[LRUG] Ruby prison escape challenge

Marek L nospam.keram at gmail.com
Wed Jul 11 08:07:06 PDT 2018


FYI:
had to take the whole app down as some people do not understand
english or the sentence
"Don't hack the web app or server" and spoiled the game for others ;/
Will try make new version soon


On Wed, Jul 11, 2018 at 3:55 PM, Murray Steele <murray.steele at gmail.com> wrote:
> Yup, a fun afternoon.  I initially tried adding a public method to prison
> that calls unlock to get around it being private and to do that I had to
> construct an array without commas.  That got me to 59.  Seeing the
> prison.method version from Stephen let me throw away the extra method
> definition and call unlock directly, and this took me down to 50, and that
> “no space for a symbol argument” hint from Paul let me get it to 49.  Par
> with Matz!
>
> I’m willing to pretend that all the payload size versions I saw that were
> smaller than that were all fake (I’m sure that’s not true).  Looking forward
> to hearing about some more innovative solutions.  I’m sure there’s a
> different approach where we can change the prison entirely rather than
> working out how to call unlock on it.
>
> Thanks for the game Marek!
>
> On 11 July 2018 at 16:36, Paul Battley <pbattley at gmail.com> wrote:
>>
>> That was fun. I used a similar tactic, but couldn't get below 50
>> (hint: you can save one byte because you don't need a space before a
>> symbol argument).
>>
>> Unfortunately, someone has properly hacked it and removed the
>> scoreboard data. You could coax the app into revealing the database
>> connection details pretty easily.
>>
>> P
>>
>> On 11 July 2018 at 13:52, Stephen Best <bestie at gmail.com> wrote:
>> > That was really fun, thanks for sharing! Unfortunately I'm getting an
>> > application error when I submit.
>> >
>> > Copying the runtime code you provided I can say this solution "works on
>> > my
>> > machine" :D
>> >
>> > I managed 51 chars. Will you be sharing the solutions soon?
>> >
>> > I've copied Rob's very considerate spoiler mitigation tactic
>> >
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > .
>> > u=prison.method :unlock;u.curry[11]["secret"][self]
>> >
>> > On Wed, 11 Jul 2018 at 14:08, Rob Miller <rob at bigfish.co.uk> wrote:
>> >>
>> >> Nice challenge! Best I can do is 87, thought I suspect there’s a much
>> >> cleverer approach that I haven’t thought of…
>> >>
>> >> My solution (after a few linebreaks so people can ignore spoilers if
>> >> they
>> >> want to):
>> >>
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >> .
>> >>
>> >> payload = Class.new{def
>> >>
>> >> to_str;caller[0]=~/m/?"":"prison.send(:unlock,22,'secret',self)"end;}.new
>> >>
>> >> On 11 Jul 2018, at 11:23, Marek L wrote:
>> >>
>> >> Hello, lrug-ers.
>> >> Hope you are enjoying summer and Ruby.
>> >> I have created a small fun challenge that I thought you may enjoy as
>> >> well.
>> >>
>> >> https://ruby-prison-break.herokuapp.com/escapes/new
>> >>
>> >> So far, Matz broke it with incredible 49 characters!
>> >> Happy hacking and feel free to share.
>> >> Marek
>> >> _______________________________________________
>> >> Chat mailing list
>> >> Chat at lists.lrug.org
>> >> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> >> Manage your subscription:
>> >> http://lists.lrug.org/options.cgi/chat-lrug.org
>> >> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>> >>
>> >> _______________________________________________
>> >> Chat mailing list
>> >> Chat at lists.lrug.org
>> >> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> >> Manage your subscription:
>> >> http://lists.lrug.org/options.cgi/chat-lrug.org
>> >> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>> >
>> >
>> > _______________________________________________
>> > Chat mailing list
>> > Chat at lists.lrug.org
>> > Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> > Manage your subscription:
>> > http://lists.lrug.org/options.cgi/chat-lrug.org
>> > List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>> >
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
>> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>



More information about the Chat mailing list