[LRUG] Ruby prison escape challenge

Stephen Best bestie at gmail.com
Wed Jul 11 08:19:51 PDT 2018 

It has been a pleasure pooling obscure Ruby syntax knowledge.

I can't test it anymore since the site is down and I left the code on my
work laptop but taking cues from Paul and Murray I may have found a
solution at 47 chars :O

Can anyone verify if this works?

Re: previous solutions - wasn't `send` banned in regexp?

.
.
.
.
.
.
.
.
.
.
.
.
.
.
u=prison.method:unlock;u[*[11]<<"secret"<<self]

On Wed, 11 Jul 2018 at 16:56, Murray Steele <murray.steele at gmail.com> wrote:

> Yup, a fun afternoon.  I initially tried adding a public method to prison
> that calls unlock to get around it being private and to do that I had to
> construct an array without commas.  That got me to 59.  Seeing the
> prison.method version from Stephen let me throw away the extra method
> definition and call unlock directly, and this took me down to 50, and that
> “no space for a symbol argument” hint from Paul let me get it to 49.  Par
> with Matz!
>
> I’m willing to pretend that all the payload size versions I saw that were
> smaller than that were all fake (I’m sure that’s not true).  Looking
> forward to hearing about some more innovative solutions.  I’m sure there’s
> a different approach where we can change the prison entirely rather than
> working out how to call unlock on it.
>
> Thanks for the game Marek!
>
> On 11 July 2018 at 16:36, Paul Battley <pbattley at gmail.com> wrote:
>
>> That was fun. I used a similar tactic, but couldn't get below 50
>> (hint: you can save one byte because you don't need a space before a
>> symbol argument).
>>
>> Unfortunately, someone has properly hacked it and removed the
>> scoreboard data. You could coax the app into revealing the database
>> connection details pretty easily.
>>
>> P
>>
>> On 11 July 2018 at 13:52, Stephen Best <bestie at gmail.com> wrote:
>> > That was really fun, thanks for sharing! Unfortunately I'm getting an
>> > application error when I submit.
>> >
>> > Copying the runtime code you provided I can say this solution "works on
>> my
>> > machine" :D
>> >
>> > I managed 51 chars. Will you be sharing the solutions soon?
>> >
>> > I've copied Rob's very considerate spoiler mitigation tactic
>> >
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > u=prison.method :unlock;u.curry[11]["secret"][self]
>> >
>> > On Wed, 11 Jul 2018 at 14:08, Rob Miller <rob at bigfish.co.uk> wrote:
>> >>
>> >> Nice challenge! Best I can do is 87, thought I suspect there’s a much
>> >> cleverer approach that I haven’t thought of…
>> >>
>> >> My solution (after a few linebreaks so people can ignore spoilers if
>> they
>> >> want to):
>> >>
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >>
>> >> payload = Class.new{def
>> >>
>> to_str;caller[0]=~/m/?"":"prison.send(:unlock,22,'secret',self)"end;}.new
>> >>
>> >> On 11 Jul 2018, at 11:23, Marek L wrote:
>> >>
>> >> Hello, lrug-ers.
>> >> Hope you are enjoying summer and Ruby.
>> >> I have created a small fun challenge that I thought you may enjoy as
>> well.
>> >>
>> >> https://ruby-prison-break.herokuapp.com/escapes/new
>> >>
>> >> So far, Matz broke it with incredible 49 characters!
>> >> Happy hacking and feel free to share.
>> >> Marek
>> >> _______________________________________________
>> >> Chat mailing list
>> >> Chat at lists.lrug.org
>> >> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> >> Manage your subscription:
>> http://lists.lrug.org/options.cgi/chat-lrug.org
>> >> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>> >>
>> >> _______________________________________________
>> >> Chat mailing list
>> >> Chat at lists.lrug.org
>> >> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> >> Manage your subscription:
>> http://lists.lrug.org/options.cgi/chat-lrug.org
>> >> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>> >
>> >
>> > _______________________________________________
>> > Chat mailing list
>> > Chat at lists.lrug.org
>> > Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> > Manage your subscription:
>> http://lists.lrug.org/options.cgi/chat-lrug.org
>> > List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>> >
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
>> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20180711/d101d494/attachment-0002.html>

More information about the Chat mailing list