Hello 🧙♂️!
This is an open challenge for those interested in bug bounties. Find a way to decrypt the secret images in this Gist. If you can generate even one of the original images, you win 500 GBP!
Three confidential images are encrypted in two separate attempts.
1- With a base image
PixelLock -e -i ./challenge -o ./challenge/output -b ./tests/images/base_image.png -r 4
Hello 🧙♂️!
This is an open challenge for those interested in bug bounties. Find a way to decrypt the secret images in this Gist. If you can generate even one of the original images, you win 500 GBP!
All of the steganographic images are hiding different secret images.
The samples are encrypted like in this sample below in folder mode where the /challenge folder had the secret images. As this mode executes the encryption operation in one go, the same base image and the password was used.
PixelLock -e -i ./challange -o ./challange/output -b ./tests/images/base_image.png -r 4
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| {%- auth0:head -%} | |
| {% if prompt.screen.name == "device-code-confirmation" %} | |
| <script> | |
| document.addEventListener("DOMContentLoaded", function() { | |
| document.addEventListener("click", function(event) { | |
| // Check if the clicked element is a button within a form | |
| const clickedButton = event.target.closest("form button"); |
| function migrateUsers(user, context, cb) { | |
| if (needMigration(user)) { | |
| // Ignoring how the values are retrieved from the legacy database | |
| var legacyProfile = { | |
| family_name: 'alakus', | |
| given_name: 'saltuk', | |
| user_metadata: { | |
| 'anotherMetadata' : '123' | |
| }, | |
| app_metadata: { |
| // auto linking of accounts is NOT OK in most circumstances. | |
| // "user-initiated" or "prompted" account linking must be preferred. | |
| // https://auth0.com/docs/users/user-account-linking#scenarios | |
| function (user, context, callback) { | |
| console.log(`account-link rule called ${user.user_id}`); | |
| const request = require('request'); | |
| // Check if email is verified, we shouldn't automatically merge accounts if this is not the case. | |
| // Also, the requirement is to link a currently authenticating Enterprise (federated) Account with | |
| // an existing Auth0 Database Account, so thats the only combination we are allowing. | |
| if (!user.email || !user.email_verified || user.identities[0].provider === 'auth0') { |
| async function VerifyJWT (JwtToken) { | |
| const util = require('util') | |
| const jwksClientFactory = require('[email protected]') | |
| const jwt = require('[email protected]') | |
| const verify = util.promisify(jwt.verify) | |
| const jwksUri = `https://${configuration.tenant}/.well-known/jwks.json` | |
| const jwksClient = jwksClientFactory({ jwksUri }) | |
| const getSigningKeys = util.promisify(jwksClient.getSigningKeys).bind(jwksClient) | |
| const signingKeys = await getSigningKeys() |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> | |
| <title>Sign In with Auth0</title> | |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0" /> | |
| <style> | |
| .auth0-lock-name { | |
| font-size: 14px !important; |
| curl --request PUT \ | |
| --url https://saltukalakus.auth0.com/api/v2/branding/templates/universal-login \ | |
| --header 'Authorization: Bearer eyJ..redacted' \ | |
| --header 'Content-Type: text/html' \ | |
| --data '<!DOCTYPE html><html lang="{{locale}}"> | |
| <head> | |
| {%- auth0:head -%} | |
| <script> | |
| {% if prompt.name == "email-verification" %} | |
| console.log("Email-verification: ", "{{ transaction.params.ext-param }}" ); |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>2nd Factor Authentication</title> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" /> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | |
| <style type="text/css"> | |
| html, body { padding: 0; margin: 0; } |