Security through obscurity

[sparkcodeuk]

curl -s "https://sandbox.vflsruxm.net/plans.rar" | base64 -Do plans.rar; unrar x -y plans.rar

So...

• encrypted email with link
• HTTPS webserver (over cloudflare, with directory indexes turned on no less, wtf Elliot?!)
• base64 encoded rar file
• png QR code
• link to public git repo (here)

One sec, someone's at the door—

[Brcrwilliams]

This isn't Elliot's repo. It's the exploit the FBI used on his monitor. He knew the FBI was watching him. He wasn't sending that email to a real person. He intended the FBI to intercept it, decode it, and realize that he knew what they did. He was sending them a message.

[dryan]

Life’s too short to “well actually”.

[nukeop]

This was on purpose to let them know that he knows they used this exploit to implant a backdoor in his monitor. He was already banging on their door when the FBI pajeet told Dom about it.

[snovvcrash]

>>> import requests, base64, rarfile, io
>>> rarfile.RarFile(io.BytesIO(base64.b64decode(requests.get('https://sandbox.vflsruxm.net/plans.rar').text))).extractall()

@sparkcodeuk Within this task the Shell's source code has significantly better Kolmogorov complexity than Python's lol.