10 commandments of writing solution
The 10 commandments of writing solution
Introduction
You just managed to flag a challenge and you wanna share how you did it ? Root-Me allows you to redact your own write-up, that will be posted on the challenge page. However, these solutions are reviewed by the members of Root-Me before being accepted. Here are a few good practices and rules to follow when writing your solution to make sure it will be accepted (and as quickly as possible…) !
1. Re-read yourself
Basic. The reading should be easy and fluid. No need to write like Shakespeare but typos and spelling errors are to be avoided. Make sure that your solution is written in proper english (or whichever language you chose). Be kind to the ones who are checking your solution : nobody likes to lose 15min correcting a write-up from someone else. We won’t shame you for a few mistakes but do your best to make the checker’s work simple.
Pro-Tips : LanguageTool is a nice browser addon to avoid typos.
2. Use the Rich Text Editor
Root-Me works with the SPIP markup language. It enables you to make your solution a lot easier to read. You can make titles, subtitles, bold, italic, code snippets (with syntaxic coloration <code class="python"></code>
), add images… It’s up to you to write a solution that is pleasant to read - for the checker and for the future challengers who will read it.
Pro-Tips : A quick help for the SPIP syntax can be found here : https://www.root-me.org/?page=structure&inc=inclusions/legende&lang=en%20#syntaxe.
It also works with Markdown (<md></md>
tags), but the syntactic coloring is not present, making it less pleasant to read.
Pro-Tips : You can use the HexPandaa’s tool md2rm to convert your markdown to SPIP syntax.
3. Don’t leak flags
You are proposing a solution : we know that you solved the challenge. No need to show the flag in plaintext to prove, we believe you I promise.
Do this prevent people from leaking your solution on the Internet with the flag inside.
4. Verify that your solution doesn’t already exist
What is interesting with this system it to discover many different solutions to a same challenge. If the way you solved the challenge is already described in another solution, no need to make a doublon.
The number of solutions is capped at 10, but if you think you’ve got an amazing new solution that should be on the platform, you can talk about it on Discord and maybe we will add it.
5. Verify that your solution is interesting
Your solution could be different from the other ones but if it brings nothing more we don’t want it either. Magic online tools to solve the challenge are cool but they are not that interesting. We’re pretty sure that’s not the kind of trick you want to see when you explore solutions.
For example, for programming challenges, you can check that you’re not posting a solution in the same programming language or with the same library.
6. Insert images
It can help a lot your reader to understand what you are explaining. It depends on the context, but images are generally welcomed and are very useful to visualize the concepts or the tricks you are describing.
Pro-Tips : If you are a member, you can edit your solution in the Root-Me’s backend
The first thing to do is to select an image or document on your computer. Next, place your cursor where you wish to insert your image. Finally, click on the document identifier
, and possibly on the image position.
For example, we add the same image twice, once normally and once to the right of the text.
Finally, we can preview our solution to see the images.
7. Explain your code
If you decide to include your script in your solution, describe as detailed as you can how it works. Your reader might not know what the line 19 does, even if it’s pretty clear for you. Comments are not mandatory but they are a great way to achieve it.
import requests
import json
# Define your API key
api_key = "your_api_key_here"
# Make a request to the API using the API key in the headers
headers = {
"Authorization": f"Bearer {api_key}"
}
# Send a GET request to the API endpoint
response = requests.get("https://api.example.com/data", headers=headers)
# Check if the response status code is 200 (OK)
if response.status_code == 200:
# Parse the JSON data from the response
data = json.loads(response.text)
# Now you can work with the JSON data
for item in data:
print(f"Item ID: {item['id']}")
print(f"Item Name: {item['name']}")
print(f"Item Description: {item['description']}")
print("Data parsing successful.")
else:
print(f"Error: Unable to fetch data from the API. Status code: {response.status_code}")
8. Test your solution
Your original solution might be ugly and you polished it later. Or you found an elegant trick right after solving the challenge. The challenge could even have been fixed and prevent your workaround. You have to make sure that everything you are proposing is fully functionnal. It would be ironic that a solution doesn’t even work, right ?
9. Quote your sources
It might happen that someone find your solution deeply interesting. This person would obviously want to dig the subject. Leave some links of what you used as a reference, or what you came through during your research. It’s also a way to give credit to the ones who wrote it.
10. Structure your text
The organization is your choice. However, try to avoid big and indigestible block of text. You can use lists, headers, blank spaces… Once again, the main goal is to make the solution easier to read.
Solution Template
And now you’re thinking that’s a lot to add and think about, and you’re already doing enough steganoguessing challenges as it is. But don’t worry, we’ve even made a template you can use as a basis for your solutions!
{{{ Name }}}
{{ Description }}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi in venenatis lacus.
<quote>
In iaculis odio non ligula pulvinar aliquet. Sed in turpis non lacus malesuada mollis.
</quote>
{{ 1. Step 1 }}
In iaculis odio non ligula pulvinar aliquet. Sed in turpis non lacus malesuada mollis.
{{ 2. Step 2 }}
In iaculis odio non ligula pulvinar aliquet.
|| Informations | Title ||
| cell1 | cell2 |
| cell3 | cell4 |
{{ 3. Step 3 }}
In iaculis odio non ligula pulvinar aliquet. Sed in turpis non lacus malesuada mollis.
- Exploitation code
<code class="python">
from requests get
get("https://challenge01.root-me.org/")
</code>
{ Lorem ipsum dolor sit amet, consectetur adipiscing elit }
{{ Ressources }}
- https://www.root-me.org/?page=structure&inc=inclusions%2Flegende&lang=fr
- [The Blog -> https://blog.root-me.org/]
BONUS : Give a shootout
Last but not the least. Root-Me and infosec generally is a community. Someone created the challenge you just solved, and the roles could be reversed someday. Don’t hesitate to thank this person, it is always a pleasure for anyone who worked hard to share something with a community he loves.
Thanks
A heartfelt thank you to all the contributors on Root-Me. Your efforts, regardless of their level of completion, contribute to our cybersecurity community’s growth. Keep learning, sharing, and inspiring. Special thanks for B.A.Seven for writing the core of the article and Elweth for the solution template. ❤️