Key: this_should_be_pretty_hard_unless_you_use_grep
Tuesday, October 2, 2012
CSAW 2012 Writeup - Forensic 500
Strange enough, this is easier than the other forensics challenges. Just run strings against the file given:
Key: this_should_be_pretty_hard_unless_you_use_grep
Key: this_should_be_pretty_hard_unless_you_use_grep
CSAW 2012 Writeup - Networking 100
Open the pcap file in wireshark -> Follow TCP stream -> the key is the telnet login password.
Key: welcome to 1969
Key: welcome to 1969
Monday, October 1, 2012
CSAW 2012 Writeup - Reversing 200
Run the binary to see if there are any messages:
This is a .net binary, so we load it up in a .net decompiler.
Here are the encrypted key bytes:
This is a .net binary, so we load it up in a .net decompiler.
Here are the encrypted key bytes:
Found the decryption routine upon further inspection:
Wrote a shell script to xor each byte with 255, decrypted message is The key is 9c09f8416a2206221e50b98e346047b7
Key: 9c09f8416a2206221e50b98e346047b7
CSAW 2012 Writeup - Reversing 100
Run the binary, and see the output:
So what we want to do is to obtain the decrypted key. Load the binary in a debugger:
From the debugger, it is shown that the program exits prematurely before it shows the decrypted key. That's easy, just put a breakpoint at the call to exit() at 0x401106, patch it with nops, and voila!
Key: welcome_to_csaw!
Another way is to load the binary in a disassembler:
Key bytes are being loaded into the buffer.
The decryption routine:
Xor the key bytes with 0xff, and we get welcome_to_csaw!
CSAW 2012 Writeup - Trivia Challenges
There were five challenges in the Trivia category, each weighs 100 points:
1) What is the first step of owning a target?
2) What is the name of the Google’s dynamic malware analysis tool for Android applications?
3) What is the x86 opcode for and al, 0×24? Put your answer in the form 0xFFFF.
4) Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
5) What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
1) What is the first step of owning a target?
Key: recon
2) What is the name of the Google’s dynamic malware analysis tool for Android applications?
Refer: http://siliconangle.com/blog/2012/07/23/google-bouncer-researchers-fingerprint-androids-anti-malware-tool/
Key: bouncer
3) What is the x86 opcode for and al, 0×24? Put your answer in the form 0xFFFF.
I used msf's nasm_shell.rb to get the opcode.
Key: 0x2424
4) Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
Refer: http://seclists.org/fulldisclosure/2010/Mar/att-553/Windows-DEP-WPM.txt
Key: Spencer Pratt
5) What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
Refer: http://research.microsoft.com/en-us/projects/atg/ndss2008.pdf
Key: SAGE
1) What is the first step of owning a target?
2) What is the name of the Google’s dynamic malware analysis tool for Android applications?
3) What is the x86 opcode for and al, 0×24? Put your answer in the form 0xFFFF.
4) Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
5) What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
1) What is the first step of owning a target?
Key: recon
2) What is the name of the Google’s dynamic malware analysis tool for Android applications?
Refer: http://siliconangle.com/blog/2012/07/23/google-bouncer-researchers-fingerprint-androids-anti-malware-tool/
Key: bouncer
3) What is the x86 opcode for and al, 0×24? Put your answer in the form 0xFFFF.
I used msf's nasm_shell.rb to get the opcode.
Key: 0x2424
4) Who was the first security researcher to publish the DEP bypass that utilized WriteProcessMemory()?
Refer: http://seclists.org/fulldisclosure/2010/Mar/att-553/Windows-DEP-WPM.txt
Key: Spencer Pratt
5) What is the name of Microsoft’s sophisticated distributed fuzzing system that utilizes automated debugging, taint analysis, model building, and constaint solving?
Refer: http://research.microsoft.com/en-us/projects/atg/ndss2008.pdf
Key: SAGE
Saturday, December 10, 2011
Killing Techies the Malaysian Way
Original source of this article
CPB2011 Draft (Update: working draft of CPB2011 has been officially released by MOSTI. Click here to download.)
Latest update on this matter
Also, List of Demands to the Board of Computing Professional Bill 2011 Drafting Committee
Update: from spoonfork - "Hi, I need your help in getting the requests, comments, and questions regarding #CPB2011 to be heard by MOSTI. As such, I would like you and your organizations to support the document that I have prepared. If you agree to support the "COMMON VOICE OF ICT PROFESSIONALS ON BCP2011 AS OF 13 DEC 2011" please let me know so that I can list your groups/organizations in.
"
SHARE/PASS THIS ROUND AS MUCH AS YOU LIKE:
After the draconian Peaceful Assembly Bill, Malaysia is now trotting out the next Really Bad Idea: the Computing Professionals Bill 2011. You can read the draft bill here: http://www.scribd.com/doc/75107593/CPB2011-Draft
The gist of it is this: the plan is to create a Board of Computing Professionals and make it mandatory by law for all computing professionals to be registered with and certified by said board.
This board will decide whether you are a 'properly' qualified professional. There will of course be registration fees involved, payable yearly. And a proposed 'fund' created. Why does all this smell rather like a poorly disguised moneymaking scheme?
Want to know the hilarious part? The country with a bill nearly identical to ours is...NIGERIA. -> http://www.cpn.gov.ng/index.php?page=showcnt&cat=4&subc=0&id=3 . So we're taking a leaf out of their book? Brilliant, Malaysia, totally brilliant.
In countries like Australia, there are professional bodies like the Australian Computer Society. But enrollment is voluntary - in Malaysia, the powers that be are figuratively putting a gun to the head of every computing professional. "Register or you'll be deemed doing business illegally."
Why is this a big deal? The bill goes against the grain of everything tech stands for. It's about innovation and the freedom to create; things this bill intends to snuff out. What's to stop the country from deciding what kind of tech we're allowed to create?
As an IT grad and ex-tech worker, I learned first-hand that it isn't paper qualifications that count as much as proven skills. I know programmers without degrees or any form of certification who are skilled, competent and in most cases, entirely self-taught. After all, the biggest names in the global IT industry —Bill Gates, the late Steve Jobs, Michael Dell and Larry Ellison—dropped out of college.
Dear tech industry workers, I urge you to oppose the bill.
I'll be damned if I'll let the government insist I register with them and pay them money for the freedom to program, build websites and apps or propose tech-related ideas to my fellow Malaysians.
Also, there will be an open day for the suggestion to the formation of Board of Computing Professionals Malaysia (BCPM):
Tarikh (Date) : 13 Disember 2011 (Selasa/ Tuesday)
Masa (Time) : 9.30 pagi (AM) – 5.00 petang (PM)
Tempat (Venue) : Dewan Perhimpunan,
Aras 1, Blok C4, Kompleks C
Kementerian Sains, Teknologi dan Inovasi
P/S: My of opinion of this Bill: this is bullcrap. Period.
CPB2011 Draft (Update: working draft of CPB2011 has been officially released by MOSTI. Click here to download.)
Latest update on this matter
Also, List of Demands to the Board of Computing Professional Bill 2011 Drafting Committee
Update: from spoonfork - "Hi, I need your help in getting the requests, comments, and questions regarding #CPB2011 to be heard by MOSTI. As such, I would like you and your organizations to support the document that I have prepared. If you agree to support the "COMMON VOICE OF ICT PROFESSIONALS ON BCP2011 AS OF 13 DEC 2011" please let me know so that I can list your groups/organizations in.
"
COMMON VOICE OF ICT PROFESSIONALS ON BCP2011 AS OF 13 DEC 2011
“We
the Malaysian ICT professionals have been alarmed by the sudden
announcement of the Board of Computing Professionals Draft Bill 2011
(hereby referred to as the BCP2011) which caught most of us off-guard
resulting in mixed reactions and unnecessary arguments. As responsible
Malaysian citizens, we trust and respect the Government’s intent to
enhance the ICT profession. In this spirit, we therefore do not object the Government’s intent to form the Board of Computing Professionals but in retrospect, we
have NOT found any information and substantiation that suggests or
concludes that the formation of the Board of Computing Professionals is
the right and only answer to amicably resolve all matters that the Government perceive to be issues relating to the ICT profession, if such issues indeed do exist in the first place.
This document is therefore presented to MOSTI as our joint voice and
concerns in an attempt to seek answers and would in turn appreciate
point by point answers to our questions and agreement to our requests.”
SHARE/PASS THIS ROUND AS MUCH AS YOU LIKE:
After the draconian Peaceful Assembly Bill, Malaysia is now trotting out the next Really Bad Idea: the Computing Professionals Bill 2011. You can read the draft bill here: http://www.scribd.com/doc/75107593/CPB2011-Draft
The gist of it is this: the plan is to create a Board of Computing Professionals and make it mandatory by law for all computing professionals to be registered with and certified by said board.
This board will decide whether you are a 'properly' qualified professional. There will of course be registration fees involved, payable yearly. And a proposed 'fund' created. Why does all this smell rather like a poorly disguised moneymaking scheme?
If you are NOT a registered
member, you are prohibited from submitting
"proposals,plans,designs,drawings,schemes,reports,studies or others to
be determined by the Board to any person or authority in Malaysia".
In
other words, if I don't register, it is technically illegal for me to
even email ANY MALAYSIAN with even an IDEA for a tech-related project.
It would be against the law for me to even sketch, on a napkin, my idea
for a new app while having coffee with someone.
Want to know the hilarious part? The country with a bill nearly identical to ours is...NIGERIA. -> http://www.cpn.gov.ng/index.php?page=showcnt&cat=4&subc=0&id=3 . So we're taking a leaf out of their book? Brilliant, Malaysia, totally brilliant.
In countries like Australia, there are professional bodies like the Australian Computer Society. But enrollment is voluntary - in Malaysia, the powers that be are figuratively putting a gun to the head of every computing professional. "Register or you'll be deemed doing business illegally."
Why is this a big deal? The bill goes against the grain of everything tech stands for. It's about innovation and the freedom to create; things this bill intends to snuff out. What's to stop the country from deciding what kind of tech we're allowed to create?
The bill even states
that IT professionals are not allowed to participate in fields not
within their expertise. So if I'm a registered systems analyst but
taught myself to program in Rails in my spare time, it would be ILLEGAL
for me to do some coding for a client unless I re-declare my skills.
As an IT grad and ex-tech worker, I learned first-hand that it isn't paper qualifications that count as much as proven skills. I know programmers without degrees or any form of certification who are skilled, competent and in most cases, entirely self-taught. After all, the biggest names in the global IT industry —Bill Gates, the late Steve Jobs, Michael Dell and Larry Ellison—dropped out of college.
Dear tech industry workers, I urge you to oppose the bill.
Oppose it because it seeks to force you to limit and narrowly define the scope of your talents.
Oppose it because the government is effectively trying to decide what you can or cannot work on and who you can work with.
Oppose it because unnecessary regulation like this will cripple, not enhance the already challenged industry.
Oppose it because this is a poorly thought out, badly put-together piece of bullcrap.
I'll be damned if I'll let the government insist I register with them and pay them money for the freedom to program, build websites and apps or propose tech-related ideas to my fellow Malaysians.
Also, there will be an open day for the suggestion to the formation of Board of Computing Professionals Malaysia (BCPM):
Tarikh (Date) : 13 Disember 2011 (Selasa/ Tuesday)
Masa (Time) : 9.30 pagi (AM) – 5.00 petang (PM)
Tempat (Venue) : Dewan Perhimpunan,
Aras 1, Blok C4, Kompleks C
Kementerian Sains, Teknologi dan Inovasi
P/S: My of opinion of this Bill: this is bullcrap. Period.
Monday, November 28, 2011
Cracking the Credit Card Code
Credit cards are everywhere, almost everyone around us has one or more than one. This post will show you how to crack the 16-digit code on your credit card.
4417 1234 5678 9113
4 - the first digit is the Major Industry Identifier.It designates the category of the entity which issued the card.
1 and 2 are airlines
3 is Travel and Entertainment
4 and 5 are Banking and Financial
6 is Merchandizing and Baking
7 is Petroleum
8 is Telecommunications
9 is National assignment
The first 6 digits are the Issuer Identification Number. It will identify the institution that issued the card.
Visa: 4xxxxx
Mastercard: 51xxxx - 55xxxx
Discover:6011xx, 644xxx, 65xxxx
Amex: 34xxxx, 37xxxx
Cards can be looked up by their IIN (Issuer Identification Number).
A card that starts with 376211 is a Singapore Airlines Krisflyer
American Express Gold Card.
529962 designates a pre-paid Much-Music MasterCard.
The 7th and following digits, excluding the final digit, are the person`s account number. This leaves a trillion possible combinations if the maximum of 12 digits is used. Many cards only use 9 digits.
3 The final digit is the check digit or checksum. It is used to validate the credit card number using the Luhn algorithm.
How to validate a credit card with your mind
Take the above number (or any credit card number)
4417 1234 5678 9113 (And double every other digit from the left)
* * * * * * * *
2 2 2 2 2 2 2 2
=
8 2 2 6 10 14 18 2
Add these new digits to undoubled ones
4 7 2 4 6 8 1 3
All double digit numbers are added as a sum of their digits,so 14 becomes 1 + 4
8+4+2+7 + 2+2+6+4 + 1+0+6+1+4+8 + 1+8+1+2+3
=70
If the final sum is divisible by 10,then the credit card number is valid.
If it`s not divisible by 10, the number is invalid or fake.
4417 1234 5678 9113
4 - the first digit is the Major Industry Identifier.It designates the category of the entity which issued the card.
1 and 2 are airlines
3 is Travel and Entertainment
4 and 5 are Banking and Financial
6 is Merchandizing and Baking
7 is Petroleum
8 is Telecommunications
9 is National assignment
The first 6 digits are the Issuer Identification Number. It will identify the institution that issued the card.
Visa: 4xxxxx
Mastercard: 51xxxx - 55xxxx
Discover:6011xx, 644xxx, 65xxxx
Amex: 34xxxx, 37xxxx
Cards can be looked up by their IIN (Issuer Identification Number).
A card that starts with 376211 is a Singapore Airlines Krisflyer
American Express Gold Card.
529962 designates a pre-paid Much-Music MasterCard.
The 7th and following digits, excluding the final digit, are the person`s account number. This leaves a trillion possible combinations if the maximum of 12 digits is used. Many cards only use 9 digits.
3 The final digit is the check digit or checksum. It is used to validate the credit card number using the Luhn algorithm.
How to validate a credit card with your mind
Take the above number (or any credit card number)
4417 1234 5678 9113 (And double every other digit from the left)
* * * * * * * *
2 2 2 2 2 2 2 2
=
8 2 2 6 10 14 18 2
Add these new digits to undoubled ones
4 7 2 4 6 8 1 3
All double digit numbers are added as a sum of their digits,so 14 becomes 1 + 4
8+4+2+7 + 2+2+6+4 + 1+0+6+1+4+8 + 1+8+1+2+3
=70
If the final sum is divisible by 10,then the credit card number is valid.
If it`s not divisible by 10, the number is invalid or fake.
Subscribe to:
Posts (Atom)