fwiw I was able to get a private key out of the system, but there's no BTC/transactions associated with it. Dunno if that's an error on my part (although the key has a valid checksum) or the wrong key got uploaded.
i took the coins (temp email cikito2131@evoxury.com)
went to the tools site you linked, main page and to the tool that makes pictures from text. pasted into textbox and it wasn't hidden. Spent more time figuring out how to do the wallet stuff
Challenge is back up if anyone is still interested in a try: https://redactsure.com/bitcoinchallenge/
Challenge is back up if anyone is still interested in a try:
https://redactsure.com/bitcoinchallenge/
fwiw I was able to get a private key out of the system, but there's no BTC/transactions associated with it. Dunno if that's an error on my part (although the key has a valid checksum) or the wrong key got uploaded.
i took the coins (temp email cikito2131@evoxury.com) went to the tools site you linked, main page and to the tool that makes pictures from text. pasted into textbox and it wasn't hidden. Spent more time figuring out how to do the wallet stuff
lol that's dumb of me. I figured one of the websites would have a vulnerability like that. Images should be hidden but clearly not!
Anyways. Thanks for the feedback! I'll be back when I add a patch.
bug was literally 1 line of code.
I might be back up today if you want another shot.
I had no idea evil tester website had so many tools throughout it!
Smart people exist.
> 15 minute time limit per session
Why? That's not how security works.
I have to to host a gpu node per session so 15min is to reduce cost and allow more people to try it.
It's not traditional security testing. I want you to break the hiding algorithm which requires no security knowledge other than copy paste and typing.
The private key is in plain text on the instance you can copy and paste it or delete it anywhere you like.
So its over and 3PCVMB3GfvRrMG9cav6EQwSBoWzjS7gLiW got it?
yup if I can fix the problem today I'll launch tomorrow same thing.
If the data exists on the client, isn’t it going to be susceptible to compromise no matter what?
It is not on the client. Challenge is back up please give it a try.
https://redactsure.com/bitcoinchallenge/