Dude read the video discription

I thought of that too. But then you can notice that he shows his approach and what he does first include snippets of his final code meaning it would run a few times before actually deducing the complete code to find a solution. So the indefinite loop kinda makes sense.

actually using for loops give memory errors since that "x" is sometimes too large for the "for" loop to handle so generally while loops are used .but thats what i got to know while i used to write code but i can be wrong too.. iguess but its my opinion

Zuko! I'm proud that you tried the challenge out! What a beast. I was trying something new with this interactive tutorial, and I think that people will certainly learn a lot from doing intro, fun exercises. Thanks for linking me your code. I'm always interested in how people implement their solutions! I have a plan to do a couple more interactive security tutorials in the future that will really get you interested in binary exploits and other security concepts. Beginner friendly CTFs are really hard to find unfortunately. This is why I liked Allan Wirth's Github repo so much! He's the most humble and understanding security researcher, so he created that awesome Github repo to introduce us to web security challenges in a CTF. He taught this workshop at my university a couple of years ago. Most CTFs have a ton of challenges, the majority of which are harder than the challenges in the tutorial. The topics are much more diverse and complex. In this video, I focused only on the most basic web security challenges, but even the web ones in an actual CTF tend to be much more difficult. Allan Wirth helps organize this CTF. But it is really hard! bostonkeyparty.net/ When I first competed in CTFs, Allan brought us and a group of newbies to an on-site CTF at MIT. On-site CTFs are much more approachable than virtual ones because we can ask the developers questions! MIT LL CTF 2013 was the first on-site CTF that I attended, but I don't think that they organize any more. It was super enlightening though: events.ll.mit.edu/mitllctf/ CSAW is a bit approachable, but there are a bunch of very difficult challenges. ctf.isis.poly.edu/ I think that a partly approachable CTF is iCTF organized by UC Santa Barbara, but like CSAW, there are many very hard ones. ictf.cs.ucsb.edu/ If you have Twitter, you should direct message Allan Wirth since he can give you better tips than I can! twitter.com/Allan_Wirth

Alright cool, thanks for the info. Not sure if you knew but I'm the one that sent that thank you tweet earlier mentioning both of you. Might try getting in contact with him to see if he can give me some pointers if he'll respond back. Again, thanks for this, really do appreciate it.

Lol I thought that it was you! I wasn't absolutely sure though. Good luck on your venture. Allan's a great, approachable guy, so he'd certainly be more than willing to answer any of your questions and especially point you to the right direction to get your security game up.

Haha Thanks, hope to see more videos like this in the future.

KEY{GodIHopeYouScriptedThis} KEY{YOURFIRSTKEY}

Same thing happened when I used "admin"

p5eudo nice! I'm betting someone had already used this name and the counter never resets so anyone else after that gets it on the first try.

Hey Ron, I think that there are only 7 on the web page about. And then 3 more or something in the hardstuff.zip. Not 20. That was an old number.

I couldn't see any weird requests either but thought maybe that because I was running chrome in sandboxie however that should not really matter...

I did "esc -> wq" Does that work? How is that different?

Shells use different keyboard shortcuts

No, that's not true. There's only about 7 on the website in total.

I have found *9 so far. I don't know if there are actually 20, though.

Nope, I didn't find anything for the ssh. I DMed Allan Wirth, but I haven't gotten a response yet.

I'm banging my head against the wall with that right now. I'm at 10 keys so far.

i found 6 before i watched the video , now i'm up to 9

BrunoBANNONY AnnoNY what vm program are you using?

You have to locate your .iso file

use Node.js

You need to save it before; press ESC to exit from edit status and then :W (VIM command for write.) and ENTER

@@---Geekdraz--- after that we have to type ctrl z in it ?

cuz it's not how you're supposed to do it: from numbers_helper import * bignumber = 202557564740749725343243267960623572731942487045 num = 18243150071292141317265306851 num2 = 18243150071292141317265306851 / 2 arg1 = int("2") arg2 = int("1") for c in range(2,int(num2)): if (num % c == 0): arg1 = int(c) arg2 = int(num / arg1) print(int2str(bignumber * arg1)) output is "KEY{AreYouAMathMajor?}"

You have the right idea, but the wrong numbers. Find 2 other numbers that multiple to get 18243150071292141317265306851. Also make sure the numbers aren't negative, the conversion function doesn't like negative numbers.

It had been closed

You're right! I forgot about that one! Good job.

how did you find that one?

1. convert the Base64 String inside README to Ascii 2. convert every character in the string to its corresponding integer in the ascii table 3. XOR every number with the corresponding integer of the character '&' 4. Magic!

Bar Yamin, thanks a lot!!! How did you find the character to be '&' in XOR?

Simply loop over all possible characters (there aren't that many options, just brute force it) until you hit something that looks like a key. I printed all possibilities to a file

Here's the script I wrote for it. pastebin.com/hMbPwvxY

Just adding my 2 cents here: We know that the key used is a single character, so each character of the encrypted string is E = K XOR C; I guessed that the first character would be C="K", and the second would be C="E" (because the plain string would with "KEY"); So, the first character XORed with "K" would give us the character needed to decrypt

Mara Jonna Montesa got taken down read description

yeaa

Hie friend you can clone or download it from the link he provided in the information panel: github.com/allanlw/builds-hackme then run it on localhost: Because that link is no longer working from Feb 2019 as he stated in the information panel.

Yep

yes. read the description

Exactly. And that is on way to go about hacking. It's about getting unatuhorized access to things that are not meant to be available to you (but there's vulnerabilities that make the things available).

callekun He kind of did the same thing tho

Hey how did you bruteforce it? can you share your code ?

​@@arcticspacefox864 I just used a for loop from 2 to 182..., printed the int2str of that and broke out of the loop when the first characters were "KEY{". It took 152, 312 or so attempts

same i got the flag by using "test"

u can get with the name u want

Most likely someone solved this key already with the "admin" name

lol

what?

I did most of it in Opera on a Mac but some stuff errored out so I switched to Firefox on OpenSuse to get the rest. Absolute first time trying anything like this. Looking to get some foundational skills to try CTF at an event. Downloading Kali.......

The first 3 keys sound right! Finding the keys in the website is more about practice! Building your skills and introducing yourself to CTF competitions. If you want to get a broader variety of information about hacking in general, you should watch this guy's video. He goes into much more information and talks about broader security exploits: kzbin.info/www/bejne/rJiclIF8hbZ5p68

@@MicrowaveSam hi. I was curious and clicked on the link you sent, but it is down. Do you know where else can we find it ? Thanks in advance

Lol :)

?php=20

Yep, the site uses the name to keep track of who has done how many captchas, I used “allanwirth” and got the key