Ask coding questions

← Back to all posts
Secret Message
Steven_The_GuyT (205)

I got an email this week, containing a secret message! I wasn't able to decipher it, but has anyone else been able? Don't tell us how to(no spoiling), just tell us if you did!

Commentshotnewtop
EchoCoding (256)

The message is very hard to figure out! Great job to everyone who did, but I simply do not have the patience or skill to do so!

mat1 (2711)

If you mean the newsletter, i've only been able to decode the message but it leads to a repl which i haven't figured out yet.

Steven_The_GuyT (205)

@mat1 oh cool! good luck with finding the repl!

mat1 (2711)

@Steven_The_GuyT I've found the repl, but it says to find a security vulernability which I can't find.

Steven_The_GuyT (205)

@mat1 what's a security vulnerability?

ReshiramWolfu (67)

@mat1 Send me the link to the repl, and i will try to find it

mat1 (2711)

@ReshiramWolfu Dm me on discord (mat#6207), we'll be able to work together

ReshiramWolfu (67)

@mat1 Can't get on until Friday, but sure!

MATTHEWBECHTEL (122)

Can I join. I am having no progress XD @mat1

Masy (23)

The .xn-- is a international link i believe

Masy (23)

@MATTHEWBECHTEL If you want to work together lmk and ill give you my hangouts (Cant use discord on a school monitored macbook)

Masy (23)

@MATTHEWBECHTEL [email protected] (Mind all of the little script kiddy wanna be hackers thats an alias gmail account with over a 12 digit password, If you want the email have it i think i have like 2 emails in there)

Masy (23)

@MATTHEWBECHTEL Yes haha id just rather not give out my email that has my server invoices in it

MATTHEWBECHTEL (122)

Ok. I’ll keep a screenshot. @Masy

MATTHEWBECHTEL (122)

Did you not want me to use it to contact you? @Masy

Masy (23)

@MATTHEWBECHTEL ohhh i read that wrong, yeah contact me on there, I thought you meant of my server invoice

MATTHEWBECHTEL (122)

No, I would not invade privacies. @Masy

Masy (23)

@MATTHEWBECHTEL Haha its all good. I get a lil confused some times. When do you think you can message me so we can start working?

IzanLarumbe (29)

🆈🅰🆈🆈🅾🆄🅶🅾🆃🅸🆃--🅱🅰🆂🅸🅲🅴🆁.🆁🅴🅿🅻.🅲🅾

IzanLarumbe (29)

@IzanLarumbe YES I GOT IT BOI
I AM THE FIRST!!!!

IzanLarumbe (29)

@IzanLarumbe `
// Find the security vulnerability and exploit

let express = require('express');
let fs = require('fs');
let app = express();

let password = process.env.PASSWORD;

if ( !/^[a-z]{8,20}$/.test(password) ) {
console.log("Plese setup your password");
process.exit(1);
}

app.use((req, res, next) => {
let start = process.hrtime()[1];
res.respond = (data) => {
res.contentType('text/plain;charset=utf8');
res.header('X-ProcessingTime', process.hrtime()[1] - start);
res.end(data);
};
next()
});

app.get('/', (req, res) => {
fs.readFile('index.js', "utf8", (err, data) => {
res.respond(data);
});
});

app.get('/info', (req, res) => {
if ( req.query.password == password ) {
res.respond(process.env.INFO);
} else {
res.respond("Password Incorrect");
}
});

app.listen(3000, () => {
console.log('server started');
})`

IzanLarumbe (29)

@IzanLarumbe Sad that i don't know json or hijacking json. I am done :3

Steven_The_GuyT (205)

@IzanLarumbe hey i'm on the leaderboard for most upvotes in 30 days!

Steven_The_GuyT (205)

@IzanLarumbe wait you weren't the first. @mat1 found it before you. Look at the top post and it's replies. Sorry!

mat1 (2711)

@Steven_The_GuyT Btw, the competition ended a while ago. The answer was izatimingattacklol, and you had to find it by running a timing attack on the web server. Rob told me I got 4th place, but I never got a reward and he isn't a part of the Repl.it team any more.

mat1 (2711)

@Steven_The_GuyT The creator of the challenge

zephur (0)

I have not had that happen to me. But I have opened my editor from aprevious save that had JavaScript in it that I did not write-- with comments!

IzanLarumbe (29)

I didn't got the email... i am sad.

Steven_The_GuyT (205)

@IzanLarumbe it's ok! Here's the stuff you need to decrypt: xn-----it52acaehokse3db1ckjbm3eba.xn--437hoalg.xn--237hya
!(https://storage.googleapis.com/replit/images/1558359292055_dfa04104ec0bcf3ef3b79aecde9622aa.pn)

IzanLarumbe (29)

@Steven_The_GuyT I just decrypted somthing:
it52acaehokse3db1ckjbm3eba.🆁🅴🅿🅻.xn
a link boi, a emoji based link. I saw that its registred at this web:
https://xn--i-7iq.ws/emojidomain/it52acaehokse3db1ckjbm3eba.%F0%9F%86%81%F0%9F%85%B4%F0%9F%85%BF%F0%9F%85%BB.xn
or something like that.

IzanLarumbe (29)

@Steven_The_GuyT I got it decoded. But i cant read it since it is on an emulator!! :(

Masy (23)

What encryption Method is it using? Does anyone know?

IzanLarumbe (29)

@Masy Emoji based or something like that, i dont really remember...

MATTHEWBECHTEL (122)

I like tried every decryperer I could find and none of them helped me.

MATTHEWBECHTEL (122)

Is this the encrypted message? xn-----it52acaehokse3db1ckjbm3eba.xn--437hoalg.xn--237hya
@Steven_The_GuyT @mat1

MATTHEWBECHTEL (122)

Hm I will check the message and decrypt it the best I can...

SPQR (451)

are we allowed to work together i wonder

Steven_The_GuyT (205)

@SPQR i know right? it's too hard xd