Thread subject: Security Override :: Decryption Level 7

Posted by nemesis on 01/23/2011 16:25:55
#1

Hello Security override,
I'm really stuck on this challenges.. i did my best to solve it, but it seems that even my best friend Google can't help me on this :P Is there something i should know ? any details ? articles, anything that helps :) ? It would be appreciated.
Thank you & i really support for this great challenges they are really helping me to know more.. and i just figure out that is the best to learning.. You get stuck ! you are bored ! You seek & then you Congrats, and this way you will never forget it ^^'

Posted by TurboBorland on 01/23/2011 17:45:24
#2

It's a pretty shifty challenge.

http://www.asciitable.com/

Edited by TurboBorland on 01/23/2011 17:45:54

Posted by mandrake on 01/24/2011 02:34:18
#3

TurboBorland wrote:
It's a pretty shifty challenge.

http://www.asciitable.com/


+ calculator :)

Posted by auditorsec on 01/24/2011 09:55:21
#4

I did it without a calc

Posted by Null Set on 01/24/2011 19:22:02
#5

One thing you should know: There's a reason that the form for encrypting a text exists. :P

Posted by MacsBug on 03/25/2011 05:27:54
#6

OK, I am lost here.

I figured out how to decrypt the hash. When I enter the string and encrypt it, I get the proper encrypted string, but when I submit the decrypted string it says that the string is wrong.

I have tried logging out and in several times to see if that helps and I get the same result.

Can anyone point me in the direction of what I am missing?

=========================================================================

Was able to log in the next day and complete this. There must be a bug in the system.

Edited by MacsBug on 03/26/2011 16:43:15

Posted by Sdoba on 06/14/2012 07:43:33
#7

I have the same issue as MacsBug =(

My string is encrypting properly, but when I'm trying to submit answer I got error.

Posted by DreamR4c3r on 06/24/2012 15:17:45
#8

The string resets everytime you submit something it seems, try clearing your history. I believe you have to try it in one go but I'm not exactly sure. :) Anyway clearing the history changes the string.

Posted by fij on 06/28/2012 10:26:39
#9

Code
./7-custom-encryption.pl decrypt "<script>alert('xss');</script>"
Anhmnky9fgjmy#,sxn,$@74nhmnky9




And it does work! (I mean, paste the string Anhmnky9fgjmy#,sxn,$@74nhmnky9 in the form to encrypt it and you'll see)

I know using htmlentities would make this challenge a real pain in the ass, but just wanteed to point that out!

The challenge is now to make more funny strings and to invite people to try them! ;)

Edited by fij on 06/28/2012 11:14:18

Posted by tiiger1111 on 06/29/2012 18:27:41
#10

fij wrote:
Code
./7-custom-encryption.pl decrypt "<script>alert('xss');</script>"
Anhmnky9fgjmy#,sxn,$@74nhmnky9




And it does work! (I mean, paste the string Anhmnky9fgjmy#,sxn,$@74nhmnky9 in the form to encrypt it and you'll see)

I know using htmlentities would make this challenge a real pain in the ass, but just wanteed to point that out!

The challenge is now to make more funny strings and to invite people to try them! ;)


Nice work! :)
I have no idea how you came up with the idea of trying xss in that challenge.. But that's clever!

Edited by tiiger1111 on 06/29/2012 18:28:09

Posted by mohammedtota on 08/21/2012 00:03:29
#11

i got all key decrypted except the character removed, how could i represent the removed in plain text !!

Edited by Null Set on 08/21/2012 12:58:16

Posted by Guest on 08/21/2012 10:05:24
#12

I dont want to promote the lamer-way, but if you dont like the string you were given, you can log out and in again and get a new one. Repeat until you get an easy one, decrypt it, solved.

:-X

Posted by Null Set on 08/21/2012 12:57:35
#13

tiiger1111 wrote:
fij wrote:
Code
./7-custom-encryption.pl decrypt "<script>alert('xss');</script>"
Anhmnky9fgjmy#,sxn,$@74nhmnky9




And it does work! (I mean, paste the string Anhmnky9fgjmy#,sxn,$@74nhmnky9 in the form to encrypt it and you'll see)

I know using htmlentities would make this challenge a real pain in the ass, but just wanteed to point that out!

The challenge is now to make more funny strings and to invite people to try them! ;)


Nice work! :)
I have no idea how you came up with the idea of trying xss in that challenge.. But that's clever!


Clever indeed. This has been patched now though. Thanks for showing it to us. :)

mohammedtota wrote:
i got all key decrypted except the character removed, how could i represent the removed in plain text !!


This is a limitation of the challenge. As such, I eliminated the possibility of the said character from appearing where it shouldn't so that you wont have to worry about non-printable characters :).

Posted by Armageddon on 03/29/2013 01:56:49
#14

I got an answer, if i encrypt it, it gives me the correct output but if i use it to submit answer, it simple doesn't work. Some1 please respond to it.

For those who didnt get this challenge, ASCII table is your best friend. its very simple. Just LOOK UP and DOWN!

Posted by Teddy on 03/29/2013 05:56:46
#15

I got an answer, if i encrypt it, it gives me the correct output but if i use it to submit answer, it simple doesn't work. Some1 please respond to it.

You are joining the IRC frequently if I remember right. So PM me there for help

Posted by Armageddon on 03/29/2013 23:58:12
#16

yea i came at the same time when i posted that thread and Crash was online, I told him and he finished the challenge for me after I rightfully explained him the encryption algo. :D so cheers.!!;)

Posted by shkspr on 05/28/2013 21:43:29
#17

This one drove me nuts for hours till i realized i was further encrypting not decrypting. Once i reversed what i was doing took me about 2 minutes.

Posted by marlene on 06/01/2013 05:03:11
#18

i put abcdefgh in the encrypt box then got \g^i`kbm then i look in the ascii table and convert with - or +5 and got something but when i enter the result;it doesn't work why?

Posted by JohnDoeTheGhost on 11/24/2013 03:08:40
#19

can someone tell me what the second character in the string is 'coz i can't find on the ascii table. I tried these [] but nope, not a match. Lil' help plz.

Posted by Abhinav2107 on 11/24/2013 12:16:38
#20

I believe the strings differ for each user. So, you'll need to show the string.

Posted by 0v3rd0s3 on 11/27/2013 09:09:55
#21

Just paste the encrypted string given to you in notepad++ to see what you are missing..Few ascii characters are not seen .. But never can be hidden with a text editor ..

Posted by BR41N on 05/19/2014 17:16:38
#22

marlene wrote:
i put abcdefgh in the encrypt box then got \g^i`kbm then i look in the ascii table and convert with - or +5 and got something but when i enter the result;it doesn't work why?


because its not like rot13, where encryption is decryption. you don't repeat the process of encryption of a md5-hash to get the PW, don't you? took me some time too;)

Posted by slycross on 06/08/2014 16:48:23
#23

Decryption Level 7 not works -_-

i have the str "XXXXX" -> encrypt with the algorithme -> str to decrypt

so str "XXXXX"= str to decrypt so i have the result but when i upload it's not works =S

Posted by Sweetonionct on 07/03/2014 13:05:11
#24

slycross wrote:
Decryption Level 7 not works -_-

i have the str "XXXXX" -> encrypt with the algorithme -> str to decrypt

so str "XXXXX"= str to decrypt so i have the result but when i upload it's not works =S


I actually ran into a problem like this when I did it. Except I did it manually. What kept happening was a specific character wasn't actually decoding right, despite having cracked the code. I logged out / back in and got a new code to decrypt and it worked.

Before you enter it, it's always a good idea to take your decrypted string and run it through the generously provided encryption algorithm. This is how I found out one character wasn't doing what it should. Eventually you'll get it. You just gotta Bo-lieve.

Posted by cruizrisner on 07/06/2014 17:42:07
#25

yes there actually is an issue with this challenge and some characters not working properly

i.gyazo.com/dc328889e21adf14141aac22411c3341.png

i.gyazo.com/22512c8ef444718e493b3cdbc82d8626.png

as u can see i figured out the answer but it doesnt work, still claims its wrong