2 kyu
Ruby’s Eleven
356 of 358duchess_of_objects
Loading description...
Games
Security
Puzzles
Object-oriented Programming
This comment has been reported as {{ abuseKindText }}.
Show
This comment has been hidden. You can view it now .
This comment can not be viewed.
- |
- Reply
- Edit
- View Solution
- Expand 1 Reply Expand {{ comments?.length }} replies
- Collapse
- Spoiler
- Remove
- Remove comment & replies
- Report
{{ fetchSolutionsError }}
-
-
Your rendered github-flavored markdown will appear here.
-
Label this discussion...
-
No Label
Keep the comment unlabeled if none of the below applies.
-
Issue
Use the issue label when reporting problems with the kata.
Be sure to explain the problem clearly and include the steps to reproduce. -
Suggestion
Use the suggestion label if you have feedback on how this kata can be improved.
-
Question
Use the question label if you have questions and/or need help solving the kata.
Don't forget to mention the language you're using, and mark as having spoiler if you include your solution.
-
No Label
- Cancel
Commenting is not allowed on this discussion
You cannot view this solution
There is no solution to show
Please sign in or sign up to leave a comment.
Kind of stuck here. I've been trying to solve it, but I can't figure out what's the security hole in
check_credentials!another hint?Excellent kata. Filled in knowledge gaps.
JSONto the list of frozen modules. With the redefining ofJSON.loadcredentialsobject becomes totally under control, and then it's easy way to all tests pass.This was a rough one... hated it until I got it right, but learned some stuff on the way. thanks @duchess_of_objects
You’re welcome @wkirschbaum, glad to hear you’ve learned a few things on your way!
This comment has been hidden.
This comment has been hidden.
Excellent kata. Although after submitting my cheating solution and reading intended one I feel disappointed I didn't make it "the right way". Still, enjoyed every second of it.
Thank you :)
Such a satisfying kata!
I got 90% of the way through the intended solution, gave up and ended up exploiting a different vulnerability. Lol!
Yay! Nice trick @fylooi :)
Why the test don't pass even though I provide username, password from the SecureLogin::ADMIN in Frontend#given_credentials?
https://www.evernote.com/l/AYOBsQGpQexNub3hg406G6kKJBP9exJLUNQ
@user = user if (user.password == given.password)Why plain user.password is tested for equality against crypted given.password?The
crypt_password!method manipulatesgiven.password, replacing its content with the return value ofString#crypt.So by the time the comparison happens,
given.passwordwill already contain the cryptographic hash.It is unclear when and where code is called/run due to the (presumably intentional) obfuscation.
Finding the solution to this kata felt unrewarding to me.
The provided hints were mostly unuseful, and this kata ended up just being a ton of trial and error attempts to get a direct reference to the
ADMINobject.This comment has been hidden.
I can't believe it took me as long as it did to solve it.
Such a satisfying kata though. Oh man.
This comment has been hidden.
Outstanding Kata. Difficult, and very satisfying once I found the solution. Thanks for making it.
The instructions show given_credentials as a global function, and don't show that it needs to be defined in the Frontend module. It bears mentioning, though.
This comment has been hidden.
Cool kata. Thoughts on my solution? http://www.codewars.com/kata/reviews/5309441451e700dea00000fb/groups/556f7b03f5470dca2a0000b7
This comment has been hidden.
This comment has been hidden.
This comment has been hidden.
Great Kata - another class you might want to consider freezing is JSON - I was able to use that not to complete challenge, but to get login access
This comment has been hidden.
Congrats for becoming a member of Ruby’s Thirteen! :)
Thank you very much for this kata. It was a nice challenge, and after having MonkeyPatched like crazy, I eventually wrote something much simpler...
I cannot find a single vulnerability in
check_credentials!. As far as I can tell, modifying core or app classes is the only way to get logged in at all. How the hell was I supposed to solve it otherwise?This comment has been hidden.
This comment has been hidden.
First 1 kyu Ruby kata?
Whoa! According to the catalog, this kata is well on its way to become the first 1 kyu Ruby kata ever … I’d never expected that!
I’m looking forward to your continued feedback, reviews, and submissions to help Ruby’s Eleven come out of beta!
This was pretty interesting, thanks for the challenge!
That being said, I couldn't personally rank it at 1 kyu. It was quite difficult, but I come from Javascript and have only dealt with Ruby in a few very simple katas. If I hadn't to Google every bit of syntax, I wonder how much easier it'd be.. :P
I find it odd, given Ruby's reputation of insane magic tricks, that a JS background could help so much.
Am I'm just misguided, and they are actually very similar languages?
Hmm, good question :) I come from Ruby and have started learning JS one week ago.
My first impression is that the’re indeed pretty similar in spirit!
Thanks for the feedback – and nice to hear you had fun with the challenge!
Update 2: Hacked!
After over three months and more than 500 submissions, I’m super excited to learn that the vulnerability has now been found and exploited!
Kudos to waterlink who was the first warrior to submit a valid solution that avoids patching any core classes.
Thank you all for your submissions so far … keep on hacking!
Taking a look at this now. Haven't solved it yet and I'm avoiding cheating by metaprogramming my way into the frozen objects, but feedback so far is that working through the code and targetting aspects that turn out to be dead ends has been great fun already.
Thank you Josh! Always looking for feedback to refine this kata so feel free to let me know of any ideas you have!
I think the vulnerability is quite subtle so keep on hunting :)
It’s been a few months. Despite over 100 submissions, no one has found the vulnerability so far …
Hint: For starters, you might want to audit the
check_credentials!method thoroughly.That sounds crazy. It took me less than 10 minutes to find a solution, even if it probably wasn't what you had in mind. Thanks for the Kata anyway, it was refreshing!
This comment has been hidden.
Hi dear and brave beta warriors,
Thanks so much for visiting my kata! I’d love for you to help out improving this during the beta phase. These are the four issues I could use some help with:
How can we clarify the description? Maybe make the back story shorter and/or more interesting?
How can we simplify the vulnerable target code in the
SecureLoginclass? The warriors have no control over theSecureLoginclass, however the description reveals the full source code of the class. I feel that improving this class might be a bit difficult. On one hand, the code needs to be short enough to be interesting. On the other hand, we need to keep around at least a little smoke and mirrors otherwise the vulnerability might become too obvious. Any thoughts?Can you help me fix all the remaining vulnerabilities (except the single one I planted there on purpose)? I want this discussion to be openly visible so I’m not going to reveal the solution here. However, I’m going to comment every valid solution you submit to let you know if the vulnerability you exploited is the one I wanted you to exploit. :)
Which classes/modules/objects do we need to freeze to prevent monkey-patching? This is what I came up with so far (it’s not visible to the warrior):
Feel free to add any thoughts you have. Thank you in advance for your help!
Update: User tiagoefmoraes was the first to exploit a vulnerability I didn’t put there on purpose. (See spoiler comment)
This comment has been hidden.
This comment has been hidden.
Good point Josh! I just updated the kata to prevent access to
ObjectSpace.Hope this fixes the loophole you pointed out.
This comment has been hidden.
Also add Hash into the list of frozen classes.
Setclass is using Hash class under the hood.