神奇的工作

今天真是给跪了,一公司发邮件直接过来说Thank you for your interest in the Software Engineer position. We reviewed your resume and would like to consider you.然后回了一通地址blabla的问题,之后竟然直接给我来了个挑战。

We'd like to invite you to a technical interview after you accomplish this short engineering challenge:

1. In order to access the instructions for submitting your resume, you must GET the "blabla一长串path" resource from this web service:

2. You must make it appear as if you're sending the GET request by following a link to the resource from {一个url,就是让你伪装成从这个url的页面发送的request} using a Chrome browser on an Android Phone. Otherwise, the web service will give you an Access Denied error.

没玩过aws,不过不管了。因为是用GET,所以肯定不是SOAP的服务,找了个REST的client试了一下,得到的果然是access denied。
<Error>
<Code> AccessDenied </Code>
<Message> Access Denied </Message>
<RequestId> AC42EEF5692A0B47 </RequestId>
<HostId>
hX3Tw5KE9H7nzZlFHhdK9/Z3YZig8xxm1N7K+D0fq1BTV1hfLB0+zUWqAV/0HYK/
</HostId>
</Error>

仔细看了下request header,果断不对啊
  1. Accept:*/*
  2. Connection: keep-alive
  3. Content-Type: application/xml
  4. Origin: chrome-extension: //rest-console-id
  5. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

试了下在Android机子上用chome发,不过突然发现没法伪装是从哪个网址发出去的request。

偷懒的办法看来是不行了,果断上Java代码:

import java.net.*;
import java.nio.charset.StandardCharsets;
import java.util.Scanner;
import java.io.*;
import javax.net.ssl.*;
 
public class SendPostRequest {
	public static void main(String[] args) throws MalformedURLException, IOException {
		String useragent = "Mozilla/5.0 (Linux; Android 4.0.4; Galaxy Nexus Build/IMM76B)AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.133 MobileSafari/535.19";
		String origin = "{an origin, acturally referer}";
		
		URL reqURL = new URL("https://s3.amazonaws.com/{hereismycode}"); //the URL we will send the request to
		HttpsURLConnection request = (HttpsURLConnection) (reqURL.openConnection());
		request.setRequestMethod("GET");
		request.setRequestProperty("Referer", origin);
		request.setRequestProperty("User-Agent",useragent);
		request.connect();
		InputStream is = (InputStream) request.getContent();
		
		String text = null;
		Scanner scanner = new Scanner(is, StandardCharsets.UTF_8.name());
		text = scanner.useDelimiter("\\A").next();
		scanner.close();
		System.out.println(text);
	}
}

可怜我一直傻乎乎的改Origin,其实要改的Referer有没有。求内推!


=====================================华丽的分割线=====================================
可怜的我以为能获取到一个直接的说明,结果没想到还有第二关的Boss。。。。。。。。。。

This document contains private instructions intended only for Jiaqi Zhu (zhujiaqi@xxxxxxxx.com). If you are not Jiaqi Zhu, please report this to jobs@xxxx.com.

Congratulations for finding the instructions!

We hope you'll send us your resume to our secret email address hashed below:
{一大串md5代码正在袭来!}

First, we generated a series of string prefixes with lengths increasing by 2. For example, if our secret email address was helloworld@xxxxxxxxx.com, we would generate:
he
hell
hellow
hellowor
...
helloworld@xxxxxxxxx.com

Then, for every prefix s, we computed the following hash J:
md5(md5(e) + s + md5(s))        [where + is the string concatenation operator and e is your email address].
Finally, we concatenated all hash strings J to form the long hash above!

For example, for helloworld@xxxxxx.com,
we would compute:
md5(md5('zhujiaqi@xxxxxx.com') + 'he' + md5('he')) + 
md5(md5('zhujiaqi@xxxxxx.com') + 'hell' + md5('hell')) + 
md5(md5('zhujiaqi@xxxxxx.com') + 'hellow' + md5('hellow')) + 
...

For the sake of simplicity, you can assume that our email address only contains alphanumeric(尼玛,我已开始还以为只有字母,害我试了好久) characters and these 4 characters: _.@+

After solving the challenge, please email your resume and your solution to the secret email address that you decoded.

Good Luck!

所以,果断要破解一下这个破密码有没有。懒得多说了,上代码吧,本以为要用bfs暴力搞定,不过想想md5也没那么巧容易conflict,于是凑合一下傻瓜算法了。

首先是用来算md5代码的helper,之后就靠它暴力解决了。
package md;
 
//import java.io.FileInputStream;
//import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
 
public class MD5 {
    public static String getMD5(String input) {
        try {
            MessageDigest md = MessageDigest.getInstance("MD5");
            byte[] messageDigest = md.digest(input.getBytes());
            BigInteger number = new BigInteger(1, messageDigest);
            String hashtext = number.toString(16);
            // Now we need to zero pad it if you actually want the full 32 chars.
            while (hashtext.length() < 32) {
                hashtext = "0" + hashtext;
            }
            return hashtext;
        }
        catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
 
    public static void main(String[] args) throws NoSuchAlgorithmException {
        System.out.println(getMD5("rainbow"));
    }
}

然后是主体,基本傻乎乎的硬算。。。

package md;
 
 
public class Decode {
	static String code = "{a very long md5 code}";
	static String myEmail = MD5.getMD5("{my email}");
	
	public static void main(String[] args) {
		// TODO Auto-generated method stub
		int len = code.length()/32;
		String[] codes = new String[len];
		
		//init an array of MD5 code need to decode
		for(int i = 0; i < len; i++){
			int start = 32 * i;
			int end = start + 32;
			codes[i] = code.substring(start, end);
		}
		
		//all the chars may appear in the secret email
		String str = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890_.@+";
		char[] chars = str.toCharArray();
		
		//well, we try to guess the secret email two by two characters
		String[] biChar = new String[66*66];
		for(int i = 0; i < 66; i++){
			for(int j = 0; j < 66; j++){
				StringBuilder sb = new StringBuilder();
				sb.append(chars[i]);
				sb.append(chars[j]);
				biChar[i*66 + j] = sb.toString();
			}
		}
		
		//let's just try do it without DFS--------------------------------------------------
		String[] results = new String[len];
		for(int i = 0; i < len; i++){
			getResult(i, biChar, codes, results);			
		}
	}
 
	private static void getResult(int i, String[] biChar, String[] codes,
			String[] results) {
		// TODO Auto-generated method stub
		if(i != 0){
			results[i] = results[i-1];
		}else{
			results[i] = "";
		}
		
		for (String string : biChar) {
			String temp = results[i] + string;
			String md5 = MD5.getMD5(temp);
			String result = MD5.getMD5(myEmail + temp + md5);
			
			if(result.equals(codes[i])){
				results[i] += string;
				System.out.println(results[i]);
				break; 
			}
		}		
	}
}

当时没仔细看,忘了字符还能有数字,卡了好久。。。仔细看题啊啊啊。。。。。

======================================================================
找不到工作闲的蛋疼,第一次遇到这样的奇怪公司,特此留念。一家50人不到的小公司,linkedin上看到投了200人了。话说linkedin总是说我不在top 50%, ╭(╯^╰)╮。也不记得投了哪些家,回邮件的时候看了下说是mid-senior的position。。。只好默默发邮件到猥琐的secret email问问能不能给个entry level或者internship什么的,都是泪。


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值