9447

CTFs_and_WarGames/2014/9447/nosql/client.py

@@ -0,0 +1,50 @@
+#!/usr/bin/python2
+
+import os, socket, struct, sys
+from Crypto.Cipher import AES
+
+
+class EncryptedStream(object):
+  key = 'this is not the flag nor the key'[:16]
+
+  def __init__(self, host, port):
+    self.sock = socket.socket()
+    self.sock.connect((host, port))
+
+  def send(self, msg):
+    while len(msg) % 16:
+      msg += '\0'
+
+    iv = os.urandom(16)
+    aes = AES.new(self.key, AES.MODE_ECB, iv)
+    enc = aes.encrypt(msg)
+
+    self.sock.send(struct.pack('<I', len(enc)))
+    self.sock.send(enc)
+
+  def recv(self, nbytes):
+    return self.sock.recv(nbytes)
+
+
+
+
+client = '''\
+HELLO
+SHOW VERSION
+SET example This tiny script is basically a RedisStore...
+GET example
+SHOW KEYS
+SET brucefact#1 Bruce Schneier can break elliptic curve cryptography by bending it into a circle
+SET brucefact#2 Bruce Schneier always cooks his eggs scrambled. When he wants hardboiled eggs, he unscrambles them
+SET brucefact#3 Bruce Schneier could solve this by inverting md5 hash of the flag
+ENCRYPTION HEX
+MD5 flag
+'''
+
+stream = EncryptedStream(sys.argv[1], int(sys.argv[2]))
+stream.send(client)
+
+while 1:
+  data = stream.recv(1000)
+  if not data: break
+  sys.stdout.write(data)

CTFs_and_WarGames/2014/9447/nosql/server.py

@@ -0,0 +1,90 @@
+#!/usr/bin/python2
+
+import hashlib, os, signal, struct, sys
+from Crypto.Cipher import AES
+
+
+key = 'this is not the flag nor the key'[:16]
+db = { }
+
+
+def md5(data):
+  return hashlib.md5(data).digest()
+
+
+def decrypt(data):
+  iv = os.urandom(16)
+  aes = AES.new(key, AES.MODE_ECB, iv)
+  data = aes.decrypt(data)
+  return data.rstrip('\0')
+
+
+def reply_plain(message):
+  sys.stdout.write(message + '\n')
+
+
+def reply_hex(message):
+  # This is totally encrypted, right?
+  sys.stdout.write(message.encode('hex') + '\n')
+
+
+def main():
+  global db
+  reply = reply_plain
+
+  datalen = struct.unpack('<I', sys.stdin.read(4))[0]
+  data = ''
+  while len(data) != datalen:
+    s = sys.stdin.read(1)
+    if not s:
+      sys.exit(1)
+    data += s
+  data = decrypt(data)
+
+
+  commands = data.split('\n')
+
+  for cmd in commands:
+    if not cmd:
+      continue
+    if ' ' in cmd:
+      cmd, args = cmd.split(' ', 1)
+
+    if cmd == 'HELLO':
+      reply('WELCOME')
+    elif cmd == 'SHOW':
+      if args == 'VERSION':
+        reply('NoRedisSQL v1.0')
+      elif args == 'KEYS':
+        reply(repr(db.keys()))
+      elif args == 'ME THE MONEY':
+        reply("Jerry, doesn't it make you feel good just to say that!")
+      else:
+        reply('u w0t m8')
+    elif cmd == 'SET':
+      key, value = args.split(' ', 1)
+      db[key] = value
+      reply('OK')
+    elif cmd == 'GET':
+      reply(args + ': ' + db.get(args, ''))
+    elif cmd == 'SNIPPET':
+      reply(db[args][:10] + '...')
+    elif cmd == 'MD5':
+      reply(md5(db.get(args, '')))
+    elif cmd == 'ENCRYPTION':
+      if args == 'HEX':
+        reply = reply_hex
+        reply('OK')
+      elif args == 'OFF':
+        reply = reply_plain
+        reply('OK')
+      else:
+        reply('u w0t m8')
+    else:
+      reply('Unknown command %r' % (cmd))
+
+
+if __name__ == '__main__':
+  signal.alarm(10)
+  signal.signal(signal.SIGALRM, lambda a,b: sys.exit(0))
+  main()

CTFs_and_WarGames/CTFs-TRIVIA-COLLECTION.md

@@ -1,21 +0,0 @@
-# Trivia List (For Reference)
-___
-
-## CSAW CTF 2014
-
-1. This is the name of the new USENIX workshop that featured papers on CTFs being used for education. Answer: **3GSE**
-
-2. This x86 instruction is an alias for pop eip/rip.
-Answer: **RET**
-
-3. This is a type of informal security meetup that has been gaining popularity in different cities over the last several years.  Answer: **CitySec**
-
-4. This is what geohot and other members of the CTF community are calling live streamed CTF competitions where spectators can watch competitors screens as they solve challenges. Answer: **livectf**
-
-5. On this day in November, the CSAW Career Fair takes place in Brooklyn, New York. Answer: **14**
-
-6. This is the Twitter handle of the student who runs CSAW CTF. Answer: **poopsec**
- 
-
-
-

CTFs_and_WarGames/README.md

@@ -1,15 +1,75 @@
 CTFs & Wargames Archives
 ========================
 
+# CTFs
+
 ## 2014
 
-
-### CTFs
 - ASIS Final
 - CSAW Quals
 - Hack.lu
+- Stripe 1, 2, 3
+- 9447
 
 
-### Wargames
+---
+# Wargames
+
+## 2014
+
 - OverTheWire: Krypton, Narnia
 
+
+----
+
+# Trivia List (For Reference)
+
+## CSAW CTF 2014
+
+1. This is the name of the new USENIX workshop that featured papers on CTFs being used for education. Answer: **3GSE**
+
+2. This x86 instruction is an alias for pop eip/rip.
+Answer: **RET**
+
+3. This is a type of informal security meetup that has been gaining popularity in different cities over the last several years.  Answer: **CitySec**
+
+4. This is what geohot and other members of the CTF community are calling live streamed CTF competitions where spectators can watch competitors screens as they solve challenges. Answer: **livectf**
+
+5. On this day in November, the CSAW Career Fair takes place in Brooklyn, New York. Answer: **14**
+
+6. This is the Twitter handle of the student who runs CSAW CTF. Answer: **poopsec**
+ 
+
+---
+# Recon
+
+
+### Searching the Internets
+
+The recon problems usually give you someone/something's name and a task or a hint to find some specific information about it. So the first thing is of course google it.
+
+Google anything using keywords such as ```filetype:cgi inurl:cgi-bin```
+
+
+### In addition we can look at:
+
+- Facebook, Twitter, Linkedin, Google+, reddit,  /r/netsec.
+- IRC: with **/whois **.
+- [namechk] 
+- Github: check in the commit history.
+
+
+### Finding pictures:
+
+- [karmadecay]
+- [tineye]
+- [images.google.com]
+
+
+[karmadecay]: http://karmadecay.com/
+[tineye]:  https://www.tineye.com/
+[images.google.com]: https://images.google.com/?gws_rd=ssl
+[namechk]: http://namechk.com
+
+
+----

text.txt

@@ -1,3 +0,0 @@
-Hello everyone!
-Linux is really cool.
-Let's learn more!