Hey all,
So my school uses "text software" for our exams. I want to hack it just to see if I can and it seems vulnerable.
Essentially, the process is as follows:
- 3-5 days before the exam, the exam is available for download on the "test software" app either on Ipad or mac/pc
- On the day of the exam, you are given the password, and this allows you to view and take the exam.
Now, when you download the exam, it actually downloads a physical file in the .xmzx file type, which when you complete the exam is transformed to the .xmdx file type. These are both encrypted, and I assume they are decrypted using some hash algorithm that uses the password from step 2. From what I have gathered from online searches, they are decrypted to XML format.here is a tiny bit from one of the .xmdx files. I don't want to show too much because idk if there are identifiers in it. %@qD�@��
The password given is always 6 characters and alphanumeric with capitals, so there are 61^6 possible combinations. I wrote a simple brute force python script that can run through all those possible combinations in <5 hours. But, as I am not a hacker, I don't really understand how I would go about trying to decrypt these files even if I had the password.
That is where I need some help. How would I go about cracking these files?
[link] [comments]
from hacking: security in practice https://ift.tt/bw5PsdW
Comments
Post a Comment