Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@Kimmax what's this man?? A riddle?
-
@Aitkotw exactly
-
@Kimmax Tried attach the short string in front(or end), then decode with base64. Got some binary code. Save it in a file, then test with trid. But cannot find file type. Could you give some help?
-
@sunfishcc short and long are not directly related
-
@Kimmax After base64 decode the long string. Found b'3\x01x\xc8*\xb6' are both in short and long. After remove it, still no clue. T_T
-
@sunfishcc You do not need base64. Start at the top of the rant
-
@xewl What are the code for? I still don't get it
-
@Kimmax The lack of imagination really hold me back. I still can't solve it. T_T
-
@sunfishcc looks like some sort of pub/priv key to me, but I'm also not sure. xD
-
@xewl paste is right
-
oh geez... I'm thinking this all night. Still cant figure out the answer.
However, find multiple bugs on the devRant new desktop page.
Eg:
console.log;
duplicate input key ('password');
the js code are mixed with tab and 4 space, and not minified;
the delete button is binded to class '.rantlist-delete', which doesn't work;
the http request for fetching badges sending every 3s with unencrypted query string on URL; -
@sunfishcc there is no such thing as an "unencrypted query", well besides really transmitting encrypted data. This fields are being protected by the transport layer (HTTPS) and while it might not be common to transmit these fields in a GET query parameter, it's standard to send these as cookies, which are as exposed as query parameters. Just hit up some random site and the chance that you'll see PHP session ids being transmitted is high and they are as valuable as those tokens.
-
@Kimmax sorry for lack of security knowledge. I'm working on this part. Definitely learn something.
-
@sunfishcc asking is the first step to learn something new :)
And you're not the first one thinking about that one. I wrote a little bit more detailed post to shed some light on this: https://devrant.com/rants/1256569/
Hope this helps -
@Kimmax paste was the obvious part xD
-
@Kimmax
wcBMAxqqW80aYJqQAQgAcMWwQKYwEVcxfycxE7fvCcRdVY8EjgzqA1rKazFSMYwm
gTUv82W0jpFmegKSitlNW465ZPTnkEsS2FSTsonNa7vnVcH7eYFPFF8VMoI3cf7d
GALd7J7vzWuIPbw2Zbx5uUAxFhRQZxNdEu9S7hP7JB+n1V+NoRLpo6CEL5wiEb5G
ri6IJIZpb4ajiEBNwHvRbaUywglIc+oZnFQlEsw48VA9uMWWIaBKbo8wX+qoIUyM
9PhFaNIhaaV9njqk1EKQY6ltPmC7cire+gm5BBU3OVu3arEV6dLxAiSiUQLIZFWB
L5cbQTvuxqKuLOaVt5j6glDcLV74Tkt6T1FoqU7YUNLgAeSserCUk9z3JXRlOMKy
ccTu4WT04GXgs+HaB+CK4lFAyUzg8uVhUwBXLTvpZHml4Jje4F3R8fd1cNNZdIeo
Q8SfwePK+OCG4ww1H5Qml3IM4C3iEs3TCeDF4CvgX+SE/4g+CxoHO6x2cWt98RcT
4pf3Wzzh5GsA
=k2R2 -
Okay so here's a hint for everyone who's struggling with this:
Find the missing parts of the two sentences. Combine them to form a new word. The word is a popular service. The short string is the right side of the domain.
To solve the rest you need GPG or similar.
You should be able to finish from here -
@Kimmax oh, I did not even solve the second missing word :D I just typed the first word into the address bar to google for some hints and Firefox auto-completed it
-
@Kimmax Just to be precise, SSL/TLS run on top of TCP (or another reliable transfer protocol), so technically it's above the transport layer, i.e. application layer. I'm studying this stuff now 😌
-
@Kimmax Well, you wrote transport layer 😋 HTTPS is just a protocol available on the application layer, while on the transport layer there are TCP, UDP, and other (generally) less-known protocols.
Thanks for the points :) -
@D3add3d
HQEMAxqqW80aYJqQAQf/fV8yJCCsiCTnfU10P+vBPv0S+YjxhLVXXzPd3pNWTKRmrwf0/wTmxHpMYjrGC6xaqzqA4pu9+uN8Jvde5yCAkYNDBxfqRRn4EFGHEAZxOWC51682ILNw2FvS0aISQKkx4K0B18K91959QflOgy/hfoIo3rFUPqhGbam7D90JhgqEx/Wu9Y8IeP/FI7JeEba3PU93StsLiKxnX+HwZHESen64R6C7gN1zRnraWi0tq1JCD0x+qThlCJQiiVKwhpugpk1gVGMj/l0OigNxqAVvEWwU+U+3Sbg3ij/ZVys1OqsDfxDzuOQNNM9Y09QGUBBB3R7XD0vXMJ3pBfXG3jBXF9KFAaPgVts4nTF/6ybb1u/z0/ksrUko0s3nY+7O+eJJekrMY7ZOhDxGv0uLuPOQam3zx/kf7sZTS1jt47uQm/XWUspsnAYTt61mQm1l/xsvs7qMnmLAkSaBJxXSJQog6jsIhYDRk/G/5xnTPj6GmxHi3wTBg0rZurawTZgxu6lekp0tyzynBg===N07S
I hope I didn't break it while reformatting -
@Kimmax unfortunately something broke along the way
-
@Kimmax yea, I was thinking about doing a YouTube video but I think I will just write it
-
@Kimmax I decided to do a video afterall, you will just have to excuse my voice because I have a flu and Windows decided to almost mute my microphone as soon as I stared recording
It is uploading right now, I will post the link once it has finished uploading and processing -
-
@D3add3d well made, thanks!
To be clear: I didn't mean to raise any questions about 9/11 or similar, it's just a internet meme / joke I thought would be funny to sign as POTUS :)
Thinking of a new challenge right now, maybe something that takes a little more effort to brake
Tagging some of the confused ones, in case they didn't solved yet and still want to see how:
@sunfishcc @LucaScorpion @Codex404 @andrebreda @CogInTheWheel @vlatkozelka @ewpratten @gitpull @xewl (you were right btw) @Aitkotw
Have a nice day! -
@Kimmax I love the "you were right btw" haha
You copy and ____
You throw it in the ____
MwF4yCq2 is what you need
Combine them and you shall succeed
hQEMAxqqW80aYJqQAQgAl8d8lKc8aOf9g16t3qJdwJTm5P2CzPhx94BUX8/lFrTC
2w0sPjFV1l+M1fau6H19uYHohNeNv1nqHfRyXO7rYylp5Y7YGp2CLpx5ApTSG1a4
lvUccxy5OddnNMlA+s5jDSWRw0j32tv1fQvALS6C/UjtNA7P6+nfEaEZHfSqvoFj
gr5cptzjsmTw3FsWsgMP08WDXRyQ1jgwaqBG/51IOkUL2xexi+xbo0pL2sW2AyoW
UlVmUzzpszNWph5l+UjqUPbihYh+X37mBWRZ/BmhP5AKS0XtMABZZTdH2a+FynAd
7I7XU4TKqBDTbviJbPbfT+2YQH9P4SZOP8sYWeLFxtJaAVr1JUfpCW05S/1VgR2T
WmmP6UVagIRBJGy9vog1Q7j74YXJAiS334JQnSq3RU2q3AQ4S7TO/Lspv3tgkDi/
aARzU8iT0cA+X67TCa74lG51oPWyihEG9OzN
=MT3J
rant