├── README.md └── easter-2025 └── teaser-challenge-solution.md /README.md: -------------------------------------------------------------------------------- 1 | # PHRACK CrackMe Challenges 2 | 3 | ![riddler](https://github.com/user-attachments/assets/9c80821f-7a06-450b-9e64-712fe6beb2ef) 4 | 5 | 6 | Challenges are published by the staff. Your task is to solve them. Not all challenges are announced publicly and some are hidden and you need to find them first. The solution to every challenge is a COLOURED EGG (for example: `You found a YELLOW egg`). First person to submit a Pull-Request with their solution wins. 7 | 8 | --- 9 | ### The current ACTIVE challenge is the [EASTER-2025-TEASER-CHALLENGE](easter-2025/teaser-challenge-solution.md) 🐣: 10 | ``` 11 | ZGlnICtzaG9ydCBlZ2c/Pz8/LnBocmFjay5vcmcgVFhU 12 | ``` 13 | That's all you get. Go find the egg 🥚. 14 | 15 | --- 16 | 17 | ### PHRACK-#72 will contain 3 hidden challenges - RELEASE AUGUST 2025. 18 | 19 | - Three levels of difficulty: easy, mid and ELITE. 20 | - One egg will be hidden in the hardcover release only. 21 | - The CrackMes will be longer and more steps. 22 | - You need to find and solve Egg-#1 to get the clue to solve Egg-#2 etc. 23 | - Glory to the winner, a prize and shoutz on our social media. 24 | 25 | --- 26 | 27 | The CrackMes are the fine work of [@sub_space](https://x.com/sub_space)/[@hxxr](https://bsky.app/profile/hxxr.bsky.social). 28 | -------------------------------------------------------------------------------- /easter-2025/teaser-challenge-solution.md: -------------------------------------------------------------------------------- 1 | ### The challenge: 2 | 3 | 4 | ``` 5 | ZGlnICtzaG9ydCBlZ2c/Pz8/LnBocmFjay5vcmcgVFhU 6 | ``` 7 | 8 | 9 | --- 10 | 11 | ### THE SOLUTION: 12 | 13 | Step 1: 14 | - Recognize that it is a base64 encoded string 15 | - Decode it 16 | 17 | ```shell 18 | base64 -d <<<'ZGlnICtzaG9ydCBlZ2c/Pz8/LnBocmFjay5vcmcgVFhU' 19 | ``` 20 | ``` 21 | dig +short egg????.phrack.org TXT 22 | ``` 23 | 24 | Step 2: 25 | - Recognize that it's a DNS request. 26 | - Recognize that `?` is not a _valid_ character in a domain name. 27 | - Recognize that `?` is a regex placeholder. 28 | - Valid characters are `a-z`, `A-Z`, `0-9` and `-` and `.` (dot)! 29 | - Brute force (roughly) `(26 + 26 + 10 + 2)^4 == 16,777,216` possibilities. 30 | - Or be smart and try `0000` to `9999` first 31 | 32 | ```shell 33 | for n in $(seq -w 0000 9999); do 34 | s="$(dig +short "egg${n}.phrack.org" TXT)" 35 | [ -n "$s" ] && break 36 | done 37 | echo "$n: $s" 38 | ``` 39 | 🖖 Apology to our fine friends at CloudFlare for the extra traffic. 😘 40 | 41 | 42 | Results in the FINAL SOLUTION: 43 | 44 | 45 | # 💥You found a Purple-Green-White Egg!💥 46 | 47 | 48 | CONGRATULATIONS TO 🫡 RT_SABER FOR BEING SO QUICK. 49 | 50 | Thank you for all the other PULL REQUESTS, including d0h1e for a complete RUST implementation (you rock!). 51 | 52 | 👉 Stay tuned for the THREE CRACKME's in PHRACK #72 THIS SUMMER 2025 👈 53 | 54 | 55 | 56 | 57 | --------------------------------------------------------------------------------