hacktracking: # FAQin 2k16: Escape from Matrix

# FAQin 2k16: Escape from Matrix

# curl --user $id:$pass http://faqin.org/freeticket/crypto/index.php
...
 <br />Here is your data to escape from Matrix:<br /><br />
 <pre>
 1q2l2y2l2g2h0w2B2r2x2u0w1v1q0w2l2q0w2w2z2r0w2h2t2x2d2o0w2s2d2u2w2v0w2v2w2r2s0w1E2h2y2h
 2u2v2h0w2w2k2h0w2v2w2u2l2q2j0w2v2w2r2s0w2f2d2o2f2x2o2d2w2h0w2w2k2h0w2k2d2v2k0w2z2l2w2k
 0w1p1E1p2v0w1z1q180w1z1q1a0w1z1q1b0w1F1u1n170w202l2j2h2u0w1F2q2h2i2u2x0w1E2l2s2h1z1q0w
 232k2l2u2o2s2r2r2o0w1u2d2y2d2o0w2r2u0w2d2q2r2w2k2h2u0w2v2w2r2s0w202u2B0w2w2k2l2v0w2k2d
 2v2k0w2z2l2w2k0w2B2r2x2u0w1v1q0w2w2r0w2h2v2f2d2s2h0w2i2u2r2p0w2w2k2h0w2p2d2w2u2l2A0w2d
 2q2g0w2z2l2q0w2d0w2i2u2h2h0w2w2l2f2n2h2w0w2i2r2u0w2w2k2h0w1s1n1D2l2q0w1p2r2q2j2u2h2v2v
 </pre>
...

# cat crypto.py
n = []
n.append('1222220222201102202220222220222220222201222')
n.append('2220222022222202222022222222202220222202222')
n.append('0111201110111011101111022222012222201222110')
n.append('2222222220122220220222222202222022202222022')
n.append('2202222022220110220222222022220222022222202')
n.append('2202220202222022222202220222011122012222222')

l = []
l.append('qlylghwBrxuwvqwlqwwzrwhtxdowsduwvwvwrswEhyh')
l.append('uvhwwkhwvwulqjwvwrswfdofxodwhwwkhwkdvkwzlwk')
l.append('wpEpvwzq8wzqawzqbwFun7w0ljhuwFqhiuxwElshzqw')
l.append('3kluosrrowudydowruwdqrwkhuwvwrsw0uBwwklvwkd')
l.append('vkwzlwkwBrxuwvqwwrwhvfdshwiurpwwkhwpdwulAwd')
l.append('qgwzlqwdwiuhhwwlfnhwwiruwwkhwsnDlqwprqjuhvv')

for i in xrange(0, 6):
  s = ''
  for j in xrange(0, len(l[i])):
    if  n[i][j] == '0':
      result = chr(ord(l[i][j]) - 87)
    elif n[i][j] == '1':
      c = l[i][j]
      if c.isdigit():
        result = chr(ord(l[i][j]) - 6)
      elif c.islower():
        result = chr(ord(l[i][j]) - 45)
      else:
        result = chr(ord(l[i][j]) + 13)
    elif n[i][j] == '2':
      c = l[i][j]
      if c.isdigit():
        result = chr(ord(l[i][j]) + 36)
      elif c.islower():
        result = chr(ord(l[i][j]) - 3)
      else:
        result = chr(ord(l[i][j]) + 55)
    #print n[i][j], l[i][j], result
    s += result
  print s

# python crypto.py
Divide your ID in two equal parts stop Reve
rse the string stop calculate the hash with
 CRCs MD2 MD4 MD5 SHA1 Tiger Snefru RipeMD
Whirlpool Haval or another stop Try this ha
sh with your ID to escape from the matrix a
nd win a free ticket for the FAQin Congress

# input=`echo -n $id | cut -c 1-16 | rev`
# curl --silent --data "input=$input" http://www.nitrxgen.net/hashgen/ | grep "\"exhr\"" |  awk -F '>' '{print $3}' | awk -F '<' '{print $1}' > /tmp/hashes.txt

# cat brute.sh
#!/bin/bash

id="$1"

while read hash; do
  result="`curl --user "$id:$hash" http://faqin.org/freeticket/win 2>&1 | grep -e '401 Unauthorized'`""
  if [ "$result" == "" ]; then
   echo $hash
   exit
  fi
done < /tmp/hashes.txt

# ./brute.sh $id
md4 hash
# FAQin 2k16: Escape from Matrix

No comments:
