Hints and Tips for PythonChallenge level 5

This is a page of hints for the Pythonchallenge.com level 5 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Browse the source code for files you can download

Expand for hint 2

Say the challenge name out loud, does it sound like any python libraries?

Expand for hint 3

Think of small preserved cucumbers

Expand for hint 4

The 2nd part involves organising the test

Expand for hint 5

The organised text should spell out a word

Spotting mobile passcodes/patterns from a distance

 

A quick warning to anyone who has a very simple passcode to their phone, you never know when you’re being recorded on camera or being watched across the room, if your passcode to get into your phone doesn’t involve your hand moving around to different keys too much its likely very simple for someone to guess your code. Someone entering the code 123456789 will be obvious to spot by the hand movement, as will someone using a passcode with only 1 digit repeated

As seen here with Lance Gooden unlocking his phone whilst being recorded. even though we can’t see the mobile phone screen it’s fairly obvious what the passcode is:

 

The same applies for unlock patterns which are a simple L or backwards L shape.

In Lances defence this could be a burner phone which only has a Whatsapp chat with the family, or he’s actually far smarter than he appears and has temporarily changed his code for the day if he knew he was going to be recorded. but it does highlight that if you are using a passcode/pattern as your only method of authentication to get into your phone you should try to use different characters as much as possible.

Cracking open recursively nested zip files

Here is a script courtesy of adithyaxx which helped me out recently.

I had a zip file containing hundreds of other zip files all contained within each other. The password for each file was it’s name. Manually typing in each password would have taken far too long, this little script helped automate the process.

It opens up the zip file, reads the file name and truncates the .zip part, then uses the remaining that as a variable for the next password attempt and keeps going until it fails. The useful thing is that is prints out the attempts as it goes along in case there are any hidden patterns in the passwords names you need to pick up on:

unzipping

It runs through about 2-3 unzips every second so a 500 file recursive zip file would take 5-10 minutes to get to the end of, compared with a few hours of working by hand.

Solving crypto puzzles with dcode.fr

If anyone is starting out with crypto security puzzles on sites like hack the box or diving into the world of encryption there’s a site worth taking a look at before you ever need it:

http://www.dcode.fr/en

Don’t be put off that it’s a french site, the link above takes you to the English translated version.

The site holds tools for decoding/encoding practically every type of encryption you will come across in all but the more advanced challenges. Instead of having to write your own tools for a variety of possible ciphers you think the puzzle uses you can stick your text in a bunch of possible decoders on this site and see what comes back with something sensible looking. It’s many times quicker than doing it manually or trying to search for a reliable tool.

All the encoding/decoding happens in the browser so you don’t need to wait for downloads. It’s quick and free. The list of tools it has is massive but some of the ones I’ve used to solve puzzles online are:

Even if you don’t know which Cipher you need for a challenge you can have a browse around this site and get some inspiration for possible cipher methods in a specific category.

As an example of how useful the site is here’s a basic rot cipher code where the letters have been shifted forward in the alphabet, the problem is you don’t know by how many places. Instead of running a rot decoder 26x the site has a brute force feature which will do it all at once for you:

Aopz dlizpal pz clyf bzlmbs

1

2

From that list we can clearly see that the code is shifted 7x and the decoded text is given to us.

 

Review of Udemy course –AZ-300 Azure Architecture Technologies Certification Exam

Overview

I recently passed the AZ-300 and wanted to review some of the material I used to pass it in case anyone else is thinking of taking it and wants some advice on how to prepare.

This AZ-300 course from Scott Duffy is aimed at people wishing to take the Azure technologies exam from Microsoft, the exam itself covers a lot of high level concepts within the Azure system and aims to certify that you understand a wide variety of concepts within Azure at an architect level.

The syllabus is very broad and covers topics from networking, scaling up and out automatically, Security, Migration, Web apps and anything else you’d  expect a consultant to be able to advise on if you were planning on moving to Azure.

scanning-test-1243141.jpg

Pros

  • The course consists of lots of videos split into neat sections covering the entire AZ-300 syllabus
  • The videos are high quality, clearly explaining what Scott is talking about
  • The audio quality is very high
  • Scott has clearly been using Azure for years and you get the impression he is talking about a lot of the topics from experience and not just documentation.

Cons

  • This course is nowhere near enough by itself to pass the AZ-300, the exam is very in depth and asks some awkward questions which this course does not prepare you for
  • The video course is only 10.5 hours, I suspect most people will be putting in 50+ hours of prep in order to pass the exam
  • There is a lack of practical lesson which would help put the course topics into practise.

Verdict

Nobody is going to be passing the exam using just this study guide by itself. As you will need to buy other materials I can’t justify recommending this video series. Instead you should take a look and find a larger and more in depth course which provides lessons/labs to go alongside the theory. It is too easy to halfheartedly nod along to these video lessons without any of the knowledge sinking in.

The course content itself is well made, there just isn’t enough of it to make it worth while. The scenarios that would justify getting this course would be if you already have bought and used a larger 30-40 hour course and want to go over the topics again from a different perspective or if you are not interested in sitting the exam but just want to see what Azure has to offer as an alternative to AWS or on premise solutions.

Buy a larger course first, then some practise labs, then one or two sets of practise exam questions, and if you still need something extra to study after that then this course is the right thing to get.