[CRYPTO] Walzer



  • How this challenge got approved is beyond me.

  • Who the hell rated this challenge as very easy?

  • Type your comment> @xct said:

    How this challenge got approved is beyond me.

    Yea, I agree. I may not be the best and still learning. But f*** I thought the crypto challenges at work for our CTF were difficult.... I cracked most of those within a couple of minutes and the hardest one taking me an hour and actually using pen and paper. This one... holy hell!!!

    @vancehill said:
    Who the hell rated this challenge as very easy?

    Lol! I saw that when I logged in to... don't know what they had in their water that they were drinking!

    Available to help when I can and know how to help. However do not expect responses right away on these days. Sunday - Wednesday between 7am-8pm EST (USA, Orlando, Fl) as I work those days from 7a-7p and then the ride home. Just a forewarning is all :) Other than that I'll answer ASAP, or when I get home from work.

    CompTIA A+ | Network+ | Security+ | C|EH | CySA+ (In Progress)| PenTest+ (In Progress) |
  • It's clear to me that the one who approved the challenge did not try to solve it without looking at the guide.

    The waltz thing was very confusing to me. To solve this, stack different simple decodings/ciphers and remember the hint at triplets. Then its mostly guessing the right amount and parameters.

  • edited November 2019

    Hoooly fuck, this is definitely the most retarded challenge I have ever done.

    First of all, for the author, I feel sorry for you. I know you have not created challenges before, but hopefully this feedback makes you think twice before creating challenges that make people guess what is going on in your mind. I hope no one else has to suffer the amount of torture we had to go through to solve this challenge. I also hope that this thread has enough hints so that people can solve this challenge without spending more than 5 minutes.

    For the person who tested this, what the fuck were you thinking. Did you even try to solve this without reading the solution? I understand there are some cases where the challenge might be out of our skill level so you have to read the solution, but this was clearly not one of them. Why did you think this was okay for us to solve? I learnt nothing from this challenge.

    Also, I voted this challenge Piece of Cake and I hope everyone does too because it does not deserve a Brainfuck rating for being a "hard to guess" challenge. Maybe I will create a challenge that requires you to guess the number I thought of in my head between 1 and 1000 and call it information asymmetry. For fucks sake.

  • Ffs this one was absolute bs. Such a useless challenge.


  • edited November 2019

    This challenge is barely related to a Waltz, only 100% guessing and slamming ciphers together. The hints also weren't that great... it only threw me off thinking about the beats in a Waltz (which is somewhat related) and the "step side close" for hours (which is useless). I even started drawing diagrams trying to find some square pattern following the footsteps of a Waltz.

    This is definitely the worst CTF challenge I have ever seen. I am not sure what the person who approved this challenge was thinking... if that person was thinking at all at that moment.

    As @sampriti said, please rate this a piece of cake and give it a thumbs down. It is a complete waste of time. Sorry @0xEA31 , I really enjoyed the CTF and Lightweight box (and learned a lot from them!), but this challenge really disappointed me.


  • edited November 2019

    I finally managed to solve this problem. As far as the second step I even guessed myself, using bruteforce so the whole thing is so fucked up that I don't know what to say more about it.

    Thefirst step is obvious, the next is guessing, the third step is backwardbecause the default "non-cypher" has a different shift. And that whole stuff do few times.

    As @sampriti said I can choose random thing to hide with many ciphers and make a challenge. At the end i will public a hint like "you know there's a cipher".

    Finally when i got it i saw that even flag is disabled -.-
    Solving this task is like dancing a waltz to a dubstep.

    If you need help with something, PM me how far you've got already and what you've tried. I won't respond to profile comments. And remember to +respect me if I helped you <3

  • edited November 2019
    At least I learned that also Cyberchef has problems to solve this challenge ;-) If you are facing the same problem (output/download makes absolutely no sense) after you created your recipe manually, just copy/paste the whole cyberchef address in a new browser tab. This should solve it.

    If you need some help => 1) Your findings so far? 2) Your conclusions? 3) Your further ideas?
    RESPECT++ if I was able to help you! => https://www.hackthebox.eu/home/users/profile/139772

    No messages on the wall please and don't message me via HTB chat, please use the forum!

  • I did smt and I got a cipher but IDK how to crack it, anyone help ?


  • edited November 2019
    I agree with @sampriti and @will135 100%. If HTB actually solved this based on the clue "Walzer Style" without seeing the solution , rated it 40pts and published it, then they need their heads checked. There's no way I would have published this puzzle with that clue. Even if I saw the solution without trying to work it out first I wouldn't have green lit this. This is just throwing crap at the wall to see what sticks. There's no fun or reward for that.

    They need better vetting. At least try to solve these before rating and publishing. As said before this challenge was nothing but trying to guess what is in the author's head.


  • Even the flag format was not normal. :D


  • edited November 2019
    @IhsanSencan said:
    > Even the flag format was not normal. :D

    Yeah, it shows the the author didn't really have a good plan, they just chose some algos and parameters and ran with it.


  • noinoi
    edited November 2019

    Anyway I got it, maybe its worst ever crypto challenge in htb.

    If need help ? you can send pm.


  • edited November 2019

    Yeah, I don't know man, but I share the same opinion as my friends @R4J @sampriti @xct . How this challenge got accepted is beyond me and I'm really pissed off at whoever tested this challenge. We shouldn't be mad at the creator, he tried to teach us something. He made a mistake and owned it. But who the fuck tested this crap and thought like "oh yea, this is fucking good, lets smash 40pts on top of it". Well guess what. It's fucking easy if it's fucking solved with a guide. To all the testers, please at least try the challenges without guide. You guys aren't perfect, we know that. But don't fuck us over like this.

    PS: I have a cool crypto challenge for you guys. Guess the number from 1-1337. Send me a DM with your guess. First blood receives a star sticker that says "master at guessing".

    UPDATE: I'm getting a lot of messages of people asking for hints. Here you go: The number is between 1 and 1337.

    UPDATE 2: I'm getting a lot of messages whether 1 and 1337 are included. No, they are not.

    UPDATE 3: Here's a hint. Reverse the following piece of code and you will get the flag.

    import random
    print("HTB{%i}" % random.randint(2, 1337))


  • while challenge.submitted:
  • You may be right, you may be wrong. But you should really support your opinions more politely. That's being said, I leave you all alone.


  • edited November 2019

    Spoiler Removed

    Sorry, I guess :(

  • edited November 2019

    Spoiler Removed

    My bad. Never thought this could be tagged as spoiler.

  • edited November 2019

    What threw me off is that in Waltz you do a certain pattern and then repeat it kind of "backwards", but that never happens here. You're just doing the "equivalent" to the forward movement a few times. I honestly don't think it's a bad challenge, but there could have been more information provided on the steps involved, since at least one of them is found literally through guessing and/or bruteforce.

    Null | Nada- | Zip | Diddly | Zilch+

  • edited November 2019

    Spoiler Removed

    Lol it was not a spoiler. It was other text encoded the same way.

    If you need help with something, PM me how far you've got already and what you've tried. I won't respond to profile comments. And remember to +respect me if I helped you <3


    Respect if i helped you ;)

  • edited November 2019

    Type your comment> @sampriti said:

    Maybe I will create a challenge that requires you to guess the number I thought of in my head between 1 and 1000 and call it information asymmetry. For fucks sake.


    Snake did nothing wrong


  • edited November 2019

    is waltz related to music,dance or just completely random

  • @0xEA31 said:
    As you may have noticed in the video, basic Walzer is a repeated sequence of three steps. The teacher calls them "step", "side", "close".

    Since easy cryptography is involved, you should map these steps with some kind of basic cypher algorithms.

    Looking at the starting position, an educated eye should catch the first "step" immediately. What about the others? You choose, but choose wisely because, after three steps, you have to be in a different place, but in the same position.

    And remember: you're dancing, come on don't be shy, let the music flow and continue. After all, the teacher says: "we can keep that going until the end of the song". And we do know when the music stops, don't we?


  • I hereby want to apologize to the author and the HTB staff for my rage. We shouldn't have raged this hard about the challenge and expressed ourselves in a more polite way. After all this is just a mistake, and we all make mistakes. Let's not discourage the author from making more challenges! I'm sure he got much more in store than this!


  • The challenge playtesters need to learn what "crypto" means. Apart from Optimus Prime, the last 4 crypto challenges released have all been dumb guessing games, and a poor reflection of how fascinating and educational good crypto CTF challenges can be.

  • Still have no idea, should I try rotation and combinations of all pieces of base64 codes?

  • A worthy replacement for snake

  • Any help with this? I have no idea what the hints mean

Sign In to comment.