Interesting thing I just found but can't figure out. If you look at OkCupid's page source (view-source:https://www.okcupid.com/home), the top has an ASCII picture of what looks to be a Macintosh, with:
WOULD YOU LIKE TO PLAY A GAME?
596d 6c30 4c6d 7835
4c7a 4a32 6258 5a45
5a6a 514b
written on the screen. I can't figure out what the numbers are, they're like a hash but none that I can find, except for a Bitcoin address - https://blockchain.info/address/596d6c304c6d78354c7a4a3262585a455a6a514b
Anyone else have any clue what this is?
>>61754602
If it is a hash, it looks like SHA-1 (40 chars).
If you convert the hex to ascii you get Yml0Lmx5LzJ2bXZEZjQK.
>>61754846
Base64 decode that ascii and you get a bitly link that takes you to quiz.okcupid.com/letsplayagame/
>looks to be a Macintosh
Nah bro, that's totally an HP.
>>61754846
It doesn't seem to actually be a hash, just look like one as it doesn't decrypt.
>>61754923
Ah, there we go. I'm guessing this is just another hiring quiz thing.
>>61754923
Interesting, the jpeg looks really weird at the bottom, probably a hidden message?
>>61755012
Open the jpg in a text editor and look at the metadata in the xml at the top
specifically the "password" metadata field
>>61755012
The whole thing is really noisy. I'm guessing the password for the first zip, "quebra" is either in there or points to it.
>>61755049
>>61755045
IHuCponG+Z
Doesn't work for any of the zips
>>61755045
Jesus christ I'm retarded, I actually hexdumped it, but just glossed over it and started trying to find steganographic data
>>61755083
That might still be necessary, since the password in the metadata doesn't seem to do anything and the jpeg has "flag.txt" show up in it twice at the end of the file.
flag.txt is also the name of the only file in quebra.zip
Why would OKC want to hire someone with this kind of skillset anyway?
>>61755083
>>61755121
Yeah, the password was just put in the metadata using ExifTool, so there still could be stuff in the image itself.
>>61755132
>>61755121
The EOI bytes for jpeg are FF D9. Everything after that has been added (this is where you see the flag.txt reference).
50 4B 03 04 14 03 01 00 00 00 B1 70 F8 4A 31 31 45 F2 23 00 00 00 17 00 00 00 08 00 00 00 66 6C 61 67 2E 74 78 74 E8 C4 CA 6A 30 A8 64 AC 77 AF 21 E1 EE 10 06 9B 41 42 22 A2 1C E9 78 B8 9B 02 AF DB FF 69 9C E1 92 E7 69 50 4B 01 02 3F 03 14 03 01 00 00 00 B1 70 F8 4A 31 31 45 F2 23 00 00 00 17 00 00 00 08 00 24 00 00 00 00 00 00 00 20 80 A4 81 00 00 00 00 66 6C 61 67 2E 74 78 74 0A 00 20 00 00 00 00 00 01 00 18 00 00 6B D9 71 A7 04 D3 01 00 69 CF 4A A8 04 D3 01 00 6B D9 71 A7 04 D3 01 50 4B 05 06 00 00 00 00 01 00 01 00 5A 00 00 00 49 00 00 00 00 00
>>61755170
Alright cool. the rest of the file is a zip that contains flag.txt which just says "Never tell me the odds."
>>61755202
Yeah, I just got that, too.
>>61755202
>Never tell me the odds
Using "Never tell me the odds" as the password for quebra.zip gives a new flag.txt with the contents "dc40b85276a1f4d7cb35f154236aa1b2"
>>61755202
What was the actual password for quebra.zip?
>>61755236
decoding "dc40b85276a1f4d7cb35f154236aa1b2" as hex doesn't seem to result in anything particularly meaningful
>>61755236
That's a hash that decrypts to "abgrtyu", which is a common password and opens the init.zip
>>61755268
>>61755268
md5 hash for "abgrty"
>>61755202
If quebra.zip contains the same data but uses a different password, I wonder if that's sufficient information to determine quebra.zip's password? Which would likely also be the password for another file.
>>61755236
>dc40b85276a1f4d7cb35f154236aa1b2
MD5 hash for abgrtyu
Can't try unzipping the files, xarchiver is fucking up on me, anyone can try that as password for the second zip?
>>61755295
Sorry, I hadn't read the updates to the thread. This post was dumb.
>>61755300
Great work, that opens init.zip
>>61755277
"Password" appears 20 times in hackpw.txt
Line 20 is: login
MD5 is: d56b699830e77ba53855679cb1d252da
>>61755329
But that doesn't seem to work as the key for map.zip. Adding a newline to "login" to get a different md5 doesn't work any better
>>61755300
It is, I posted as above here >>61755277
So now it has some instructions but I didn't get them to work.
---
Perform the following steps to obtain the key:
* count the number of times the word password appears in hackpw.txt, this will be $a
* take the md5 of line $a from hackpw.txt to create $b
* use $b as the key
---
"password" shows up 28 times, line 28 is
"wont allow anonymous logins. If this is true try getting an account on the system."
and the md5 of that is "a72bb057359c22d578668e8ae1f38041" which doesn't work as a password.
>>61755350
>"password" shows up 28 times
What? it shows up 20 times
>>61755329
Notepad++ tells me it comes up 28 times, not 20. How did you get that?
Also I think we need to open almost.zip to get the ps.txt first, before map.zip
>>61755350
>>61755370
it depends whether you're doing a case insensitive search or not. "password" shows up 20 times. "[pP]assword shows up 28
>>61755370
If I count it myself I come to 24, this is weird.
>>61755348
Yeah... maybe it's for something else
readme says to use it as " the key" not password...
>>61755370
grep -c "password" hackpw.txt
what
>>61755370
The hash for line 28 is 024b0350a988f8150501ac685e2811da
it opens ps.txt
>>61755387
> -c, --count print only a count of matching lines per FILE
Not matching words, oops.
>>61755431
Ah, so it was 28 I just got the wrong hash somehow. Where/how did you get yours?
Well I got traffic.pcap, but I'm not familiar with tcpdump so
>>61755431
http://quiz.okcupid.com/letsplayagame/mmsf.jpg
>>61755431
There's a curl to http://quiz.okcupid.com/letsplayagame/mmsf.jpg
>>61755445
Did you include the newline?
>>61755422
At least we now know this is a new quiz, the EXIF on this says July 24th, and that it was edited with Photoshop on a mac.
>>61755446
How did you get map.zip open?
>>61755432
Ah, yes. My mistake.
>>61755479
see the squares at the bottom of mmsf.jpg? They're binary
>>61755495
At the top too.
>>61755495
I actually didn't even see the squares, wow.
>>61755495
>>61755500
>>61755504
The top is just repeating 1 and 0, the bottom says "Rokkuman".
>>61755422
this was a good game
>>61755500
The ones at the top don't have any information in them.
Anyway the pcap has some urls in it, one has a new zip and one has a text file containing the password, but the zip has an ELF binary in it and I'm not going to run unknown binaries so I'm out
>>61755495
Oh, I was stuck in the hex editor, didn't even pay any attention to this weaboo shit lol
>>61755526
The urls are:
http://www.flyingmonkeyarmy.com/
http://quiz.okcupid.com/letsplayagame/b95a15758fae595d.txt
http://quiz.okcupid.com/letsplayagame/dbb50308ffed3da0.zip
>>61755526
e4b2c3c2b4ccc2b8
>>61755567
>>61755568
The text string is the password for the zip, it only has a solveme file. I don't know what it is at this point.
>>61755584
It's a linux executable. Run it.
>>61755592
I don't use linux (inb4 reactions) but I guess I could spin up a vm for it.
>>61755607
linux is gay anyway brah
>>61755422
Man i loved those game as a kid and Luna platz was cute af too
>>61755607
>>61755592
Looking at disassembly, it's basically hundreds of add instructions and a few jumps thrown in every now and then, probably manually calculating a number or something?
>>61755567
You have completed this game.
Would you like to keep doing infosec work and get paid for it?
Good news! We're hiring a Linux Security Engineer!
Send your resume over to [email protected] to apply.
Please put "SECURITYNINJA" in the subject.
Wow it's fucking nothing.
>>61755607
strings, m8This is not the function you are looking for.
>>61755656
So it's just a more obtuse way to see this:
http://jobs.jobvite.com/okcupid/job/oUMl5fwQ
>>61755656
forgot image
>>61755656
I was about to post this as well.
You can find it by just looking at the content of .rodata in solveme (opened as an archive in 7zip.)
You don't even have to disassemble or reverse engineer the binary, lel.
Well this was fun /g/. I totally called it at the beginning that it was a hiring thing >>61754952
>>61755722
Well yeah no shit
>>61755733
What the fuck did you reply to all the posts for, retard?
>>61755733
>look mom I did it again
>>61755743
Because, just ignore it.
>>61755722
What other reason would OKC have to put up a puzzle like this in their source code?
>>61755722
It shows us old decrepit faggots that we still got it in us.
>>61755750
So you could access the 2d waifu profiles instead of the usual 3d trash.
>game solved
>thread instantly dissolves to shit
This is why we can't have nice things
Note how basically no images were posted because people were actually discussing something
>>61755786
puzzles always bring people like us together.
>>61755764
Kek. If only.
>>61755667
lol ouch
>>61755855
I had a lot of fun. I don't know why we don't organize something like this ourselves on a monthly basis.
>>61755656
>Send your resume
Whelp
>>61756101
Well there was that link to the flyingmonkeys thing. I only took a cursory glance but it seems like a new hacking challenge thing.
I know there's others on other sites, but yeah it'd be cool if /g/ mods or whatever made one up for every month.
>>61756139
These challenges are pretty common. Unfortunately, there are rarely any replies.
>>61755667
> A sense of satisfaction that comes from helping millions of people find love
No thanks