Nullcon Jailbreak CTF 2012,Walkthrough by Team Loosers

•

2 likes•2,685 views

A less technical walkthrough of 2012 Nullcon Jailbreak CTF by Team Loosers (r3dsm0k3,Himansu Das).Yup we won the CTF. :)

Technology

Nullcon
JailBreak 2012
Team Loosers

Ajith (r3dsm0k3) Himanshu Das

Jailbreak Challenges
15 Challenges, 3 sections
1.Exploitation

Jailbreak Challenges
15 Challenges, 3 sections
2.Development

Jailbreak Challenges
15 Challenges, 3 sections
3.Antivirus Bypass

Jailbreak Challenges
15 Challenges, 3 sections
!   Exploitation

!   Development

!   Antivirus Bypass

PHP De-obfuscator
For http://fopo.com.ar

WHAT?

!   Used on free online PHP source obfuscator.

!   Impossible for naked eye to analyze the source.

!   Variables, functions are scrambled.

!   Uses base64 encoding, rot13 transformation etc. for
obfuscation.

WHY?
Why did we choose this task.

!   No such de-obfuscators available.
!   Useful, can be used to analyze the malicious code, bug fixing
etc.

!   Felt quite achievable within 36 hours.

!   And yes, for clearing CTFs like HackIM,ClubhackCTF etc.
J

HOW?
Our Approach
1st Day in Jail.
!   Analyzed the obfuscated code.

!   Manually decoded the code (echo instead of eval + Burp for
encoding/decoding + Find and Replace )

!   Started coding to convert the code line by line.

HOW?
1st Day in Jail.
Hacking our health.

!   100 Push-Ups

!   Several Sit-Ups, Duck-walk and many unknown exercises to
man.

HOW?
1st Day in Jail.
End of 1st Day.

Line by line conversion found not feasible.

HOW?
1st Day in Jail.
End of 1st Day.

We Got Stuck..!!

HOW?
Our Approach
2nd Day in Jail.
!   Started analyzing the obfuscated code.
!   Found string patterns and the functions used to obfuscate.
!   Found the pattern to decode in an eval function
gzinflate(base64_decode(str_rot13(“Obfuscated Code Goes
Here”)));
!   Coding…

HOW?
Our Approach
2nd Day in Jail.
!   Coding done, Testing done..

!   Shown the code to Superintendent.

!   And…….

OUT OF JAIL..! :D

!   After hours of stress/lack of food, water/physical torture
(yes, it was torture J ) we managed to get out of Jail as the
first one to do so.

! Beeeeeeerrrrrrrr…..!! J

This is how my script looks like
now
It Works.. J

Something awesome is cooking.

This is the future,well..I dream.. J

Future Development
!   Support for different levels of obfuscation.

!   Make the script command line.

!   Optimization of existing code to decrease the time,
complexity, and make the algorithm more simple.

How JailBreak Benefited Us.
!   Time management (poo,pee,eat everything in 15 minutes).

!   Built muscles, Could go for Army Recruitment.

!   Better understanding of code obfuscation techniques.

Thank you all for bearing me. J

Any Koschans..?

Viewers also liked

In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity). As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking. This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser. https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016

Security and Privacy on the Web in 2016

Francois Marier

ONE Conference: Vulnerabilities in Web Applications

Netcetera

A presentation on Web Vulnerabilities, especially around Social Engineering & Manipulation, with examples. I presented this talk at ThoughtWorks Pune office, to help raise awareness on how unsuspecting people can be tricked into giving up information, and bypassing strong security measures easily. Some topics covered include Phishing, Spear Phishing, Fake Login screens, Social Engineering, Panopticlick based user identification, Cookies, CSRF, and some good practices for developers to keep in mind.

Web Vulnerabilities - Building Basic Security Awareness

Gurpreet Luthra

Introduction to Web security

jeyaselvir

Top 10 Web Security Vulnerabilities

Carol McDonald

This talk walks through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We'll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you're an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.

Web Security 101

Michael Peters

Security testing

baskar p

Web application security & Testing

Deepu S Nath

Web Security

ADIEFEH

Web Security

Tripad M

Web Security - Introduction v.1.3

Oles Seheda

Viewers also liked (11)

Security and Privacy on the Web in 2016

ONE Conference: Vulnerabilities in Web Applications

Web Vulnerabilities - Building Basic Security Awareness

Introduction to Web security

Top 10 Web Security Vulnerabilities

Web Security 101

Security testing

Web application security & Testing

Web Security

Web Security - Introduction v.1.3

Similar to Nullcon Jailbreak CTF 2012,Walkthrough by Team Loosers

Working with software means working with bugs. Bugs in software, bugs in hardware; bugs in Open Source code, bugs in proprietary code. If software is eating the world, bugs might end up taking the first bite. We will present a few typical bugs, some of them famous, some of them infamous (including bugs that actually killed people). Since one can never be too well-prepared to fend off the next infestation, we will give tools, tips, and best practices to fix bugs in Open Source software. We will give real world examples of Really Mysterious Bugs (sometimes nicknamed "Heisenbugs" because they tend to disappear when you try to observe them), and how they were fixed, in Node.js, Docker, and the Linux Kernel.

Killer Bugs From Outer Space

Jérôme Petazzoni

This is the slides to accompany the talk given by Darren Martyn at the Steelcon security conference in July 2014 about process injection using python. Covers using Python to manipulate processes by injecting code on x86, x86_64, and ARMv7l platforms, and writing a stager that automatically detects what platform it is running on and intelligently decides which shellcode to inject, and via which method. The Proof of Concept code is available at https://github.com/infodox/steelcon-python-injection

Steelcon 2014 - Process Injection with Python

infodox

Spring, CDI, Jakarta EE good parts

Jarek Ratajski

Design and Evolution of cyber-dojo

Jon Jagger

Agile latvia evening_unit_testing_in_practice

denis Udod

Day1 - TDD (Lecture SS 2015)

wolframkriesing

Hacking school computers for fun profit and better grades short

Vincent Ohprecio

Scottish Ruby Conference 2014

michaelag1971

Automatic detection of highlights from a Cricket Match

Srikanth Varma Chekuri

Your money, your media a DRMtastic (reverse|re) eng. tutorial

Security BSides London

Slides for my deep dive session at Devoxx Belgium 2019. Main concepts: OOP, Functional Programming, Functions, Feature Envy, Design, Refactoring, Extract Method, Signatures, side effects, pure functions, programming paradigms, emotions Abstract: Would you attach your last commit to your CV: "Sample: how I write code"? What do others think of your code? Writing Clean Code: an old topic, but never less important, nor challenging than today! During the first part of this deep-dive session, we will go through the essential clean code rules, learning to detect code smells, discussing refactoring ideas and alternative designs pros/cons. Then, after the break, we will apply what we learned in a refactoring live-coding kata, explaining 10 key practical techniques you can immediately apply in your code. By the end of the session, you will have a clear picture of what clean code means and quite a variety of ways at hand to get there. Along the way, we will also point out the differences between procedural/oop/functional paradigms and whether they are competing or complementary, speak in detail about Extract Method, statefulness, separation by layers of abstractions, OOP, and many more. Can't wait to share my greatest passion with you: writing professional, expressive code that is a pleasure to work with.

Clean Code - The Next Chapter

Victor Rentea

BSidesLondon | Your Money, Your Media - A DRMtastic Android (reverse|re

Chandra Pratap

Organise a Code Dojo!

Nicholas Tollervey

[HITB Malaysia 2011] Exploit Automation

Moabi.com

[Kiwicon 2011] Post Memory Corruption Memory Analysis

Moabi.com

Presented by Kevin Perko, Head of Data Science at Scribd Next DSS NYC Event 👉 https://datascience.salon/newyork/ Next DSS LA Event 👉 https://datascience.salon/la/ Kevin will cover his experience using deep learning, going from scratch to deploying models in production to improve the product experience. He goes in-depth in terms of how we started deep learning from scratch, including navigating the maze of frameworks and hyper-parameters to optimize. Kevin will discuss pitfalls of using other people's algorithms and make a call for more rigor in publishing data science blog posts. Kevin closes with how his failure turned into an open source contribution and the work in moving from dev to production.

Data Science Salon: Deep Learning as a Product @ Scribd

Formulatedby

teaching data science students to write clean code

saber tabatabaee

As presented at the BBC Digital Open Day, London, 2015-04-27. In 2012 we committed to killing the system that processed all the video for BBC iPlayer, because it was unsustainable. We gave ourselves 12 months to build a complete replacement. And along the way, we had to re-learn how to develop, test, deploy and support software. This is the story of how we adapted to Continuous Delivery, and a plea for you to adapt Continuous Delivery to suit *your* product.

Destruction, Decapods and Doughnuts: Continuous Delivery for Audio & Video Fa...

Rachel Evans

Code Retreat

Igor Popov

The London Python Code Dojo - An Education in Developer Education

Nicholas Tollervey

Similar to Nullcon Jailbreak CTF 2012,Walkthrough by Team Loosers (20)

Killer Bugs From Outer Space

Steelcon 2014 - Process Injection with Python

Spring, CDI, Jakarta EE good parts

Design and Evolution of cyber-dojo

Agile latvia evening_unit_testing_in_practice

Day1 - TDD (Lecture SS 2015)

Hacking school computers for fun profit and better grades short

Scottish Ruby Conference 2014

Automatic detection of highlights from a Cricket Match

Your money, your media a DRMtastic (reverse|re) eng. tutorial

Clean Code - The Next Chapter

BSidesLondon | Your Money, Your Media - A DRMtastic Android (reverse|re

Organise a Code Dojo!

[HITB Malaysia 2011] Exploit Automation

[Kiwicon 2011] Post Memory Corruption Memory Analysis

Data Science Salon: Deep Learning as a Product @ Scribd

teaching data science students to write clean code

Destruction, Decapods and Doughnuts: Continuous Delivery for Audio & Video Fa...

Code Retreat

The London Python Code Dojo - An Education in Developer Education

Recently uploaded

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Speed Wins: From Kafka to APIs in Minutes

confluent

Join us as we dive into the latest updates to the UiPath Orchestrator API, including new limits and features for 2024. Discover how these changes can enhance your automation projects and streamline your workflows. 📚 Overview of UiPath Orchestrator API 🔧 Recent changes to API limits 🛠️ How to adapt to new limits 📋 Best practices for using the Orchestrator API efficiently ❓ Q&A session

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀

DianaGray10

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

CzechDreamin

IESVE for Early Stage Design and Planning

IES VE

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

Recently uploaded (20)

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

Search and Society: Reimagining Information Access for Radical Futures

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

When stars align: studies in data quality, knowledge graphs, and machine lear...

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Speed Wins: From Kafka to APIs in Minutes

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀

Powerful Start- the Key to Project Success, Barbara Laskowska

IESVE for Early Stage Design and Planning

Connector Corner: Automate dynamic content and events by pushing a button

UiPath Test Automation using UiPath Test Suite series, part 2

Designing Great Products: The Power of Design and Leadership by Chief Designe...

UiPath Test Automation using UiPath Test Suite series, part 3

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Bits & Pixels using AI for Good.........

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ODC, Data Fabric and Architecture User Group

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

Nullcon Jailbreak CTF 2012,Walkthrough by Team Loosers

1. Nullcon JailBreak 2012 Team Loosers Ajith (r3dsm0k3) Himanshu Das

2. Jailbreak Challenges 15 Challenges, 3 sections 1.Exploitation

3. Jailbreak Challenges 15 Challenges, 3 sections 2.Development

4. Jailbreak Challenges 15 Challenges, 3 sections 3.Antivirus Bypass

5. Jailbreak Challenges 15 Challenges, 3 sections !   Exploitation !   Development !   Antivirus Bypass

6. PHP De-obfuscator For http://fopo.com.ar WHAT? !   Used on free online PHP source obfuscator. !   Impossible for naked eye to analyze the source. !   Variables, functions are scrambled. !   Uses base64 encoding, rot13 transformation etc. for obfuscation.

7. Fopo PHP Obfuscator Input/Output

8. Fopo PHP Obfuscator We were like..

9. WHY? Why did we choose this task. !   No such de-obfuscators available. !   Useful, can be used to analyze the malicious code, bug fixing etc. !   Felt quite achievable within 36 hours. !   And yes, for clearing CTFs like HackIM,ClubhackCTF etc. J

10. HOW? Our Approach 1st Day in Jail. !   Analyzed the obfuscated code. !   Manually decoded the code (echo instead of eval + Burp for encoding/decoding + Find and Replace ) !   Started coding to convert the code line by line.

11. HOW? 1st Day in Jail. Hacking our health. !   100 Push-Ups !   Several Sit-Ups, Duck-walk and many unknown exercises to man.

12. HOW? 1st Day in Jail. End of 1st Day. Line by line conversion found not feasible.

13. HOW? 1st Day in Jail. End of 1st Day. We Got Stuck..!!

14. HOW? Our Approach 2nd Day in Jail. !   Started analyzing the obfuscated code. !   Found string patterns and the functions used to obfuscate. !   Found the pattern to decode in an eval function gzinflate(base64_decode(str_rot13(“Obfuscated Code Goes Here”))); !   Coding…

15. HOW? Our Approach 2nd Day in Jail. !   Coding done, Testing done.. !   Shown the code to Superintendent. !   And…….

16. OUT OF JAIL..! :D !   After hours of stress/lack of food, water/physical torture (yes, it was torture J ) we managed to get out of Jail as the first one to do so. ! Beeeeeeerrrrrrrr…..!! J

17. DEMO

18. This is how my script looks like now It Works.. J

19. Something awesome is cooking. This is the future,well..I dream.. J

20. Future Development !   Support for different levels of obfuscation. !   Make the script command line. !   Optimization of existing code to decrease the time, complexity, and make the algorithm more simple.

21. How JailBreak Benefited Us. !   Time management (poo,pee,eat everything in 15 minutes). !   Built muscles, Could go for Army Recruitment. !   Better understanding of code obfuscation techniques.

22. Thank you all for bearing me. J Any Koschans..?

Nullcon Jailbreak CTF 2012,Walkthrough by Team Loosers

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (11)

Similar to Nullcon Jailbreak CTF 2012,Walkthrough by Team Loosers

Similar to Nullcon Jailbreak CTF 2012,Walkthrough by Team Loosers (20)

Recently uploaded

Recently uploaded (20)

Nullcon Jailbreak CTF 2012,Walkthrough by Team Loosers