- #1
jegues
- 1,097
- 3
I'm doing an online "hacking" challenge and I'm trying to get to the next level.
On the current level, we're given the Caption "Think fast", asked the following question,
"What is element x in the Fibonacci sequence, where element zero is 0?"
Where x is randomly generated.
When I compute the answer and submit it, it prompts me with another itteration of the question above (with a different value for x) and it says "Didn't answer fast enough". I've tried submitting answers as fast as I can with no avail, so there must be another way.
If we view the source code of the page, we see the following:
(I'm only going to post the portion I think is interesting/relevant)
So my next idea was to edit the timestamp by changing the information contained in the url, like so
(Just an example to explain my doing, may not match answer, timestamp, hmac listed above in code)
http ://www.skullspace.net/2011/08-batman/herecomes9.php?answer=1×tamp=1&number=1&hmac=e41bd1f9093a67b70ce9316b19abc1862ec35c5c0f746444d8018286bf19d9adb05a652c46b5de53b2d4fd6bfb2c1f848c8dc92a54e84d042953d6b48b30b0f9
If I submit that into my browser, we are given the caption, "Don't try to be clever, the HMAC has to match the parameters you were given."
This is where I'm stuck.
Does anyone have any ideas or hints as to how I can proceed to the next level? Can I somehow make the HMAC match? Is there another way entirely?
Thanks for the ideas/input/help!
On the current level, we're given the Caption "Think fast", asked the following question,
"What is element x in the Fibonacci sequence, where element zero is 0?"
Where x is randomly generated.
When I compute the answer and submit it, it prompts me with another itteration of the question above (with a different value for x) and it says "Didn't answer fast enough". I've tried submitting answers as fast as I can with no avail, so there must be another way.
If we view the source code of the page, we see the following:
(I'm only going to post the portion I think is interesting/relevant)
Code:
<form action="herecomes9.php" method="get">
<input type="text" name="answer" />
<input type="hidden" name="timestamp" value="1311528704" />
<input type="hidden" name="number" value="274" />
<input type="hidden" name="hmac" value="6d423e4405ceb79022662fbf5d1d2885c51b6ada2ad5e99500a3fbc4d0170b4fd9c7fd22af9a7e542617a5924586ca7e41860e17289120d1a899f1bcac007df3" />
<input type="submit" value="Answer" />
</form>So my next idea was to edit the timestamp by changing the information contained in the url, like so
(Just an example to explain my doing, may not match answer, timestamp, hmac listed above in code)
http ://www.skullspace.net/2011/08-batman/herecomes9.php?answer=1×tamp=1&number=1&hmac=e41bd1f9093a67b70ce9316b19abc1862ec35c5c0f746444d8018286bf19d9adb05a652c46b5de53b2d4fd6bfb2c1f848c8dc92a54e84d042953d6b48b30b0f9
If I submit that into my browser, we are given the caption, "Don't try to be clever, the HMAC has to match the parameters you were given."
This is where I'm stuck.
Does anyone have any ideas or hints as to how I can proceed to the next level? Can I somehow make the HMAC match? Is there another way entirely?
Thanks for the ideas/input/help!