HACKVent 2014 - Day 08 writeup
I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).
Here’s the write-up for the first “medium” challenge at day 8, which consist of running potentially malicious arbitrary code on your machine.
Pearl Threading Part :
For the Day 08 Hackvent challenge, we were given the following instructions :
The candle-like code look a lot to me like this one :
Beware, this is a fork bomb ! This string has historically been sent to as answers to real-world linux problems, as a prank in order to educate linux newbies about the dangers of running arbitrary code from a Internet stranger. For information, this prgram replicates itself until it exhausts the host’s resources (ram, processes, handles, etc. ). A real nasty piece of software.
So what’s I am gonna do about the unkknown candle program ? run in bash of course ! Well I didn’t corrupt my computer, since it didn’t really run : an error was detected. That’s when you have to use a clue in the title “a PEARL white candle”. Okay, this hint is as subtle as a hooker’s makeup. You have to run the code with Perl.
So, this program doesn’t work either, but I don’t care since I got the body of the code, in human-readable format. From what I read, I assume I need $a to be equal to
"0BZMNDSFZNQOBNDOFGSN1SFZ!" at the end in order for the script to print “right”. I guess the corresponding $a input should be the winning text used to get the validation qr-ball.
chomp function is only here to strip any return char in the input, the major transformation is done in the
$a=~tr/A-Z a-z/\"-;N-ZA-M/; part. The tr function in Perl is used to translate a charset into another one, using relative position of char as table. For exemple
tr/a-e/1-7/ transform the text “deadbeef” into
"4514255f". At first I tried to find the reverse table to invert the tr function, but I quicky said fuck it and did it by hand :
As you may read, the right answer was :
Only perl can parse Perl!. Which is right.