今天真是给跪了,一公司发邮件直接过来说Thank you for your interest in the Software Engineer position. We reviewed your resume and would like to consider you.然后回了一通地址blabla的问题,之后竟然直接给我来了个挑战。
We'd like to invite you to a technical interview after you accomplish this short engineering challenge:
1. In order to access the instructions for submitting your resume, you must GET the "blabla一长串path" resource from this web service:
2. You must make it appear as if you're sending the GET request by following a link to the resource from
{一个url,就是让你伪装成从这个url的页面发送的request} using a Chrome browser on an Android Phone. Otherwise, the web service will give you an Access Denied error.
没玩过aws,不过不管了。因为是用GET,所以肯定不是SOAP的服务,找了个REST的client试了一下,得到的果然是access denied。
<Error>
<Code>
AccessDenied
</Code>
<Message>
Access Denied
</Message>
<RequestId>
AC42EEF5692A0B47
</RequestId>
</Error>
仔细看了下request header,果断不对啊
- Accept:*/*
- Connection: keep-alive
- Content-Type: application/xml
- Origin: chrome-extension: //rest-console-id
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
试了下在Android机子上用chome发,不过突然发现没法伪装是从哪个网址发出去的request。
偷懒的办法看来是不行了,果断上Java代码:
import java.net.*;
import java.nio.charset.StandardCharsets;
import java.util.Scanner;
import java.io.*;
import javax.net.ssl.*;
public class SendPostRequest {
public static void main(String[] args) throws MalformedURLException, IOException {
String useragent = "Mozilla/5.0 (Linux; Android 4.0.4; Galaxy Nexus Build/IMM76B)AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.133 MobileSafari/535.19";
String origin = "{an origin, acturally referer}";
URL reqURL = new URL("https://s3.amazonaws.com/{hereismycode}"); //the URL we will send the request to
HttpsURLConnection request = (HttpsURLConnection) (reqURL.openConnection());
request.setRequestMethod("GET");
request.setRequestProperty("Referer", origin);
request.setRequestProperty("User-Agent",useragent);
request.connect();
InputStream is = (InputStream) request.getContent();
String text = null;
Scanner scanner = new Scanner(is, StandardCharsets.UTF_8.name());
text = scanner.useDelimiter("\\A").next();
scanner.close();
System.out.println(text);
}
}
可怜我一直傻乎乎的改Origin,其实要改的Referer有没有。求内推!
=====================================华丽的分割线=====================================
可怜的我以为能获取到一个直接的说明,结果没想到还有第二关的Boss。。。。。。。。。。
This document contains private instructions intended only for Jiaqi Zhu (zhujiaqi@xxxxxxxx.com). If you are not Jiaqi Zhu, please report this to jobs@xxxx.com.
Congratulations for finding the instructions!
We hope you'll send us your resume to our secret email address hashed below:
{一大串md5代码正在袭来!}
First, we generated a series of string prefixes with lengths increasing by 2. For example, if our secret email address was helloworld@xxxxxxxxx.com, we would generate:
he
hell
hellow
hellowor
...
helloworld@xxxxxxxxx.com
Then, for every prefix s, we computed the following hash J:
md5(md5(e) + s + md5(s)) [where + is the string concatenation operator and e is your email address].
Finally, we concatenated all hash strings J to form the long hash above!
For example, for helloworld@xxxxxx.com,
we would compute:
md5(md5('zhujiaqi@xxxxxx.com') + 'he' + md5('he')) +
md5(md5('zhujiaqi@xxxxxx.com') + 'hell' + md5('hell')) +
md5(md5('zhujiaqi@xxxxxx.com') + 'hellow' + md5('hellow')) +
...
For the sake of simplicity, you can assume that our email address only contains alphanumeric(尼玛,我已开始还以为只有字母,害我试了好久) characters and these 4 characters: _.@+
After solving the challenge, please email your resume and your solution to the secret email address that you decoded.
Good Luck!
所以,果断要破解一下这个破密码有没有。懒得多说了,上代码吧,本以为要用bfs暴力搞定,不过想想md5也没那么巧容易conflict,于是凑合一下傻瓜算法了。
Congratulations for finding the instructions!
We hope you'll send us your resume to our secret email address hashed below:
{一大串md5代码正在袭来!}
First, we generated a series of string prefixes with lengths increasing by 2. For example, if our secret email address was helloworld@xxxxxxxxx.com, we would generate:
he
hell
hellow
hellowor
...
helloworld@xxxxxxxxx.com
Then, for every prefix s, we computed the following hash J:
md5(md5(e) + s + md5(s)) [where + is the string concatenation operator and e is your email address].
Finally, we concatenated all hash strings J to form the long hash above!
For example, for helloworld@xxxxxx.com,
we would compute:
md5(md5('zhujiaqi@xxxxxx.com') + 'he' + md5('he')) +
md5(md5('zhujiaqi@xxxxxx.com') + 'hell' + md5('hell')) +
md5(md5('zhujiaqi@xxxxxx.com') + 'hellow' + md5('hellow')) +
...
For the sake of simplicity, you can assume that our email address only contains alphanumeric(尼玛,我已开始还以为只有字母,害我试了好久) characters and these 4 characters: _.@+
After solving the challenge, please email your resume and your solution to the secret email address that you decoded.
Good Luck!
所以,果断要破解一下这个破密码有没有。懒得多说了,上代码吧,本以为要用bfs暴力搞定,不过想想md5也没那么巧容易conflict,于是凑合一下傻瓜算法了。
首先是用来算md5代码的helper,之后就靠它暴力解决了。
package md;
//import java.io.FileInputStream;
//import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class MD5 {
public static String getMD5(String input) {
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] messageDigest = md.digest(input.getBytes());
BigInteger number = new BigInteger(1, messageDigest);
String hashtext = number.toString(16);
// Now we need to zero pad it if you actually want the full 32 chars.
while (hashtext.length() < 32) {
hashtext = "0" + hashtext;
}
return hashtext;
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
public static void main(String[] args) throws NoSuchAlgorithmException {
System.out.println(getMD5("rainbow"));
}
}
然后是主体,基本傻乎乎的硬算。。。
package md;
public class Decode {
static String code = "{a very long md5 code}";
static String myEmail = MD5.getMD5("{my email}");
public static void main(String[] args) {
// TODO Auto-generated method stub
int len = code.length()/32;
String[] codes = new String[len];
//init an array of MD5 code need to decode
for(int i = 0; i < len; i++){
int start = 32 * i;
int end = start + 32;
codes[i] = code.substring(start, end);
}
//all the chars may appear in the secret email
String str = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890_.@+";
char[] chars = str.toCharArray();
//well, we try to guess the secret email two by two characters
String[] biChar = new String[66*66];
for(int i = 0; i < 66; i++){
for(int j = 0; j < 66; j++){
StringBuilder sb = new StringBuilder();
sb.append(chars[i]);
sb.append(chars[j]);
biChar[i*66 + j] = sb.toString();
}
}
//let's just try do it without DFS--------------------------------------------------
String[] results = new String[len];
for(int i = 0; i < len; i++){
getResult(i, biChar, codes, results);
}
}
private static void getResult(int i, String[] biChar, String[] codes,
String[] results) {
// TODO Auto-generated method stub
if(i != 0){
results[i] = results[i-1];
}else{
results[i] = "";
}
for (String string : biChar) {
String temp = results[i] + string;
String md5 = MD5.getMD5(temp);
String result = MD5.getMD5(myEmail + temp + md5);
if(result.equals(codes[i])){
results[i] += string;
System.out.println(results[i]);
break;
}
}
}
}
======================================================================
找不到工作闲的蛋疼,第一次遇到这样的奇怪公司,特此留念。一家50人不到的小公司,linkedin上看到投了200人了。话说linkedin总是说我不在top 50%, ╭(╯^╰)╮。也不记得投了哪些家,回邮件的时候看了下说是mid-senior的position。。。只好默默发邮件到猥琐的secret email问问能不能给个entry level或者internship什么的,都是泪。