An accidental? solution on the road to devious
I tried out the page before even looking at the source, just to see
what it wanted and what its responses were.
First I quickly read the couple sentences on your easy page and
saw it wanted a password. I entered the word 'correct' and got sent
to _tuub_o.htm. Hmm, it looks like a 1 to 1 letter substitution,
it has the same number of letters in each word and the c's become _'s
and the r's become u's. We haven't looked at the source yet so we still
don't know exactly what +his set of letters is.
If we glance at the source we can confirm that a simple letter
is happening based on the string
But why make it hard so quickly, lets forget about the specifics of
the protection for a minute. Lets slow down and re-read what Fravia
actually wrote 'the code works as a generator: if you introduce
the name of a url, you get the password to the url as well,
Wait a minute now, that sounds like he's giving us part
of the answer right here!
So we also re-read the 2nd sentence 'The correct password,
that would land you on my 'devious' page on 20 MARCH 1998, would
land you on vournt.htm on another march day..another, not any other day'
I figured that if the same password would get you to 2 different
pages on different days, then somehow the protection must also use
the date when scrambling the password, this seems re-enforced by the fact
that he emphasizes another day and not any other.
He tells us the protection can be used as a keygenerator.
Now if I want to find the password the the page vournt.htm, I need
to enter the word 'vournt' as the password and get a 404 error,
but write down the page it tried to find. Then I take this page,
which when I tried this on March 4th, I got rsqvjp.htm. So lets
test what Fravia is telling us and enter 'rsqvjp' as the password
and bingo, we land on vournt.htm Now lets examine what he is saying
about March 20th,
'The correct password, that would land you on my 'devious' page
on 20 MARCH 1998, would land you on vournt.htm on another march day'
Ok so on March 4th the password to vournt.htm is 'rsqvjp' I figure ok,
all I have to do is set my clock and find the password to vournt.htm
on each day of the month, 1-31 and then set my clock to March 20th
and try each password. So I start entering vournt as the password
on each day of the month, then on March 30th, I enter vournt and
instead of a 404 error and a password, I get sent to the devious page!
Now I ask myself 2 questions, was my approach correct?
and what the hell just happened?
1st, yes my approach would have worked, Here is a listing of the passwords
for vournt.htm on each eay of March:
On March 10 the password for vournt.htm was lakhtn,if I try that
password on March 20th, it does also bring me to the devious page.
2nd, I guess what I am left asking myself is, is this how Fravia
'happened' to choose the pair 160593 and vournt?