Usr6 Posted November 11, 2017 Report Posted November 11, 2017 MD5(the_big_fat_panda.jpg) = 409302F21EA7DCFE2ED9BBF3C810081C 1 Quote
FoxBlood Posted November 15, 2017 Report Posted November 15, 2017 Salut! Sunt nou pe aici, imi poti explica cum se face acest tip de challange de la 0? Quote
u0m3 Posted November 16, 2017 Report Posted November 16, 2017 @FoxBlood: Uita-te la cum a fost rezolvat ultimul Sau asteapta writeup-ul de la acesta. 1 Quote
kznamst Posted November 19, 2017 Report Posted November 19, 2017 (edited) Walkthrough: @Usr6 1. Descarcam imaginea si verificam daca e integra: # curl -s https://rstforums.com/forum/uploads/monthly_2017_11/the_big_fat_panda.jpg.07e36e8e2681213cd21cbe01d72e9baa.jpg --output The_Big_Fat_Panda.jpg && md5sum The_Big_Fat_Panda.jpg 409302f21ea7dcfe2ed9bbf3c810081c The_Big_Fat_Panda.jpg 2. Deschidem imaginea cu editor hex(am folosit Bless pe Ubuntu) si verificam daca dupa imagine mai este ceva. Ne uitam daca dupa biti FF D9 mai apare ceva. In cazul nostru observam: PK.. NobodyUnderstandMe.jpg PK - inseamna ca avem o arhiva, zip 3. Extragem arhiva din imagine: # unzip The_Big_Fat_Panda.jpg Obtinem o alta imagine: "NobodyUnderstandMe.jpg" . Incercam sa facem acelasi lucru ca la cealalta imagine, dar ne cere o parola si ne da un puzzle: Cateodata DA inseamna DA si NU inseamna NU, cateodata DA inseamna NU si NU inseamna Da, cateodata DA inseamna POATE si POATE inseamna NU, cateodata NU inseamna POATE si POATE... AI INTELESSSSS? DANUDADANUNUDANUDANUNUDADADADANUDANUNUDADADANUNUDANUNUDADADADANUDANUNUNUDADANUDADANUDADADADADANUDANUNUDANUDADANUDANUDADANUDADANUDANUNUDANUNUNUDADANUNUDADADANUNUDANUNUDADANUDANUDANUNUNUDADANUDADANUNUDADADANUNUDANUNUDADADADANUDANUNUNUDANUDADA Initial m-am oprit aici si am cerut hint, mi-a fost oferita imaginea: https://rstforums.com/forum/applications/core/interface/imageproxy/imageproxy.php?img=https://upload.wikimedia.org/wikipedia/commons/thumb/7/75/Macbook_Pro_Power_Button_-_Macro_(5477920228).jpg/220px-Macbook_Pro_Power_Button_-_Macro_(5477920228).jpg&key=65b8c92411b156ea5a00ea79269010df0e1ad7e390288503459d91a50af16a4d # Din care extrage linkul: https://upload.wikimedia.org/wikipedia/commons/thumb/7/75/Macbook_Pro_Power_Button_-_Macro_(5477920228).jpg/220px-Macbook_Pro_Power_Button_-_Macro_(5477920228).jpg 4. Cautam pe google dupa imagine si ajungem pe pagina wiki: https://en.wikipedia.org/wiki/Power_symbol # Observam citatul: The symbol for the standby button was created by superimposing the symbols "|" and "o"; however, it is commonly misinterpreted as the numerals "0" and "1" 5. Luam sirul cu DAsi NU unde inlocuim "DA" cu 0 si "NU" cu 1, obtinem: 010011010110000101100011011000010111001001000001011010010100100101101110011000110110010101110010011000110110000101110100 # Il convertim din binar in ASCII si obtinem: MacarAiIncercat 6. Vedem ca asta este parola("MacarAiIncercat" te poate duce in eroare, eu initial am crezut ca nu asa trebuia sa procedez) dupa care obtinem un fisier text: DA, chiar e ceea ce pare, doar ca standard=dradnats vpGWkp6TipPfkYrfno2a35GaiZCWmt+bmt+Q34+Nmpiei5aNmt+Mj5qclp6Tnt+PmpGLjYrfnt+Zlt+ekZaSnpPT35CSipPflpGMnt+PmpGLjYrfnt+bmomakZbfkJLfno2a35GaiZCWmt+bmt+am4qcnouWmtPfmpuKnJ6Llp7fmZ6cmt+blpmajZqRi57fm5aRi42a35CekpqRlt+Mlt+ekZaSnpOa0d+yno2ciozfq4qTk5aKjN+8lpyajZD= 7. Observam ca e un base64, observam si hintul: "standard=dradnats". Cautam pe google implementarea algoritmului base64: https://en.wikibooks.org/wiki/Algorithm_Implementation/Miscellaneous/Base64#Javascript_2 Facem un reverse la lista base64chars si rulam functia pe stringul nostru: https://jsfiddle.net/9vdbamd9/1/ base64chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; # devine base64chars = '/+9876543210zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA' Stringul decodat: Animalul nu are nevoie de o pregatire speciala pentru a fi animal, omul insa pentru a deveni om are nevoie de educatie, educatia face diferenta dintre oameni si animale. Marcus Tullius Cicero Edited November 19, 2017 by kznamst 6 Quote
