Jump to content











Photo

Challenge #10 - Everything has beauty, but not everyone sees it


  • Please log in to reply
23 replies to this topic

#1 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 446 posts
  • Location:Next Door To you
  • Interests:Interesting Things
  •  
    South Africa

Posted 01 August 2011 - 06:34 PM

"Everything has beauty, but not everyone sees it." - Confucius
Download this
Try it here.

#2 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 02 August 2011 - 08:42 AM

Hi Team-Reboot,

I solved Step 1.

Spoiler


Many Greetings
MichaelZ

#3 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1,427 posts
  • Location:Chennai, India
  •  
    India

Posted 02 August 2011 - 08:45 AM

I solved Step 1.

Congratz........See if u can find any link like earlier challenge.

#4 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 02 August 2011 - 09:13 AM

OK, Step 2 solved.

Spoiler


Many Greetings
MichaelZ

#5 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 02 August 2011 - 09:45 AM

OK, step 3 is solved.
I have the password, but it is not accepted by http://challenge.99k...llenge_Index=10 :) :cheers: :ranting2:

Here is what I did:
Spoiler


Password is also not accepted in lowercase :cheers:

Many Greetings
MichaelZ

#6 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 446 posts
  • Location:Next Door To you
  • Interests:Interesting Things
  •  
    South Africa

Posted 02 August 2011 - 03:42 PM

@MichaelZ
Wow you are fast
the password you found is correct but is encoded...
Spoiler


#7 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1,427 posts
  • Location:Chennai, India
  •  
    India

Posted 02 August 2011 - 04:41 PM

4) RotX the text using Mopsos (geocaching application), finding Rot33 gives text
THE ARCHIVE PASSWORD IS ALPHAWORKS

I didn't get this part. Can you please explain?

#8 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 446 posts
  • Location:Next Door To you
  • Interests:Interesting Things
  •  
    South Africa

Posted 02 August 2011 - 04:46 PM

its the same idea as Caesar's Cipher Challenge

#9 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12,446 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 02 August 2011 - 04:58 PM

After several trials, I got:

Warning: mysql_connect() [function.mysql-connect]: Too many connections in /www/99k.org/c/h/a/challenge/htdocs/Connections/connChallenge.php on line 9

Fatal error: Too many connections in /www/99k.org/c/h/a/challenge/htdocs/Connections/connChallenge.php on line 9

:dubbio::dubbio:

Are there only 9 trials?
Caesar needs 26!

Peter

#10 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1,427 posts
  • Location:Chennai, India
  •  
    India

Posted 02 August 2011 - 05:01 PM

After several trials, I got:

:dubbio::dubbio:

Are there only 9 trials?
Caesar needs 26!

I apologize, the free hosting site puts a ban on the number of parallel connections that can be made to the database. I can't help you much as of now. Will talk to them to know about the precise limit.

#11 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 02 August 2011 - 05:03 PM

I didn't get this part. Can you please explain?

One of the easier ciphers to decode is RotX. As Holmes.Sherlock mentioned Ceasar is a well known one, it is Rot3. Another well known one is Rot13 which was used in early days of UseNet (does anyone still know NNTP?). With RotX the text is shifted by an alphabet with X steps. Usually the alphabet is 26 characters a-z. So Rot13 is shifted by half the alphabet and can be easily coded and decoded with a table like this:

A|B|C|D|E|F|G|H|I|J|K|L|M

-------------------------

N|O|P|Q|R|S|T|U|V|W|X|Y|Z

(C is P and S is F)

and Rot4 would be

A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z|A|B|C|D

        A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z


To decode the text in this challenge I used an alphabet with 36 characters a-z0-9. Testing Rot33 gave a good result. The tool Mopsos makes it easier to check different alphabets with different shifts.

Many Greetings
MichaelZ

#12 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1,427 posts
  • Location:Chennai, India
  •  
    India

Posted 02 August 2011 - 05:08 PM

@MichaelZ


Then can you please post a link to the Mospos tool just for the record? This way, when we'll wind up bits & pieces, it's become easier.

#13 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 02 August 2011 - 05:12 PM

@MichaelZ


Then can you please post a link to the Mospos tool just for the record? This way, when we'll wind up bits & pieces, it's become easier.

It can be found at http://mopsos.net'> http://mopsos.net.
I'm afraid that there is only a German version available. The tool needs to be registered (free of charge), otherwise it will stop working after about a month.

Many Greetings
MichaelZ

#14 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 446 posts
  • Location:Next Door To you
  • Interests:Interesting Things
  •  
    South Africa

Posted 02 August 2011 - 05:19 PM

Here is a link to a simple Caesar Cipher
http://www.softpedia...Simulator.shtml

#15 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 02 August 2011 - 05:20 PM

Not OK, no further step so far solving the challenge.

Spoiler


Many Greetings
MichaelZ

#16 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12,446 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 02 August 2011 - 05:21 PM

Is MosPos output logically different from this?
Attached File  challenge.gif   14.9KB   18 downloads
Peter

#17 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 02 August 2011 - 05:36 PM

Is MosPos output logically different from this?

Using Mopsos I decoded the string

Wkh dufklyh sdvvzrug lv doskdzrunv

found as stegano in new.png.

Many Greetings
MichaelZ

#18 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,958 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 02 August 2011 - 06:20 PM

Using Mopsos I decoded the string


Wkh dufklyh sdvvzrug lv doskdzrunv

found as stegano in new.png.


At first sight it does look a lot like Vogon's Poetry :dubbio:
http://en.wikipedia....ki/Vogon#Poetry
but WITHOUT a babelfish! :whistling:

:)
Wonko

#19 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 02 August 2011 - 08:28 PM

OK, solved.

Spoiler


Many Greetings
MichaelZ

#20 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 446 posts
  • Location:Next Door To you
  • Interests:Interesting Things
  •  
    South Africa

Posted 02 August 2011 - 08:35 PM

@MichaelZ
or Google it..
Great Work!!
I thought it would take days to get solved

#21 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 03 August 2011 - 06:10 AM

I just came to my poor computer, calculating all night. It had found the correct word in the mean time since it doesn't have so many characters. Probably I should have used the dictionary attack first. I just checked that the word is contained in the word list.

Many Greetings
MichaelZ

#22 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1,427 posts
  • Location:Chennai, India
  •  
    India

Posted 03 August 2011 - 06:15 AM

I just came to my poor computer, calculating all night. It had found the correct word in the mean time since it doesn't have so many characters. Probably I should have used the dictionary attack first. I just checked that the word is contained in the word list.

Can you tell us the configuration of the computer, the character set you used & the time taken so that we can have an estimate the feasibility of bruteforcing a password if required in any future competition?

#23 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 330 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 03 August 2011 - 09:56 AM

Can you tell us the configuration of the computer, the character set you used & the time taken so that we can have an estimate the feasibility of bruteforcing a password if required in any future competition?

The (not very up to date) computer has an ASUS P4C800-E Deluxe motherboard with Intel i875P chipset and Intel Pentium 4 3.0 GHz. Memory is 3 GB (2 1 GB PC2700 and 2 512 MB PC3200). Cain & Able doesn't use multiple threads and no GPU. I used a-z0-9 as alphabet and selected word length 1 to 16. Of course the upper limit was absolutely unrealistic set on that computer, its a keyspace of 8.1E24. I don't know how long it took to find the word but it was finished after 12 hours. The display words/second varied quite a few, it was usually around 3.2E6.

Using a more decent computer with multiple cores and nVidia GPU and a software making use of them should be much much faster.

Many Greetings
MichaelZ

#24 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 446 posts
  • Location:Next Door To you
  • Interests:Interesting Things
  •  
    South Africa

Posted 03 August 2011 - 05:01 PM

I have a core to quad (2.93ghz)
I run XP on vmware to attack the passwords (using cane)
due to the limitations of vmware only one core can be used(i have a old version of vmware)
The computed time on a 7 letter password(uncapped alphabetic,numeric brute force)is 2 hours 30 Minuets
I would recommend to google the md5 first before attempting a attack
Then do a dictionary attack (with numbers)
then to a brute force