- Currently Unnamed Contest
- 18 Jun 2020 01:34:45 pm
- Last edited by commandblockguy on 18 Mar 2021 09:57:45 pm; edited 5 times in total
I'm running a contest on my website. It's sorta similar to a CTF, I guess - your goal is to decode and visit a series of URLs. Each URL has a webpage with the next clue and a leaderboard showing who completed each stage and at what time. I'm trying to make these more interesting than just "plug a base64 string into a converter," so many of these will require you to write your own decoder once you figure out how it's formatted. There's currently no prize except karma, though I might give away steam keys in the future.
A few general rules:
A 500 error, or the error page with a cat, will never be part of the contest - if you find one, that means I did my PHP wrong.
HTML comments are also not required to solve the contest, so don't try to use them as clues.
The login system is also not part of the contest.
The URL will start with https://commandblockguy.xyz/c/, and be a PHP file with a name that's 8 random characters long. Guessing URLs won't help you here.
Your URL won't work for anyone else. However, the security on the first stage's URL generation is intentionally fairly weak.
Feel free to work on this with other people, but don't post spoilers in this thread in case someone else wants to do it by themselves.
This isn't a hacking contest - don't try to find vulnerabilities in any of my server software, mass scan stuff, or otherwise try to gain access to the machine.
The contest doesn't work on IPv6. You can't even get the first URL using it, so just use IPv4.
Anyways, here are a few hints for the first section:
I put all of the information you need to solve this in several places a few days ago but then realized that it was probably too subtle if people didn't know that there was a contest going on.
You can find the first URL using only the contents of this page.
The first round's URL will look something like this when decoded: /c/(8 random characters).php?a=(8 characters unique to you)
It will take about 19 hours to get the full URL, if you're working by yourself.
If you can't find any new information, take a five-minute break, then re-read this post.
I'll be watching your progress - good luck!
There are currently three stages. I'll add more in the future, but I'll give some people time to finish the current ones first.
Let me know if anything seems broken - I won't be giving any hints about the puzzle, but if something seems like it isn't working, I can probably fix it.
EDIT0: added a few more hints.
EDIT1: added a link to the main contest page, clarified a few of the general rules. No new hints for stage 1.
A few general rules:
A 500 error, or the error page with a cat, will never be part of the contest - if you find one, that means I did my PHP wrong.
HTML comments are also not required to solve the contest, so don't try to use them as clues.
The login system is also not part of the contest.
The URL will start with https://commandblockguy.xyz/c/, and be a PHP file with a name that's 8 random characters long. Guessing URLs won't help you here.
Your URL won't work for anyone else. However, the security on the first stage's URL generation is intentionally fairly weak.
Feel free to work on this with other people, but don't post spoilers in this thread in case someone else wants to do it by themselves.
This isn't a hacking contest - don't try to find vulnerabilities in any of my server software, mass scan stuff, or otherwise try to gain access to the machine.
The contest doesn't work on IPv6. You can't even get the first URL using it, so just use IPv4.
Anyways, here are a few hints for the first section:
I put all of the information you need to solve this in several places a few days ago but then realized that it was probably too subtle if people didn't know that there was a contest going on.
You can find the first URL using only the contents of this page.
The first round's URL will look something like this when decoded: /c/(8 random characters).php?a=(8 characters unique to you)
It will take about 19 hours to get the full URL, if you're working by yourself.
If you can't find any new information, take a five-minute break, then re-read this post.
I'll be watching your progress - good luck!
There are currently three stages. I'll add more in the future, but I'll give some people time to finish the current ones first.
Let me know if anything seems broken - I won't be giving any hints about the puzzle, but if something seems like it isn't working, I can probably fix it.
EDIT0: added a few more hints.
EDIT1: added a link to the main contest page, clarified a few of the general rules. No new hints for stage 1.