Flattr on Dailymotion

Do you know Dailymotion? It's one of the leading video streaming platforms on the net. And ever head of flattr? It's a social micro-payment system, that allows making small donations to support people for the content they share on the web (e.g. check out the excellent metaebene.me blogs). I like to think of the flattr-button as facebook's like-button with a small contribution for every click. An interesting fact: flattr was initated amongst others by Peter Sunde, a co-founder of thepiratebay.org.

End of April 2012, Dailymotion integrated flattr into their platform, enabling video creators to insert a flattr button on their pages. Here's how the idea was born. My brother works for Dailymotion. He once skyped me up to tell me the company was going to hold a hackathon to promote innovative projects. He asked me if I had any suggestions. I called out to my colleague David who almost instantly mentioned flattr. I replied and some time later the idea was accepted by management. My brother's team didn't win the contest, but as he told me, it's the only project that turned productive.

This has some echo on the web: wired.com, techcrunch.com, venturebeat.com, they all covered the story. David and I were pretty astonished by the impact his idea had had. So if you'd like to give him some credit, go ahead and >>flattr him<<, I think he deserves it :-)

For your entertainment (if you speak french), here's the log transcript of our skype conversation:

23.11.11 15:31
un hackaton aura lieu de mardi a mercredi prochain ici
23.11.11 15:32
avec une tablette pour l'equipe gagnante
23.11.11 15:33
t'as pas des idees?
23.11.11 15:33
un truc qui revolutionne la facon dont tu regardes les videos et qui prends 10 ligne de code
23.11.11 15:33
lol
Antoine 23.11.11 15:35 
oh wow.
23.11.11 15:35
je veux le tablet
yann 23.11.11 15:35 
hihi
23.11.11 15:35
yeah moi aussi
Antoine 23.11.11 15:36 
des videos pr0n$
yann 23.11.11 15:36 
haha
23.11.11 15:36
oui
Antoine 23.11.11 15:36 
en 3d
yann 23.11.11 15:36 
yeah
23.11.11 15:36
ya deja un mec qui dev la 3d ici
Antoine 23.11.11 15:37 
cool
yann 23.11.11 15:37 
il a des lunettes lol
Antoine 23.11.11 17:05 
une idée d'un de mes collègues:
23.11.11 17:05
incorporer http://flattr.com/ pour le content dailymotion.
yann 23.11.11 17:06 
yeah this is nice bro
Antoine 23.11.11 17:07 
tu connais?
yann 23.11.11 17:07 
un petit peu
23.11.11 17:07
juste le principe
23.11.11 17:07
c'est de la remuneration sur le contenu
23.11.11 17:07
si ca te plait tu peux remunerer l'auteur
yann 23.11.11 17:11 
yeah
23.11.11 17:11
jvais lire flattr
23.11.11 17:12
faut voir mec
Antoine 23.11.11 17:13 
ouais. ce serait cool mec.
yann 23.11.11 17:13 
carrement
23.11.11 17:18
c'est une bonne idee
23.11.11 17:19
LET'S GET THIS TABLET!!

vortex5

Vortex level 5 consists in cracking a password hashed with MD5, which is called a preimage attack. No salt was used when applying the hash function, this makes it very easy by today's means to find the originating value.

The fastest way I found to achieve this is searching for the hash value with Google. Of course this will return lots of references to this level's solution, but you'll also get results for some websites that publish datasets of precomputed hashes, like for example md5crack or md5this.

Alternatively, you could crack the MD5 hash using some tool such as John The Ripper to perform a brute force attack. In the worst case this could result in computing all 62^5 combinations of the password (it was specified to be 5 characters long and consisting of a-zA-Z0-9). To restrict the number of tries, you can provide a wordlist of plausible passwords. Obviously, this will only generate a result if the password already existed in the list. This method works best when using real password data (e.g. from a leaked password database), since people tend to use similar patterns and also reuse their passwords.

Other tools such as RainbowCrack perform the attack using a rainbow table: a data structure used for the efficient storage of precomputed hash values. As for the websites mentioned above, you can easily get ahold of various tables, ranging from 50 to 500GB depending on the space of hashed values.

vortex4

Exploited the format string vulnerability in vortex level 4! Check out my solution on github: https://github.com/antoinet/vortex/tree/master/vortex04