CuriousU daagde studenten uit om door middel van hacken of puzzelen een code te bemachtigen. Met die code kon je je gratis inschrijven voor de summer school. Inmiddels is de ‘hack the discount code’ gekraakt en de winnaar bekend. De Franse student Julien Robert is de gelukkige winnaar van CuriousU. Hij won de prijs door de code te kraken.
Er waren twee manieren om een code te bemachtigen. De eerste manier was via ‘brute force hacking’, oftewel alle mogelijke combinaties van beschikbare tekens proberen om op die manier tot de juiste code te komen. De tweede manier was om een verborgen puzzel op de CuriousU-website op te lossen; meerdere studenten hebben gepuzzeld.
Hoe kraakte Julien Robert de code?
(in Engels)
- I have firstly looked on the contest page and created a dictionary with "crunch" thanks to the hints: start with an X, 6 characters long. I was going to try to bruteforce the password. I have, however, assumed (due to the high number of possibilities) to try uppercase only which led us to 60 466 176 possibilities brute-forcing
- Once I was on the validator page I've seen that there was only a html form so I have looked at the source code to figure out how does it work. Weirdly there was an <html></html> tag inside the page. I tried to figure out how the code was checked and, thanks to the Generate () function and the name of a JavaScript file (bcrypt.js),I have deduced that the hash variable was the bCrypt hash was the hash of the code to found.
- I have chosen to use HashCat to crack this hash because it is the "World's fastest and most advanced GPGPU-based password recovery utility" (a way faster than John the Ripper). However, I was brute-forcing only at 47 words/s (with an i7 6500U).
- Finally, thanks to another hint ("perhaps you might want to try a B as the last character") the number of possibilities decreased a lot which permit to crack the password in less than a day.
Anyway, thank you for that ! I am so lucky to do a CuriousU then a Kick-in and finally a Bachelor at the University of Twente !
Julien Robert is aankomend UT- student die na de kick-in in augustus 2016 aan zijn Bachelor studie Technical Computer Science begint.
CuriousU
In augustus is de tweede editie van de summer school in festivalstijl. CuriousU vindt dit jaar van 14 tot en met 23 augustus plaats. Voor meer informatie kijk op www.utwente.nl/curiousu
