Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Timed 6 broken


stranac's Avatar
Member
0 0

Timed 6 seems to be impossible to solve right now. It expects all of the url parameters to match, which is never gonna happen, probably because of the way google generates the urls.

Just to show an example of what I'm talking about:

Wrong string, or you went over the time limit! Time to complete by:1362259698 Submitted time:1362259696 Your 'url' input, decoded:/url?q=http://www.informatics.jax.org/&sa=U&ei=8G4yUeuEF6SB4gSl_oEw&ved=0CDEQFjAE&usg=AFQjCNFLtEAbQDNLJHrrbtoXC94nRI0INw Accepted answer: /url?q=http://www.informatics.jax.org/&sa=U&ei=724yUdCcMImRhQeZz4HIBw&ved=0CDEQFjAE&usg=AFQjCNFSTV8cA32fRWV1rSMrcJDoO-MRjw


rex_mundi's Avatar
☆ Lucifer ☆
3,050 6

Not 100% sure why it's doing that, but I noticed that earlier too when I was redoing it in python.

Eventually I did it with cURL instead and I just let my script run 20-30 times till it got one that worked, so while it may be buggy, it is passable.

I know Euforia33 is using python for this too, maybe it's an issue with that?


Euforia33's Avatar
philalethes
0 0

Thank you! I was starting to think I was the only one having a problem with this one. This is the result I just got:

Time to complete by:1362275595<br /> Submitted time:1362275593<br /> Your 'url' input, decoded: /url?q=http://www.thesimpsons.com/&sa=U&ei=Ca0yUbHCF4e4hAeR2oG4Bw&ved=0CBcQFjAA&usg=AFQjCNHHAHupXJSYrpkILidaIRVqZmOLcA Accepted answer: /url?q=http://www.thesimpsons.com/&sa=U&ei=CK0yUcumNMGmhAeh3YCwCQ&ved=0CBcQFjAA&usg=AFQjCNHONWtNhJeO91v8qtfd-nJy6ZI07w

No matter what I do, I can't get all the data to match.?.

Noo, 503! VA


stranac's Avatar
Member
0 0

I ended up putting my code in a loop and caching the accepted answers.

It accepted one of the cached answers, after a few minutes of running.


korg's Avatar
Admin from hell
0 0

stranac wrote: I ended up putting my code in a loop and caching the accepted answers.

That's how I completed the challenge myself. The challenge was changed from it's original version a few years ago and I updated some of the code. If your running a script from the first version it will not work. The challenge can be solved (As of now more than 6 members have completed it), So it will remain the way it is, More of a challenge from the original version anyways.


stranac's Avatar
Member
0 0

korg wrote: The challenge can be solved (As of now more than 6 members have completed it), So it will remain the way it is, More of a challenge from the original version anyways.

I think that's just stupid.

Sure, it can be solved, and yes, it's more difficult. But it's no longer a challenge about googleing(actually searching is just a waste of time), but about caching, and hoping that you'll eventually run into something that gets accepted.

Btw, I know why solving the challenge in php works: it's a bug.

Edit: See your PM's stranac.


korg's Avatar
Admin from hell
0 0

I think that's just stupid

What's stupid is this challenge was changed over 3yrs ago by only_samurai due to multiple CSRF and XSS vulnerablities and Nobody complained until the points reset. I may just change the challenge description.


untitled's Avatar
Member
0 0

The reason this challenge is broken is that Google is including a unique client identifier token for each link. Thus your answers will never be the same as the answer of HBH's server - since they get different client tokens.

There are multiple ways to fix this.

Either use the original links within the <cite></cite tags instead, or strip the unique client token from the result. Either way, loop and brute force should never be a solution to a timed challenge.

Wrong string, or you went over the time limit! Time to complete by:1373191374 Submitted time:1373191371 Your 'url' input, decoded:/url?q=http://fedoranyc.com/&sa=U&ei=zTzZUdfEHMWt4AThvIGgDw&ved=0CEIQFjAJ&usg=AFQjCNGt6C2gZzQMpCGuteX3n2sJ9zh2cA Accepted answer: /url?q=http://fedoranyc.com/&sa=U&ei=zTzZUd-ZCtGf7AbJ7oGwBA&ved=0CEUQFjAJ&usg=AFQjCNE5ia3j4iLLoeZQHg2XLqrczkJxxg


Euforia33's Avatar
philalethes
0 0

It's good to see that someone else recognises that there is a problem with this challenge. When I first completed this in 2009, all that had to be returned was the URL for a given result, there was no client/session tokens or anything tacked onto the end of the result.

I still cannot see how we can return the exact result as it changes for each person and even the server itself. I tested this by taking one of the "accepted" answers and feeding it right back to the challenge page when it asked for the correct keyword and listing number (my previous post has an example of this) , it still didn't work as the information tacked onto the end of the URL on HBH result, had changed VA


ZyrgEr's Avatar
Member
0 0

I actually managed to finish this with just one run (after a many test runs). Was I lucky or has this challenge been fixed?

Either way and besides my newbiness this challenge is definitely worth fixing. I believe the purpose of this challenge isn't getting all those secret and mysterious url parameters which google have putted since they are not static.

Could be easily fixed I believe?


rex_mundi's Avatar
☆ Lucifer ☆
3,050 6

I think korg was going to fix it but had to go into hospital to have his scrotum enlarged.


Ninja's Avatar
Broken Ninja
0 11

sounds legit rex. tee-hee


korg's Avatar
Admin from hell
0 0

Yeah, Stripping the google shit is on my list, I'll give it ago in a bit here.

rex_mundi wrote: I think korg was going to fix it but had to go into hospital to have his scrotum enlarged.

No Rex it was my sinuses but it's nice to know your always thinking about my package. :|


asdfgasdfg's Avatar
Member
0 0

Is this challenge still down? I'm positive I'm faster then 1 sec. How should the url be constructed before encoded? http://www.xxxxxxx.yyy/?


stranac's Avatar
Member
0 0

It's never been down. It's just not working as originally intended. And since it's the admins' view that it's not broken right now, I guess that won't be changing.

If you're just looking for a way to solve this, check my second post in this thread.


Mordak's Avatar
Evil Sorcerer
4,025 18

stranac wrote: And since it's the admins' view that it's not broken right now, I guess that won't be changing.

You would be wrong with that statement. As Korg said its on our list.