Categorieën
Pentest

How to cheat / pass Mindtickle exams with a 100% score

1. Install Firefox

2. Start your mindtickle course in the firefox browser

3. Open Web developer -> Web Console

4. This should open something like this:

Picture1

5. Now select the Debugger tab and browse to the cf-**.mindtickle.com site icon and underlying folder structure 920xxx -> scormcontent -> lib -> index.html

Picture2

6. Select “control +f” or “command +f” to search the index.html for window.courseData

Picture3

7. Make sure to select and copy the complete Base64 Encoded text

8. Paste the Base64 Encoded text in an online decoder site such as https://www.base64decode.org/ and click on Decode to get the clear text result

Picture4

9. Save the decoded text in a file and open it in your preferred editor

10. Now search for a question in your exam lookup the correct answer:

Picture5

11. Finish your exam and end-up with a 100% score 😉

Now lets automate this further by leveraging a Python Script.

1. Follow the previous mentioned 5 steps but now download the index.html file:

pic-1

2. Past the following python code in a file and save it with the .py extension:

import base64
import json
correctID = []
answer_list = []
print(”)
print(“##########—–HELLO-CHEATER—–##########”)
print(”)
print(“Please provide full MidTickle index.html download path in single quotes”)
print(“Example = ” + “‘//Users/YOURUSERNAME/Desktop/index.html'”)
print(”)
path = input(“Path = : “)
print(”)
with open(path) as search:
for line in search:
line = line.rstrip() # remove ‘\n’ at end of line
if’window.courseData’in line:
data=(line).replace(‘window.courseData = ‘, ”).replace(‘”;’, ”)+'”‘
encoded = data
decoded = base64.b64decode(encoded)
json_array = json.loads(decoded)
#print(“lessonCount”)
###################
lessonsCount = len(json_array[‘course’][‘lessons’])
#print(lessonsCount)
#print(“answerCount”)
###################
answercounter = 0
for i in json_array[‘course’][‘lessons’]:
if (i[‘type’] == ‘quiz’):
break
answercounter += 1
#print(answercounter)
#print(“itemCount”)
####################
itemcounter = len(json_array[‘course’][‘lessons’][answercounter][‘items’])
#print(itemcounter)
#print(“Correct ID’s: “)
correctID_count = 0
for item in json_array[‘course’][‘lessons’][answercounter][‘items’]:
correctID_details = {“id”:None, “title”:None}
correctID_details[‘id’] = item[‘correct’]
correctID_details[‘title’] = item[‘title’]
correctID.append(correctID_details)
correctID_count = correctID_count + 1
#print(correctID)
#print(correctID_count)
#print(“FullanswerList”)
#####################
j = itemcounter
c = 0
while (c < j):
for item in json_array[‘course’][‘lessons’][answercounter][‘items’][c][‘answers’]:
answer_details = {“id”:None, “title”:None}
answer_details[‘id’] = item[‘id’]
answer_details[‘title’] = item[‘title’]
answer_list.append(answer_details)
c = c + 1
#print(answer_list)
##################
print(“###########################################”)
print(“###-The-Correct-MindTickle-Answers-Are:-###”)
print(“###########################################”)
print(”)
#############################
for id in correctID:
correct_id = id[‘id’]
for x in answer_list:
if x[‘id’] == correct_id:
print(“Question: ” + id[‘title’] + ” “)
print(“Answer : ” + x[‘title’])
print(“——————————————-“)
print(”)
print(“#############——ENJOY—–##############”)
print(“####-Created-By-MSX-@-Rootsecurity.nl-#####”)
print(“#############–23/03/2020–################”)
print(“###########################################”)
3. Execute the file in python like shown below
pic-2
4. Enter the file location of the stored index.html file as shown below and click enter
pic-3
5. Enjoy the output of questions and answers together
pic-5

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit /  Bijwerken )

Google photo

Je reageert onder je Google account. Log uit /  Bijwerken )

Twitter-afbeelding

Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s

Deze site gebruikt Akismet om spam te bestrijden. Ontdek hoe de data van je reactie verwerkt wordt.