36
Kimmax
7y

You copy and ____
You throw it in the ____
MwF4yCq2 is what you need

Combine them and you shall succeed

hQEMAxqqW80aYJqQAQgAl8d8lKc8aOf9g16t3qJdwJTm5P2CzPhx94BUX8/lFrTC
2w0sPjFV1l+M1fau6H19uYHohNeNv1nqHfRyXO7rYylp5Y7YGp2CLpx5ApTSG1a4
lvUccxy5OddnNMlA+s5jDSWRw0j32tv1fQvALS6C/UjtNA7P6+nfEaEZHfSqvoFj
gr5cptzjsmTw3FsWsgMP08WDXRyQ1jgwaqBG/51IOkUL2xexi+xbo0pL2sW2AyoW
UlVmUzzpszNWph5l+UjqUPbihYh+X37mBWRZ/BmhP5AKS0XtMABZZTdH2a+FynAd
7I7XU4TKqBDTbviJbPbfT+2YQH9P4SZOP8sYWeLFxtJaAVr1JUfpCW05S/1VgR2T
WmmP6UVagIRBJGy9vog1Q7j74YXJAiS334JQnSq3RU2q3AQ4S7TO/Lspv3tgkDi/
aARzU8iT0cA+X67TCa74lG51oPWyihEG9OzN
=MT3J

Comments
  • 0
    An easy one to get started
  • 1
    @Kimmax what's this man?? A riddle?
  • 8
    Ill send some bitcoin to this address
  • 0
    @sharktits dont :D
  • 0
  • 1
    @Kimmax Tried attach the short string in front(or end), then decode with base64. Got some binary code. Save it in a file, then test with trid. But cannot find file type. Could you give some help?
  • 2
    @sunfishcc short and long are not directly related
  • 0
    @Kimmax After base64 decode the long string. Found b'3\x01x\xc8*\xb6' are both in short and long. After remove it, still no clue. T_T
  • 0
    @sunfishcc You do not need base64. Start at the top of the rant
  • 1
    paste
    tumbler/trash
    ? xD
  • 1
    @xewl What are the code for? I still don't get it
  • 4
    @Kimmax The lack of imagination really hold me back. I still can't solve it. T_T
  • 1
    @sunfishcc looks like some sort of pub/priv key to me, but I'm also not sure. xD
  • 1
    @xewl paste is right
  • 1
    oh geez... I'm thinking this all night. Still cant figure out the answer.

    However, find multiple bugs on the devRant new desktop page.

    Eg:

    console.log;

    duplicate input key ('password');

    the js code are mixed with tab and 4 space, and not minified;

    the delete button is binded to class '.rantlist-delete', which doesn't work;

    the http request for fetching badges sending every 3s with unencrypted query string on URL;
  • 3
    @sunfishcc there is no such thing as an "unencrypted query", well besides really transmitting encrypted data. This fields are being protected by the transport layer (HTTPS) and while it might not be common to transmit these fields in a GET query parameter, it's standard to send these as cookies, which are as exposed as query parameters. Just hit up some random site and the chance that you'll see PHP session ids being transmitted is high and they are as valuable as those tokens.
  • 0
    @Kimmax sorry for lack of security knowledge. I'm working on this part. Definitely learn something.
  • 1
    @sunfishcc asking is the first step to learn something new :)

    And you're not the first one thinking about that one. I wrote a little bit more detailed post to shed some light on this: https://devrant.com/rants/1256569/

    Hope this helps
  • 2
    @rellic absolutely! Keep the result to yourself for now please, I think I'll drop a big hint for others to come in the evening or something :)

    Do you think I should keep this target skill level or but some more beef into it?
  • 1
  • 0
    @rellic noted! :)
  • 3
    .
    ..
    ...
    ....
    .....
    ......
    .......
    ........
    .........
    ..........
    .........
    ........
    .......
    ......
    .....
    ....
    ...
    ..
    .
  • 1
    @Kimmax paste was the obvious part xD
  • 1
  • 1
  • 1
    Is the first part a key of some sort? @Kimmax
  • 1
    Got it! The parser was not happy about it at first but after slight modification it parsed it
  • 1
    I think I got it, let me try
  • 1
    Oops next time tell people to keep it for themselves in the start post. I accidentally shared the first part because I'm not in the mood to decode the message itself xD
  • 1
    @Kimmax
    wcBMAxqqW80aYJqQAQgAcMWwQKYwEVcxfycxE7fvCcRdVY8EjgzqA1rKazFSMYwm
    gTUv82W0jpFmegKSitlNW465ZPTnkEsS2FSTsonNa7vnVcH7eYFPFF8VMoI3cf7d
    GALd7J7vzWuIPbw2Zbx5uUAxFhRQZxNdEu9S7hP7JB+n1V+NoRLpo6CEL5wiEb5G
    ri6IJIZpb4ajiEBNwHvRbaUywglIc+oZnFQlEsw48VA9uMWWIaBKbo8wX+qoIUyM
    9PhFaNIhaaV9njqk1EKQY6ltPmC7cire+gm5BBU3OVu3arEV6dLxAiSiUQLIZFWB
    L5cbQTvuxqKuLOaVt5j6glDcLV74Tkt6T1FoqU7YUNLgAeSserCUk9z3JXRlOMKy
    ccTu4WT04GXgs+HaB+CK4lFAyUzg8uVhUwBXLTvpZHml4Jje4F3R8fd1cNNZdIeo
    Q8SfwePK+OCG4ww1H5Qml3IM4C3iEs3TCeDF4CvgX+SE/4g+CxoHO6x2cWt98RcT
    4pf3Wzzh5GsA
    =k2R2
  • 1
    sorry about the newlines, the web ui seems to be a bit broken and won't let me delete these

    (eeit: managed to fix it with my phone)
  • 1
    So I got the first part, now to combine them... Interesting riddle :)
  • 1
    @D3add3d gonna read when I'm home :)
  • 0
    Okay so here's a hint for everyone who's struggling with this:
    Find the missing parts of the two sentences. Combine them to form a new word. The word is a popular service. The short string is the right side of the domain.
    To solve the rest you need GPG or similar.
    You should be able to finish from here
  • 3
    @Kimmax oh, I did not even solve the second missing word :D I just typed the first word into the address bar to google for some hints and Firefox auto-completed it
  • 1
    @Kimmax Just to be precise, SSL/TLS run on top of TCP (or another reliable transfer protocol), so technically it's above the transport layer, i.e. application layer. I'm studying this stuff now 😌
  • 1
    @MrGrumpyDev while you're not wrong I was referring to the Hypertext _transfer_ protocol, HTTPS being the (application layer?) that transports your data
    Points for you tho :)
  • 1
    Still have no idea how to do it
  • 1
    @Kimmax Well, you wrote transport layer 😋 HTTPS is just a protocol available on the application layer, while on the transport layer there are TCP, UDP, and other (generally) less-known protocols.

    Thanks for the points :)
  • 0
    @D3add3d
    HQEMAxqqW80aYJqQAQf/fV8yJCCsiCTnfU10P+vBPv0S+YjxhLVXXzPd3pNWTKRmrwf0/wTmxHpMYjrGC6xaqzqA4pu9+uN8Jvde5yCAkYNDBxfqRRn4EFGHEAZxOWC51682ILNw2FvS0aISQKkx4K0B18K91959QflOgy/hfoIo3rFUPqhGbam7D90JhgqEx/Wu9Y8IeP/FI7JeEba3PU93StsLiKxnX+HwZHESen64R6C7gN1zRnraWi0tq1JCD0x+qThlCJQiiVKwhpugpk1gVGMj/l0OigNxqAVvEWwU+U+3Sbg3ij/ZVys1OqsDfxDzuOQNNM9Y09QGUBBB3R7XD0vXMJ3pBfXG3jBXF9KFAaPgVts4nTF/6ybb1u/z0/ksrUko0s3nY+7O+eJJekrMY7ZOhDxGv0uLuPOQam3zx/kf7sZTS1jt47uQm/XWUspsnAYTt61mQm1l/xsvs7qMnmLAkSaBJxXSJQog6jsIhYDRk/G/5xnTPj6GmxHi3wTBg0rZurawTZgxu6lekp0tyzynBg===N07S

    I hope I didn't break it while reformatting
  • 1
    @Kimmax unfortunately something broke along the way
  • 0
    @D3add3d too bad :(
    Would you like to show the others how you solved this? While I initially thought I would show how myself, I think a view from someone who actually did it himself could be cool
  • 1
    @Kimmax yea, I was thinking about doing a YouTube video but I think I will just write it
  • 0
    @D3add3d whatever you like :) Looking forward to it
  • 1
    @Kimmax I decided to do a video afterall, you will just have to excuse my voice because I have a flu and Windows decided to almost mute my microphone as soon as I stared recording

    It is uploading right now, I will post the link once it has finished uploading and processing
  • 2
  • 4
    @D3add3d well made, thanks!
    To be clear: I didn't mean to raise any questions about 9/11 or similar, it's just a internet meme / joke I thought would be funny to sign as POTUS :)
    Thinking of a new challenge right now, maybe something that takes a little more effort to brake
    Tagging some of the confused ones, in case they didn't solved yet and still want to see how:
    @sunfishcc @LucaScorpion @Codex404 @andrebreda @CogInTheWheel @vlatkozelka @ewpratten @gitpull @xewl (you were right btw) @Aitkotw
    Have a nice day!
  • 1
    @Kimmax I love the "you were right btw" haha
Add Comment