reorganizing

2025-04-25 10:09:08 -04:00 · 2014-11-03 11:05:34 -05:00 · 2014-11-03 11:05:34 -05:00 · bdcecd360b
commit bdcecd360b
parent 2afd831662
5 changed files with 352 additions and 3 deletions
--- a/Cryptography/README.md
+++ b/Cryptography/README.md
@ -11,6 +11,22 @@
 - Brute force hex digest chars


+### Command Line
+```
+$ echo -n password | md5sum
+5f4dcc3b5aa765d61d8327deb882cf99
+```
+
+- 32 chars
+
+```
+7e1321b3c8423b30c1cb077a2e3ac4f0a2a551a6458a8de22446cc76d639a9e98fc42c6cddf9966db3b09e843650343578b04d5e377d298e78455efc5ca404d5f4c9385f1902f7334b00b9b4ecd164de8bf8854bebe108183caeb845c7676ae48fc42c6ddf9966db3b09e84365034357327a6c4304ad5938eaf0efb6cc3e53dc7ff9ea9a069bd793691c422fb818
+```
+
+- Use Python's md5.md5().digest()
+
+
+

 ------

@ -21,6 +37,21 @@
 - SHA-256 brute force


+### Command Line
+
+- Brute force:
+```
+import hashlib, itertools
+hash = '6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba'
+ch = 'abcdef0123456789'
+for a, b, c, d, e, f in itertools.product(ch, ch, ch, ch, ch, ch):
+    if hashlib.sha256('ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)).hexdigest() == hash:
+        print 'ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)
+```
+
+
+
+
 --------

 ## Rotation Ciphers
@ -74,9 +105,56 @@ In Python [we can use decoding](https://docs.python.org/2/library/codecs.html#co
 - XORtool


-### Online
+---
+### Other Resources

 - [Cryptol](https://www.cryptool.org/en/cryptool1-en)

-----
+- [PyCrypto](https://www.dlitz.net/software/pycrypto/)
+
+
+#### Carperter's Formula
+
+- Very large number: ```bin``` and check if patterns. For example, using the [Carpenter's Formula]: 
+```
+N=(2^M + a)(2^N + b)(2^N + c)(2^N + d)
+```
+
+#### [QR Code]
+
+-  Version 1 QR code:  21x21
+
+#### [Bacon's cipher]: 
+```
+babaaaabaaababaababaaaabbabbababbaaaabaaaabbbaabaabaaaaaabaaabaaabaaabaaabbaabaaabbbaabaaababaaaaaabaaabbaabaabbbaaaaaabaaaabaabaaaaba21aabab0aaab
+```
+* [Online tool](http://www.geocachingtoolbox.com/index.php?page=baconianCipher)
+
+
+
+#### [Base64]: 
+
+```
+NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG==
+czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg==
+Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo=
+```
+
+
+
+
+
+[SHA]:http://en.wikipedia.org/wiki/Secure_Hash_Algorithm
+[MD5]: http://en.wikipedia.org/wiki/MD5
+[Base64]: http://en.wikipedia.org/wiki/Base64
+[Bacon's cipher]:http://en.wikipedia.org/wiki/Bacon's_ciphe
+[Carpenter's Formula]:http://security.cs.pub.ro/hexcellents/wiki/writeups/asis_rsang
+[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
+[karmadecay]: http://karmadecay.com/
+[tineye]:  https://www.tineye.com/
+[images.google.com]: https://images.google.com/?gws_rd=ssl
+[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
+[pnginfo]: http://www.stillhq.com/pngtools/
+[namechk]: http://namechk.com
+[QR Code]: http://en.wikipedia.org/wiki/QR_code

--- a/README.md
+++ b/README.md
@ -19,3 +19,148 @@ All in one big bag. For fun, profits, or CTFs.


 ![](http://i.imgur.com/4WNqTJS.png)
+
+
+---- 
+
+### Useful
+
+#### Searching
+ 
+ 
+```
+grep word f1
+ 
+sort | uniq -c
+ 
+diff f1 f2
+ 
+find -size f1
+```
+ 
+
+
+ 
+#### Compressed Files
+ 
+ 
+```
+zcat f1 > f2
+ 
+gzip -d file
+ 
+bzip2 -d f1
+ 
+tar -xvf file
+```
+ 
+ 
+ 
+#### Connecting to a Server/Port
+ 
+```
+echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
+ 
+openssl s_client -connect localhost:30001 -quiet
+ 
+nmap -p 31000-32000 localhost
+ 
+telnet localhost 3000
+```
+ 
+
+
+#### Decoders
+
+[Base64](http://www.base64decode.org)
+
+[ASCII Conversion Table](http://defindit.com/ascii.html)
+
+[Convert All](http://www.asciitohex.com/)
+
+
+- In Python:
+
+- Decimal to binary
+
+```python
+>>> bin(124234)
+'0b11110010101001010'
+```
+
+- Decimal to hex:
+
+```python
+>>> s =hex(secret)
+```
+
+- Hexadecimal to binary:
+```python
+SECRET.decode('hex')
+'==QcCtmMml1ViV3b'
+```
+
+```
+$ python -c 'print "2f722f6e6574736563".decode("hex")'
+```
+
+- Hex to ascii:
+
+```
+$ xxd -r -p <<< 2f722f6e6574736563
+```
+
+- Base64 decode:
+
+```python
+>>> SECRET.decode('base64')
+'oubWYf2kBq'
+```
+
+- md5 hashes
+http://hash-killer.com/
+http://www.md5this.com/
+
+----
+
+
+
+### Recon
+
+
+
+#### Searching the Internets
+
+The recon problems usually give you someone/something's name and a task or a hint to find some specific information about it. So the first thing is of course google it.
+
+Google anything using keywords such as ```filetype:cgi inurl:cgi-bin```
+
+
+#### In addition we can look at:
+
+- Facebook, Twitter, Linkedin, Google+, reddit,  /r/netsec.
+- IRC: with **/whois **.
+- [namechk] 
+- Github: check in the commit history.
+
+
+#### Finding pictures:
+
+- [karmadecay]
+- [tineye]
+- [images.google.com]
+
+
+
+-----------------
+[FireBug]: http://getfirebug.com/
+[Burp Suite]: http://portswigger.net/burp/
+[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
+[karmadecay]: http://karmadecay.com/
+[tineye]:  https://www.tineye.com/
+[images.google.com]: https://images.google.com/?gws_rd=ssl
+[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
+[subbrute.py]: https://github.com/SparkleHearts/subbrute
+[pnginfo]: http://www.stillhq.com/pngtools/
+[namechk]: http://namechk.com
+
--- a/Reverse_Engineering/README.md
+++ b/Reverse_Engineering/README.md
@ -10,16 +10,41 @@
 - base conversion
 - Command line tricks

+
+### Encondings/ Binaries
+ 
+```
+file f1
+ 
+ltrace bin
+ 
+strings f1
+ 
+base64 -d
+ 
+xxd -r
+
+nm
+
+objcopy
+
+binutils
+```
+ 
+ 
+
+
+
 ### Online References

 [Reverse Engineering, the Book]: http://beginners.re/


 ----
-
 ## IDA

 - Cheat sheet
+- [IDA PRO](https://www.hex-rays.com/products/ida/support/download_freeware.shtml)


 -------------
@ -30,6 +55,8 @@



+
+
 #### gdb
 ```sh
 $ gcc -ggdb -o <filename> <filename>.c
--- a/Steganography/README.md
+++ b/Steganography/README.md
@ -6,3 +6,64 @@
 - Adding two images
 - xor_bytes
 - color crypto
+
+___
+
+## Command Line:
+
+- Pull out the audio with ffmpeg:
+
+```
+$ ffmpeg -i windows.mp4 windows.wav
+```
+
+
+- Make a gif from video using [ffmpeg](https://www.ffmpeg.org/download.html)
+
+```sh
+$ ffmpeg -i windows.mp4 windows.gif
+```
+
+- Online tool for images: 
+	* [utilitymill](http://utilitymill.com/utility/Steganography_Decode)
+	* [pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html)
+	* [Paranoid.jar](https://ccrma.stanford.edu/~eberdahl/Projects/Paranoia/)
+
+
+____
+
+### Metadata
+
+
+[Image metadata](http://regex.info/exif.cgi)
+
+- To find information inside a picture, we can use package [pnginfo] or [pngcheck].
+
+- If we need [base64 decoding] (for example a PGP key with a picture).
+
+- Weird pieces of bytes may need to be XORed.
+
+- If we have a decrypted message and a key:
+    1. Import the private key to use it to decrypt the message with ```gpg --allow-secret-key-import --import private.key```
+    2. Decrypt with ```gpg --decrypt message.pgp```.
+
+- [ExifTool](http://www.sno.phy.queensu.ca/~phil/exiftool/index.html)
+
+
+
+
+
+
+
+
+[Bacon's cipher]:http://en.wikipedia.org/wiki/Bacon's_ciphe
+[Carpenter's Formula]:http://security.cs.pub.ro/hexcellents/wiki/writeups/asis_rsang
+[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
+[karmadecay]: http://karmadecay.com/
+[tineye]:  https://www.tineye.com/
+[images.google.com]: https://images.google.com/?gws_rd=ssl
+[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
+[subbrute.py]: https://github.com/SparkleHearts/subbrute
+[pnginfo]: http://www.stillhq.com/pngtools/
+[namechk]: http://namechk.com
+
--- a/Web_Exploits/README.md
+++ b/Web_Exploits/README.md
@ -21,3 +21,41 @@
 ## User ID
 - cookie auth
 - user id
+
+## Other Resources
+
+#### When we have a Website/IP Address:
+
+- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.
+
+- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.
+
+- Use the command ```dig``` or ```ping``` in Linux to find the IP  address of the website.
+
+- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>```.
+
+- Check the *robot.txt* file for hidden folders.
+
+- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).
+
+
+
+
+#### Tools
+
+- [Burp Suite]
+- [FireBug] in Firefox
+
+
+-----------------
+[FireBug]: http://getfirebug.com/
+[Burp Suite]: http://portswigger.net/burp/
+[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
+[karmadecay]: http://karmadecay.com/
+[tineye]:  https://www.tineye.com/
+[images.google.com]: https://images.google.com/?gws_rd=ssl
+[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
+[subbrute.py]: https://github.com/SparkleHearts/subbrute
+[pnginfo]: http://www.stillhq.com/pngtools/
+[namechk]: http://namechk.com
+