How I passed technicalseo.expert (level 2)

Introduction

Continuing the exploration of the puzzle technicalseo.expert which will be broken in the most non-trivial way.

The previous level and a little more about the puzzle itself in the first post: link

Warning!

If someone wants to personally go through this challenge – it is contraindicated to read further. There will be screenshots and more.

Also, I apologize to SEO, I do not quite understand the essence of what I have done in terms of SEO. If I offended anyone, I apologize.

Level 2

Let’s start breaking level 2 with the final message of level 1. It is there that there will be a link to the beginning of the second level. Which? I hope the readers of the first part have already guessed.

Go to our favorite Developer Tool of our beloved Google Chrome and look at any interesting activity. But the interesting activity is the rain of zeros and ones. Let’s try to find this case on the page.

		<!-- Matrix Rain; Maybe something to see here people. -->
		<style>
			body {background: black;}
		</style>
		<script>
			function draw(){
        ctx.fillStyle="rgba(0, 0, 0, 0.05)",ctx.fillRect(0,0,c.width,c.height),ctx.fillStyle="#0F0",ctx.font=font_size+"px arial";
        for(var a=0;a<drops.length;a++)
        {
          var b=j[Math.floor(Math.random()*j.length)];
          ctx.fillText(b,a*font_size,drops[a]*font_size),drops[a]*font_size>c.height&&Math.random()>.975&&(drops[a]=0),drops[a]++
        }
      }
      var c=document.getElementById("c"),ctx=c.getContext("2d");
      c.height=window.innerHeight,c.width=window.innerWidth;
      var j="01110100 01101000 01100101 00100000 01100001 01100100 01110110 01100101 01101110 01110100 01110101 01110010 01100101 00100000 01100011 01101111 01101110 01110100 01101001 01101110 01110101 01100101 01110011 00100000 01100001 01110100 00100000 00101111 01110000 01101100 01100001 01111001 01100101 01110010 01110100 01110111 01101111 00101111 01110011 01110100 01100001 01110010 01110100";
      j=j.split("");
      for(var font_size=10,columns=c.width/font_size,drops=[],x=0;x<columns;x++)
        drops[x]=1;
      setInterval(draw,33);
		</script>

We find suspicious numbers and immediately send them to the script from the first part (although formally we have not started the second one yet)

kek = []
lol="01110100 01101000 01100101 00100000 01100001 01100100 01110110 01100101 01101110 01110100 01110101 01110010 01100101 00100000 01100011 01101111 01101110 01110100 01101001 01101110 01110101 01100101 01110011 00100000 01100001 01110100 00100000 00101111 01110000 01101100 01100001 01111001 01100101 01110010 01110100 01110111 01101111 00101111 01110011 01110100 01100001 01110010 01110100"
for x in lol.split():
    kek.append(x)
lol=""
for x in kek:
    lol+=chr(int(x,2))
print(lol)

As a result, we get the message: “the adventure continues at / playertwo / start”

Follow the link and see the video. Star Wars? Another dead franchise. But let’s go!

Breaking the game completely!

Then the most magical part begins. The game was broken and essentially not played. Nevertheless, I can boast of one of the fastest passage – 20 minutes, 15 of which I drank tea and candy in the kitchen to relax. If someone is waiting for a normal passage with solving problems from the author – not in this article.

I informed the author of the game and even one of the testers about the discovered vulnerability – but there was no reaction from them. In addition, taking into account the nature of this site, namely breaking the “system” and solving IT problems, I have every moral right to consider this part of the game not a bug, but a feature.

So fasten your seat belts – we are going into dusk.

Closer to the point …

Let’s start playing with links … and win the jackpot!

Gorgeous! The link “/ playertwo /” is much more interesting than the video itself. In the same place, we see the answer to the first problem about which the Lego troopers spoke, which once again confirms our guess. Shtosh … It will be an easy walk.

We copy the contents of the table to Google Tables and pull out the extensions using the formulas:

We filter the most interesting and get …

It remains to check 17 pages, since in the first column we have continuous hyperlinks and it will not be difficult to follow them. As a result, we find the following message on one of the pages:

Below are a few more letters and congratulations on completing the second level. Oh, and another gift – a badge)

The second level is behind. The third is left! Where is the link to it? In robots.txt

# Start Level 3 Here: https://technicalseo.expert/final-problem/dontblink  
## Note: Level 1 and 2 have ~10-20 challenges to complete. 
## 		 Level 3 has 10-15 challenges. I opened up level 3, since it's designed to be unnaturally hard.

user-agent: *

Disallow: 

sitemap: /sitemap.xml 

# Level One Clue: The spaces between words are removed, no hyphens. 
# 
#      /    
#     /     
#    / /   
#   / ____  
#  /_/    _
         
##############################
# Created by: 
#   Alexis Sanders: https://twitter.com/AlexisKSanders
#
# Thank you to our part 2 beta testers:
#   Max Prin: https://twitter.com/maxxeight
#   Dave Thomas: https://www.linkedin.com/in/dave-thomas-2448058/
#   Brian Barna: https://www.linkedin.com/in/brianbarna/ 
#   
# Thank you to our part 1 beta testers:
#   Masaki Okazawa: https://www.linkedin.com/in/masakiokazawa/
#   Steve Valenza: https://www.linkedin.com/in/stevevalenza/
#   Max Prin: https://twitter.com/maxxeight
#   Kyla Becker: https://www.linkedin.com/in/kylabecker

Now I am showing the full version of it, we are already ready for the third test!

Morality and PS

First of all, I wanted to ask the Habr community: do I honestly consider myself to have passed the second level? In my opinion – yes, but if you think otherwise – I would like to hear your position, perhaps I will change my mind.

What I want to say after the second level. I am completely satisfied with the style of the passage, but in essence disappointed. Expected riddles, but got exploited. On the other hand, this once again confirms that you need to be careful when setting up servers, otherwise you can show a little extra.

In addition, this is apparently a fundamental position in the software settings of the author of this problem, it can be seen by the reaction to the link: “/ fr /” – a piece from the long link to the puzzle “/ fr / bienvenueaupaysdesmerveilles” from the first part.

And for the very curious – no, the third part will be better hidden.
“/ final-problem / dontblink” is a complete link, and the vulnerable piece “/ final-problem /” leads to the page:

Most likely, I’m not the first to notice this vulnerability, so I have one more reason to show it all the same. I hope we will learn a very important lesson from this task, more important than the skills that were declared for its solution.