Official Query Discussion

Official discussion thread for Query. Please do not post any spoilers or big hints.

Comments

  • What technique makes this "easy"? Heck, what technique makes this "medium"?

    Working with an associate we have gone through several layers, using automated and manual techniques, and we're still not there.

    Have we too gone deep into some rabbit hole?

  • Type your comment> @parasamgate said:

    What technique makes this "easy"? Heck, what technique makes this "medium"?

    I'm wondering about this myself. Static analysis is giving me a headache and seems like far, far too much work for an "easy" 40 point Misc challenge.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • edited November 2020

    Hi! I got it minutes ago after thinking about it more than one day, but in retrospective, now I think I could have done this in far less time if I had not lost time in rabbit holes.

    A little hint: The worst thing you can do here is overthink the final steps. Even when you think you have understood what does the script in general, you will need to take some steps back to get what you want (you can think of it as the script sometimes is capable to know that you are meddling with it, and that affects greatly the final result)

    (If this is a very big hint tell me please. This is my first time contributing here and I don't want to ruin the challenge by accident :disappointed: )

  • Fascinating, thank you @eriveros -- I don't think you've given much away at all.

    Could you tell us, knowing the correct technique, how long would it take you to solve another challenge like this?

    How many tools did you use?

  • Type your comment> @eriveros said:

    Hi! I got it minutes ago after thinking about it more than one day, but in retrospective, now I think I could have done this in far less time if I had not lost time in rabbit holes.

    A little hint: The worst thing you can do here is overthink the final steps. Even when you think you have understood what does the script in general, you will need to take some steps back to get what you want (you can think of it as the script sometimes is capable to know that you are meddling with it, and that affects greatly the final result)

    (If this is a very big hint tell me please. This is my first time contributing here and I don't want to ruin the challenge by accident :disappointed: )

    This was actually an amazing hint that doesn't spoil anything. I'd begun to suspect something like this, but hadn't gotten around to actually looking for it yet.

    +respect

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • Got it. If I saw a challenge using the same tactic in the future I could solve it in under an hour for sure, I can see how the blood was had so quickly.

    Not sure this belongs in misc though?

  • @parasamgate said:
    Fascinating, thank you @eriveros -- I don't think you've given much away at all.

    Could you tell us, knowing the correct technique, how long would it take you to solve another challenge like this?

    How many tools did you use?

    I think it would take me at most one hour haha, but it is difficult to not to overestimate your own capabilities after you solve it.

    About the tools, I used just a normal text editor, the Firefox browser javascript debugger, some JS prettifiers found on the web and a reasonable amount of patience.

  • I don't know if I solved it intended way but if yes then thanks @polarbearer for a very nice challenge.

  • Great challenge. Really enjoyed it. The trick was continuing on the chosen path, instead of giving up. As @eriveros mentioned, close to the end there was a bit of a rabbit hole that almost made me jump over the flag itself and pursue something far far outside of scope.

    thanks @polarbearer

  • Nice Challenge, and Done.

    the fake flag was the funnest part of this challenge.

    Hint:

    think like a debugger. the script is smart.

    Try!ng Hard3r, N3v3r G!v3Up.

  • This was a fun challenge! After a first look a month or two ago, it took me less then half an hour to solve it this time, thanks to @eriveros great hint!
    Feel free to reach out via a dm if someone needs a small nudge of sanity check!

    ArtemisFY
    OSCP

  • I found some code, but it gets stuck in infinite loops, would appreciate a nudge!

Sign In to comment.