Landon Fisher
The ones at the top don't have any information in them.
Anyway the pcap has some urls in it, one has a new zip and one has a text file containing the password, but the zip has an ELF binary in it and I'm not going to run unknown binaries so I'm out
Nolan Williams
Oh, I was stuck in the hex editor, didn't even pay any attention to this weaboo shit lol
The text string is the password for the zip, it only has a solveme file. I don't know what it is at this point.
Jackson Bailey
It's a linux executable. Run it.
Jeremiah Wright
I don't use linux (inb4 reactions) but I guess I could spin up a vm for it.
Luis Williams
linux is gay anyway brah
Samuel Thomas
Man i loved those game as a kid and Luna platz was cute af too
John Powell
Looking at disassembly, it's basically hundreds of add instructions and a few jumps thrown in every now and then, probably manually calculating a number or something?
Eli Hernandez
You have completed this game. Would you like to keep doing infosec work and get paid for it? Good news! We're hiring a Linux Security Engineer! Send your resume over to [email protected] to apply. Please put "SECURITYNINJA" in the subject.
Wow it's fucking nothing.
David Barnes
strings, m8 This is not the function you are looking for.
I was about to post this as well. You can find it by just looking at the content of .rodata in solveme (opened as an archive in 7zip.) You don't even have to disassemble or reverse engineer the binary, lel.
Jaxon Lewis
Well this was fun Sup Forums. I totally called it at the beginning that it was a hiring thing
Ian Williams
Well yeah no shit
Charles Bailey
...
Aaron Turner
What the fuck did you reply to all the posts for, retard?
Bentley Garcia
>look mom I did it again
Xavier Ward
Because, just ignore it.
Carter Clark
What other reason would OKC have to put up a puzzle like this in their source code?
Sebastian Parker
It shows us old decrepit faggots that we still got it in us.
Jaxson Evans
So you could access the 2d waifu profiles instead of the usual 3d trash.
Easton Ross
>game solved >thread instantly dissolves to shit This is why we can't have nice things Note how basically no images were posted because people were actually discussing something
Ian Anderson
puzzles always bring people like us together.
Landon Campbell
Kek. If only.
Evan Price
lol ouch
Cooper Martin
I had a lot of fun. I don't know why we don't organize something like this ourselves on a monthly basis.
Wyatt Sanchez
>Send your resume
Whelp
Anthony Jones
Well there was that link to the flyingmonkeys thing. I only took a cursory glance but it seems like a new hacking challenge thing.
I know there's others on other sites, but yeah it'd be cool if Sup Forums mods or whatever made one up for every month.
Ryan Perez
These challenges are pretty common. Unfortunately, there are rarely any replies.
Carter Price
> A sense of satisfaction that comes from helping millions of people find love