Snake.py

Dear All,
I have reversed the script snake.py, I login and I receive the message: "good job" but when I submit the flag the system says it's not correct.
Any idea on why?
Thanks to all
Garbo

Comments

  • Flag should be in the format: HTB{username:password}

    (Curly brackets inclusive)

  • @garbo77 said:
    Dear All,
    I have reversed the script snake.py, I login and I receive the message: "good job" but when I submit the flag the system says it's not correct.
    Any idea on why?
    Thanks to all
    Garbo

    It isn't correct. There is another thread which explains but it also misleads terribly. It made this quirky challenge a lot harder than it is so I am loathe to send you there. You must take the program at its word. It isn't really a troll or it is but... argh.

    Anyway, you're only half right so...

    izzie

  • edited September 2018

    Find the values in the chain array and take them off the end of the password; they're added to the end of chars as filler to throw you off. Here's how I figured it out, with a hint from UltrCrpdrn:

    If you get rid of this section of code:

    for chain in chains:
    chains_encrypt = chain + 0xA
    chars.append(chains_encrypt)

    you won't have those extra characters when you reverse-engineer the password.

  • I just solved this, after much head-scratching. But, I have to say that there IS a clear clue as to which of the variables contains the password. It is there in plain sight once you do the normal stuff to read it. You just need to understand how the logic of the code hides it from you.

  • this challenge is a shit show. just try bunch of strings you can generate from the script. that's it

  • Wow, i made it way more complicated than it was. And yeah, it was kinda bad. :(

    mrtnrdl

  • I enjoyed the reverse engineering part that took me all of 2 minutes (it is meant to be very easy ofc)

    I didn't enjoy spending like 2 hours, even enlisting the help of a friend, trying to figure out the flag format :S if you're into puzzles in general you'll like it but I didn't learn anything related to cyber security from that part.

    my hint: look at what you've figured out, and then look at how the snake's chains are created. Don't assume the code is complete or works!

  • @izzie said:

    It isn't correct. There is another thread which explains but it also misleads terribly. It made this quirky challenge a lot harder than it is so I am loathe to send you there. You must take the program at its word. It isn't really a troll or it is but... argh.

    Anyway, you're only half right so...

    heyy i stuck at the same problem can you help me or gve mea hint ?

  • @mrtnrdl said:
    Wow, i made it way more complicated than it was. And yeah, it was kinda bad. :(

    Amen!

    sx02089

  • @CeltSec said:
    my hint: look at what you've figured out, and then look at how the snake's chains are created. Don't assume the code is complete or works!

    This is very true. :+1:

    sx02089

  • I got the good job. But what to do after that? any hints?

    sesha569

  • I just did this one. The way you get the username makes sense and the way you can get the password does as well, sort of. The removal of the last part makes no sense to me, and the fact that the code is "broken". What is the point of that? The confirmation of the password done in the code is broken, and the append thing is just, uhm, what is the point? I don't understand the challenge. It just seems silly to me. Some of the other challenges are "real life" like, not like this one. Am I the only one who feels like this? I am new to this whole reverse engineering and stego part of this.

Sign In to comment.