From bdcecd360b2c4c8dd838bed2edb84335ae7ddda5 Mon Sep 17 00:00:00 2001 From: Mari Wahl Date: Mon, 3 Nov 2014 11:05:34 -0500 Subject: [PATCH] reorganizing --- Cryptography/README.md | 82 ++++++++++++++++++- README.md | 145 ++++++++++++++++++++++++++++++++++ Reverse_Engineering/README.md | 29 ++++++- Steganography/README.md | 61 ++++++++++++++ Web_Exploits/README.md | 38 +++++++++ 5 files changed, 352 insertions(+), 3 deletions(-) diff --git a/Cryptography/README.md b/Cryptography/README.md index 298e648..74e5f3e 100644 --- a/Cryptography/README.md +++ b/Cryptography/README.md @@ -11,6 +11,22 @@ - Brute force hex digest chars +### Command Line +``` +$ echo -n password | md5sum +5f4dcc3b5aa765d61d8327deb882cf99 +``` + +- 32 chars + +``` +7e1321b3c8423b30c1cb077a2e3ac4f0a2a551a6458a8de22446cc76d639a9e98fc42c6cddf9966db3b09e843650343578b04d5e377d298e78455efc5ca404d5f4c9385f1902f7334b00b9b4ecd164de8bf8854bebe108183caeb845c7676ae48fc42c6ddf9966db3b09e84365034357327a6c4304ad5938eaf0efb6cc3e53dc7ff9ea9a069bd793691c422fb818 +``` + +- Use Python's md5.md5().digest() + + + ------ @@ -21,6 +37,21 @@ - SHA-256 brute force +### Command Line + +- Brute force: +``` +import hashlib, itertools +hash = '6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba' +ch = 'abcdef0123456789' +for a, b, c, d, e, f in itertools.product(ch, ch, ch, ch, ch, ch): + if hashlib.sha256('ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)).hexdigest() == hash: + print 'ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f) +``` + + + + -------- ## Rotation Ciphers @@ -74,9 +105,56 @@ In Python [we can use decoding](https://docs.python.org/2/library/codecs.html#co - XORtool -### Online +--- +### Other Resources - [Cryptol](https://www.cryptool.org/en/cryptool1-en) ------ +- [PyCrypto](https://www.dlitz.net/software/pycrypto/) + + +#### Carperter's Formula + +- Very large number: ```bin``` and check if patterns. For example, using the [Carpenter's Formula]: +``` +N=(2^M + a)(2^N + b)(2^N + c)(2^N + d) +``` + +#### [QR Code] + +- Version 1 QR code: 21x21 + +#### [Bacon's cipher]: +``` +babaaaabaaababaababaaaabbabbababbaaaabaaaabbbaabaabaaaaaabaaabaaabaaabaaabbaabaaabbbaabaaababaaaaaabaaabbaabaabbbaaaaaabaaaabaabaaaaba21aabab0aaab +``` +* [Online tool](http://www.geocachingtoolbox.com/index.php?page=baconianCipher) + + + +#### [Base64]: + +``` +NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG== +czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg== +Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo= +``` + + + + + +[SHA]:http://en.wikipedia.org/wiki/Secure_Hash_Algorithm +[MD5]: http://en.wikipedia.org/wiki/MD5 +[Base64]: http://en.wikipedia.org/wiki/Base64 +[Bacon's cipher]:http://en.wikipedia.org/wiki/Bacon's_ciphe +[Carpenter's Formula]:http://security.cs.pub.ro/hexcellents/wiki/writeups/asis_rsang +[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html +[karmadecay]: http://karmadecay.com/ +[tineye]: https://www.tineye.com/ +[images.google.com]: https://images.google.com/?gws_rd=ssl +[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp +[pnginfo]: http://www.stillhq.com/pngtools/ +[namechk]: http://namechk.com +[QR Code]: http://en.wikipedia.org/wiki/QR_code diff --git a/README.md b/README.md index f067c03..583ffc3 100644 --- a/README.md +++ b/README.md @@ -19,3 +19,148 @@ All in one big bag. For fun, profits, or CTFs. ![](http://i.imgur.com/4WNqTJS.png) + + +---- + +### Useful + +#### Searching + + +``` +grep word f1 + +sort | uniq -c + +diff f1 f2 + +find -size f1 +``` + + + + +#### Compressed Files + + +``` +zcat f1 > f2 + +gzip -d file + +bzip2 -d f1 + +tar -xvf file +``` + + + +#### Connecting to a Server/Port + +``` +echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000 + +openssl s_client -connect localhost:30001 -quiet + +nmap -p 31000-32000 localhost + +telnet localhost 3000 +``` + + + +#### Decoders + +[Base64](http://www.base64decode.org) + +[ASCII Conversion Table](http://defindit.com/ascii.html) + +[Convert All](http://www.asciitohex.com/) + + +- In Python: + +- Decimal to binary + +```python +>>> bin(124234) +'0b11110010101001010' +``` + +- Decimal to hex: + +```python +>>> s =hex(secret) +``` + +- Hexadecimal to binary: +```python +SECRET.decode('hex') +'==QcCtmMml1ViV3b' +``` + +``` +$ python -c 'print "2f722f6e6574736563".decode("hex")' +``` + +- Hex to ascii: + +``` +$ xxd -r -p <<< 2f722f6e6574736563 +``` + +- Base64 decode: + +```python +>>> SECRET.decode('base64') +'oubWYf2kBq' +``` + +- md5 hashes +http://hash-killer.com/ +http://www.md5this.com/ + +---- + + + +### Recon + + + +#### Searching the Internets + +The recon problems usually give you someone/something's name and a task or a hint to find some specific information about it. So the first thing is of course google it. + +Google anything using keywords such as ```filetype:cgi inurl:cgi-bin``` + + +#### In addition we can look at: + +- Facebook, Twitter, Linkedin, Google+, reddit, /r/netsec. +- IRC: with **/whois **. +- [namechk] +- Github: check in the commit history. + + +#### Finding pictures: + +- [karmadecay] +- [tineye] +- [images.google.com] + + + +----------------- +[FireBug]: http://getfirebug.com/ +[Burp Suite]: http://portswigger.net/burp/ +[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html +[karmadecay]: http://karmadecay.com/ +[tineye]: https://www.tineye.com/ +[images.google.com]: https://images.google.com/?gws_rd=ssl +[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp +[subbrute.py]: https://github.com/SparkleHearts/subbrute +[pnginfo]: http://www.stillhq.com/pngtools/ +[namechk]: http://namechk.com + diff --git a/Reverse_Engineering/README.md b/Reverse_Engineering/README.md index 94a5853..0591dc7 100644 --- a/Reverse_Engineering/README.md +++ b/Reverse_Engineering/README.md @@ -10,16 +10,41 @@ - base conversion - Command line tricks + +### Encondings/ Binaries + +``` +file f1 + +ltrace bin + +strings f1 + +base64 -d + +xxd -r + +nm + +objcopy + +binutils +``` + + + + + ### Online References [Reverse Engineering, the Book]: http://beginners.re/ ---- - ## IDA - Cheat sheet +- [IDA PRO](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) ------------- @@ -30,6 +55,8 @@ + + #### gdb ```sh $ gcc -ggdb -o .c diff --git a/Steganography/README.md b/Steganography/README.md index e671a1e..95334bb 100644 --- a/Steganography/README.md +++ b/Steganography/README.md @@ -6,3 +6,64 @@ - Adding two images - xor_bytes - color crypto + +___ + +## Command Line: + +- Pull out the audio with ffmpeg: + +``` +$ ffmpeg -i windows.mp4 windows.wav +``` + + +- Make a gif from video using [ffmpeg](https://www.ffmpeg.org/download.html) + +```sh +$ ffmpeg -i windows.mp4 windows.gif +``` + +- Online tool for images: + * [utilitymill](http://utilitymill.com/utility/Steganography_Decode) + * [pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html) + * [Paranoid.jar](https://ccrma.stanford.edu/~eberdahl/Projects/Paranoia/) + + +____ + +### Metadata + + +[Image metadata](http://regex.info/exif.cgi) + +- To find information inside a picture, we can use package [pnginfo] or [pngcheck]. + +- If we need [base64 decoding] (for example a PGP key with a picture). + +- Weird pieces of bytes may need to be XORed. + +- If we have a decrypted message and a key: + 1. Import the private key to use it to decrypt the message with ```gpg --allow-secret-key-import --import private.key``` + 2. Decrypt with ```gpg --decrypt message.pgp```. + +- [ExifTool](http://www.sno.phy.queensu.ca/~phil/exiftool/index.html) + + + + + + + + +[Bacon's cipher]:http://en.wikipedia.org/wiki/Bacon's_ciphe +[Carpenter's Formula]:http://security.cs.pub.ro/hexcellents/wiki/writeups/asis_rsang +[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html +[karmadecay]: http://karmadecay.com/ +[tineye]: https://www.tineye.com/ +[images.google.com]: https://images.google.com/?gws_rd=ssl +[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp +[subbrute.py]: https://github.com/SparkleHearts/subbrute +[pnginfo]: http://www.stillhq.com/pngtools/ +[namechk]: http://namechk.com + diff --git a/Web_Exploits/README.md b/Web_Exploits/README.md index 711ac75..9da4a31 100644 --- a/Web_Exploits/README.md +++ b/Web_Exploits/README.md @@ -21,3 +21,41 @@ ## User ID - cookie auth - user id + +## Other Resources + +#### When we have a Website/IP Address: + +- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com. + +- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains. + +- Use the command ```dig``` or ```ping``` in Linux to find the IP address of the website. + +- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 ```. + +- Check the *robot.txt* file for hidden folders. + +- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax). + + + + +#### Tools + +- [Burp Suite] +- [FireBug] in Firefox + + +----------------- +[FireBug]: http://getfirebug.com/ +[Burp Suite]: http://portswigger.net/burp/ +[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html +[karmadecay]: http://karmadecay.com/ +[tineye]: https://www.tineye.com/ +[images.google.com]: https://images.google.com/?gws_rd=ssl +[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp +[subbrute.py]: https://github.com/SparkleHearts/subbrute +[pnginfo]: http://www.stillhq.com/pngtools/ +[namechk]: http://namechk.com +