Friday, October 3, 2008

Lets Fuck Your Brain

On this challenge you have a sequence of symbols: + - [ ] < > .
++++[>+++++<-]>+++[>+++<-]>++.>++++++
[>++++<-]>++++[>++++<-]>-..----------
-.>.<+++++++++++++++++++.>+++++++++[>
++++++<-]>------.++[>++<-]>++++++++++
++++.-------.>++++++[>+++++<-]>+++.
You may think: what the hell is this crap ??
But hold on. The level's page says: "Check out this script" and level's name is "Lets Fuck Your Brain". It reminds me of an exotic programming language called BrainFuck, and you can find more about it here.
All you need to do is to learn basic BrainFuck (it's quite simple) and run the script on your mind with a piece of paper for notes, orrrrr to find a web interpreter for BrainFuck, like this one that also has a debugging option.

Only copy and paste the script above, run it and get the password, Good w0rk!
Posted by at No comments:
Labels:

FlashBack

On this challenge a page with a flash object is displayed, but the flash didn't work here. First of all I took a look at the page's source code and found this line:
<param name="movie" value="FlashBack.swf">
I put the "FlashBack.swf" on the URL and it got like the following:
http://www.trythis0ne.com/levels/others/tt0login/FlashBack.swf
Ok, now the flash is playing and it ask for a username and a password.
I downloaded the flash object (on the browser: file -> save as) and saved it on my hd. Next step, I opened the flash file with a hexadecimal editor (there're tons of hex editors on the web, you can use one like this) and as you can see below, the username and password are explicit on the file:


Simply entry the user and password on the flash and that's all. =)
Posted by at No comments:
Labels:

Wednesday, October 1, 2008

1337Browser

On this level you're presented a page with some information about a fictitious browser called "1337Browser_V3.1" and you have to get the password.

First of all I tried looking at page's source code but got nothing there. Well, if we have to get the password, let's try some URL like the following, to see what we get:
http://www.trythis0ne.com/levels/web-challanges/1337B/password.php
http://www.trythis0ne.com/levels/web-challanges/1337B/login.php
http://www.trythis0ne.com/levels/web-challanges/1337B/passwd.php
http://www.trythis0ne.com/levels/web-challanges/1337B/signin.php
http://www.trythis0ne.com/levels/web-challanges/1337B/pwd.php
All of them but the last failed. On the last one we get the following:
Err: Only 1337Browser_V3.1 users can see this page.
OK, now those information about the 1337Browser makes sense. Only people using the 1337Browser_V3.1 can see the pwd.php page but HOLD ON, that's a fictitious browser, how can we pretend we're using a browser that does not even exist? The information about the browser you're using comes from a property called "user agent".
You can get more information about that here.

There's a technique called 'Browser Spoofing' that consists on modifying the "user agent" property in order to fake what browser you're using.
There're some plugins, like this, that can change this information, but you can also modify it by hand, if you're using Firefox you can go to the URL 'about:config', that's a page where you can see, modify and include property values. Once on that page, right click and choose create new option -> string, fill out the first form displayed with "general.useragent.override" and press OK, then fill out the another form with "1337Browser_V3.1" that's the name of the browser we want pretend we're using.

Then go to pwd.php page again, there'll be the password for you.
Posted by at No comments:
Labels:

Premission

This challenge is very simple, a ciphertext is given and you must find a way to decode it. The ciphertext is the following:
Gsv kzhhdliw gszg blf mvvw rh gsv mznv gszg
yvolmth gl gsv nzm gszg hzbh gsv mvcg hvmgvmxv:

"Givzg blfi kzhhdliw orpv blfi gllgsyifhs.
Wlm'g ovg zmbylwb vohv fhv rg, zmw tvg z mvd
lmv vevib hrc nlmgsh."
This text is ciphered using a simple substitution method. You can find more about this method here or here.

I usually decipher it by my own, I don't have any program to do that for me but certainly there're some deciphers for free.
This tool, this frequency table , and a frequency counter may help on the process.
Usually I seek for some keywords on the text, like 'the', 'password', 'that', 'of', 'if', 'is'. Using this tips we can infer the following:
GSV - THE
GSZG - THAT
WLM'G - DON'T
KZHHDLIW - PASSWORD

It seems to agree with the frequency table, since E (V) is the most frequent letter, followed by T (G), then we have O (L) and M (N) that both have high frequencies too...
It's pretty easy =)

On the end you'll have the plaintext as follows:
The password that you need is the name that
belongs to the man that says the following sentence:

"Treat your password like your toothbrush.
Don't let anybody else use it, and get a new
one every six months."
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)