Its a classic alright but being a classic just a warning to everyone some of it does require going back in time a little bit like dealing with a 16bit binary.
If this type stuff interests any of you but is too hard, give mine a try ( 0x0539.net ). It is not intended to be a significant challenge, instead all the stages focus on introducing some basic concept related to offensive security. Its mostly aimed at some young teens that have expressed an interest in learning that stuff rather so the target is very introductory.
I update the site every so often with new sets of challenges and rotate through former sets if someone requests it. The current one I ran for a bit in 2013 and then brought it back earlier this year and plan to cycle in a new binary exploitation focused one in December.
I've gotten so far as finding the first secret and turning that into something viewable so I can read the two word question. Not quite sure what to do with the stuff that's left over yet though.
Sure, that gives me an address, but the host isn't reachable.
I played around with it and found a login page that might be similar but _no clues_ as to how to gain access. Feel like I'm missing an intermediate step here.
I really enjoy these puzzles, but I'm also stuck at the login page. Even poking around, and ignoring that the subdomain isn't working, I don't see anything else. Have any suggestions?
Everything you need to figure it out is on the login page.
Consider how hackernews works, there is the login page but that is not the only means to authenticating. You don't after all have to type your user/pass out for every page request.
Thanks for the tip! I'll be attacking this again tonight, I think I have an idea now that you mention auth. By the way, some subdomains are public (not sure if part of the game), like source.0x0539.com, oxidized etc.
Awesome work, thanks for the fun!
Edit: Just got past login, what an awesome puzzle. That being said, I hate that it looks like I have a run an executable from your site. Seems dangerous, so now I have to spend the time getting a VM setup.
You don't have to run the executable. You can, but the problem is absolutely doable without running it (static reversing).
As for the subdomains, you can safely ignore them. There are a number of them most are not primarily mine. I just give some friends free hosting(or point subdomains to their boxes)
And yea there are random subdomains that are not part of it. Most of the subdomains are not even mine (I give free hosting to friends). The only subdomain that was part of it was clcs.0x0539.net but thats no longer the case.
Thanks so much for all of the clarification; it's really helpful to know I don't have to execute the app in question. I'll keep going down the rabbit hole, hopefully others find this site and enjoy it.
data = 'MAL TIRRUEZF CR MAL RKZYIOL EX MAL OIY UAE RICF MAL ACWALRM DYEUPLFWL CR ME DYEU MAIM UL IZL RKZZEKYFLF GH OHRMLZH'
c = {'I': 'a', ' ': ' ', 'L': 'e', 'Y': 'n', 'F': 'd', 'H': 'y', 'P': 'l', 'K': 'u', 'O': 'm', 'G': 'b', 'D': 'k', 'A': 'h', 'Z': 'r', 'C': 'i', 'R': 's', 'W': 'g', 'X': 'f', 'M': 't', 'E': 'o', 'U': 'w', 'T': 'p'}
"".join((c[i] if i in c else i for i in data))
> 'the password is the surname of the man who said the highest knowledge is to know that we are surrounded by mystery'
Yes, exactly. In that case, perhaps using the algorithm described in the same place as one may find the reverser's credo: "what one man can invent, another can discover"? (As can women and others, of course! I've always assumed the "man" a forgivable historical artifact there, given the now 110-year gap.)
One might tolerate an occasional hint, but please, please, please do not spoil the crackmes and such things. They are for the practice and instruction of those who seek knowledge, not those who want to merely find it. The act of seeking trains the mind in the inference of their creators' intentions and thoughts: a skill that needs to be learned, and I do not think can simply be taught.
I am, of course, biased. There is a remnant of elitism, I will admit. Before we had the web, such things used to be swapped via post, and obscure BBSes. It's quite emotional, even, to be reminded some of the old forgotten places still exist. It has been many years. Even... a certain shrine's still running, somehow. Old crackers never die: they just nop! +akr
If this type stuff interests any of you but is too hard, give mine a try ( 0x0539.net ). It is not intended to be a significant challenge, instead all the stages focus on introducing some basic concept related to offensive security. Its mostly aimed at some young teens that have expressed an interest in learning that stuff rather so the target is very introductory.
I update the site every so often with new sets of challenges and rotate through former sets if someone requests it. The current one I ran for a bit in 2013 and then brought it back earlier this year and plan to cycle in a new binary exploitation focused one in December.