Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    aubrel
    @aubrel
    Haha, there's some doxxing ones that are p fun under "Forensics" ("Impossible Pen Test").
    1 reply
    0xACAB
    @fabacab
    I picked up a few of the low-point Forensics challenges in DawgCTF as well. There's some good beginner stuff in there, and a lot of Wireshark! (The Tech Learning Collective networking workshops are SUPER relevant here!)
    techlearningcollective
    @techlearningcollective
    We've published the first five in a series of over 20 new planned TLC Foundations learning modules yesterday. Enjoy!
    0xACAB
    @fabacab
    It looks like the DawgCTF team raised the amount of points those "Free Wi-Fi" challenges net you because so many people were having trouble with them. Guess they were harder than the creators expected them to be. So that makes me feel a little better for not getting them quickly. :D
    0xACAB
    @fabacab
    Who's playing PlaidCTF tomorrow?
    0xACAB
    @fabacab
    Decent write-up of the various"Free Wi-Fi" challenges from last week's DawgCTF! https://github.com/m3ssap0/CTF-Writeups/blob/master/DawgCTF%202020/Free%20Wi-Fi/README.md I feel silly for not getting the simple client side validation one but good that we were on the right track about all the other clues we found in the pcap.
    0xACAB
    @fabacab
    It also appears that WPICTF, starting in just three hours, will also have some beginner friendly challenges. I think I might check those out.
    techlearningcollective
    @techlearningcollective
    PlaidCTF and WPICTF are happening concurrently, so you can do both or either. :) We have four workshops this weekend (as usual, check our events page or subscribe to our calendar) so will be a little less available than usual to offer help or guidance but still encourage you to enjoy both of the games and have fun!
    0xACAB
    @fabacab
    For anyone playing WPICTF, scroll down to the bottom of the challenge list and check out the "recon" category. I don't see those kinds of challenges in CTFs a lot and I really like them!
    0xACAB
    @fabacab
    @zachmandeville_gitlab So you asked about RiceTeaCatPanda's "beginner 9" challenege. The input they gave us was base64 decoded, which is clear from the trailing = sign at the end. Here's the last bit of input from the Beginner 10.txt file (Gitter won't let me post the whole thing) that they provided for the challenge:
    MmQgMmQgMmQgMmQgMmQgMjAgMmQgMmQgMmQgMmQgMmQgMjAgMmUgMmQgMmQgMmQgMmQgMjAgMmUgMmQgMmQgMmQgMmQgMjAggMmQgMmQgMmQgMmQgMjAgMmUgMmQgMmQgMmQgMmQgMjAgMmQgMmQgMmQgMmQgMmQgMjAgMmQgMmQgMmQgMmQgMmQgMjAgMmUgMmQgMmQgMmQgMmQ=
    So we base64 --decode and get a bunch of values like this:
    2d 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2e 2d 2d 2d 2d 20 2e 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2e 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 0a 2d 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2e 2d 2d 2d 2d 20 2e 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2e 2d 2d 2d 2d 20 2e 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 0a 2d 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2e 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 20 2d 2d 2d 2d 2d 0a
    The clear pattern is that these are all hex values, and that there are only a few different sets of them: 2d, 2e, and 20. We can use CyberChef to make this easier than I did it, but I went with a command-line approach. In hex, 20 maps to the ASCII space character. So this means that having actual spaces in the input here isn't what we want, so first I got rid of the spaces by replacing them all with a percent sign:
    base64 --decode "Beginner 10.txt" | sed -e 's/^/%/' -e 's/ /%/g'
    0xACAB
    @fabacab
    The -e to sed means "execute this script" and then I provide two scripts: the first one simply prepends the % to the very first location in the input and the next one replaces all the literal space characters with a percent sign. This gives me a URL-encoded string where the spaces are part of the encoded value, so now I have input like this:
    %2d%2d%2d%2d%2d%20%2d%2d%2d%2d%2d%20%2e%2d%2d%2d%2d%20%2e%2d%2d%2d%2d%20%2d%2d%2d%2d%2d%20%2d%2d%2d%2d%2d%20%2e%2d%2d%2d%2d%20%2d%2d%2d%2d%2d%0a%2d%2d%2d%2d%2d%20%2d%2d%2d%2d%2d%20%2e%2d%2d
    Okay, from here, it's super easy to URL-decode it. I do this so often that I have an alias for it, but you can do it in one line of Python thanks to a module available in the Python standard library called urllib:
    alias urldecode='python -c "import sys, urllib.parse; print(urllib.parse.unquote(sys.argv[1]))"'
    So now I can do urldecode $(base64 --decode "Beginner 10.txt" | sed -e 's/^/%/' -e 's/ /%/g') and the result is a bunch of morse code, apparently:
    urldecode $(base64 --decode ~/Downloads/Beginner\ 10.txt | sed -e 's/^/%/' -e 's/ /%/g')
    ----- ----- .---- .---- ----- ----- .---- -----
    ----- ----- .---- .---- ----- .---- .---- -----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- ----- .---- ----- .----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- ----- ----- .---- -----
    ----- ----- .---- .---- ----- .---- .---- -----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- .---- ----- ----- .----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- ----- ----- .---- -----
    ----- ----- .---- .---- ----- .---- ----- .----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- ----- ----- .---- -----
    ----- ----- .---- .---- ----- ----- .---- -----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- ----- ----- .---- -----
    ----- ----- .---- .---- ----- .---- .---- -----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- ----- ----- .---- -----
    ----- ----- .---- .---- ----- .---- ----- .----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- ----- ----- .---- -----
    ----- ----- .---- .---- ----- .---- .---- -----
    ----- ----- .---- ----- ----- ----- ----- -----
    ----- ----- .---- .---- .---- ----- ----- .----
    So you can clearly see that these are sets of 8. Well, 8 bits in a byte, so it would be reasonable to assume that these are morse-code versions of 0's and 1's and wouldn't you know it, they are. In Morse code, ----- is the numeral 0 and a .---- is the numeral 1.
    0xACAB
    @fabacab

    Okay so now we just need to actually convert this to 0's and 1's so we can use it the way computers would expect, since computers don't really use Morse code, sooooooo sed to the rescue again, with three simple substitution scripts.

    First, replace the Morse code 0 with the numeral 0 gobally:

    -e 's/-----/0/g'

    Then do the same thing with a Morse code 1:

    -e 's/.----/1/g'

    and then get rid of the spaces so that we have a single "byte" per line:

    -e 's/ //g'

    So the full command is now:

    urldecode $(base64 --decode ~/Downloads/Beginner\ 10.txt | sed -e 's/^/%/' -e 's/ /%/g') | sed -e 's/-----/0/g' -e 's/.----/1/g' -e 's/ //g'
    Which gives us:
    urldecode $(base64 --decode ~/Downloads/Beginner\ 10.txt | sed -e 's/^/%/' -e 's/ /%/g') | sed -e 's/-----/0/g' -e 's/.----/1/g' -e 's/ //g'
    00110010
    00110110
    00100000
    00110101
    00100000
    00110010
    00110110
    00100000
    00111001
    00100000
    00110010
    00110101
    00100000
    00110010
    00110010
    00100000
    00110010
    00110110
    00100000
    00110010
    00110101
    00100000
    00110010
    00110110
    00100000
    00111001
    zach mandeville
    @zachmandeville_gitlab
    beautiful
    0xACAB
    @fabacab
    Yeah except I don't know what these values are.
    zach mandeville
    @zachmandeville_gitlab
    If we put it in cyberchef, they all map to numbers:
    26 5 26 9 25 22 26 25 26 9

    and the repeated 26 (and that no number is higher) makes me sense it's an alphanumeric cipher.

    If we say a is 1 and z is 26, then the decoded is zeziyvzyzi

    if we say a is 26 and z is 1, then the decoded is avarbeabar which seems like not complete gibberish.

    "a var be a bar"
    0xACAB
    @fabacab
    Right, this is the CyberChef recipe, using the "From Binary" operation. (Just throwing this here so we can share and bookmark.)
    I'm not convinced that's right and I don't think either rtcp{zeziyvzyzi} or rtcp{avarbeabar} work as flags.
    zach mandeville
    @zachmandeville_gitlab
    Yah, it's not completely gibberish and it's not meaningful either. So far, the flags have all been some full english response to the challenge title.
    and they've all been rctp{a_phrase_spaced_like_so}
    0xACAB
    @fabacab
    I also don't know what the "From Binary" operation in CyberChef really does. If I run the first bit string we get into bc(1) I get this for various output bases:
    echo "obase=16; ibase=2; 00110010" | bc
    32
    echo "obase=10; ibase=2; 00110010" | bc
    50
    echo "obase=08; ibase=2; 00110010" | bc
    62
    Oh wait I just realized what the From Binary operation does, lol. It turns it into ASCII. Because in ASCII, hex 32 is the ASCII 2, and so is decimal 50, and so is octal 62.
    zach mandeville
    @zachmandeville_gitlab
    ah!
    haha, but I still don't know what it means :/
    0xACAB
    @fabacab
    Yeeeeeah…me neither.
    I think your guess of it being an alphabet makes sense. 26 being the highest number is probably not a coincidence.

    Also this:

    for i in $(urldecode $(base64 --decode ~/Downloads/Beginner\ 10.txt | sed -e 's/^/%/' -e 's/ /%/g') | sed -e '-----/0/g' -e 's/.----/1/g' -e 's/ //g'); do printf "\x"$(echo "obase=16; ibase=2; $i" | bc) ; done
    26 5 26 9 25 22 26 25 26 9

    is the exact same output as from CyberChef, which proves that is in fact what it's doing. Unfortunately I don't know what these strings of numbers mean.

    zach mandeville
    @zachmandeville_gitlab

    hmmm. the hint is 'hope you been paying attention', which ties to how many different decodings we've done so far, each being the answer to a previous q.

    The other ciphers to try would be AZ126, Atbash, Bacon, and rot13/caesar

    0xACAB
    @fabacab
    I tried a number of those in CyberChef already but couldn't make heads or tails of the output, though maybe I got the ordering wrong.
    zach mandeville
    @zachmandeville_gitlab
    yah...and we've done the a1z26 and atbash already, and it doesn't look like a bacon cipher (that'd be a collection of 5 character strings like AAABB ABABA)
    so really we'd just do rot13...but that doesn't give anything meaningful. I don't know, the distribution in that cipher seems weird. there's only 5 unique numbers/letters
    0xACAB
    @fabacab
    It does seem a little short, but I'm fairly confident we aren't losing any data in the translation process.
    0xACAB
    @fabacab
    So here is the entire CyberChef recipe for the challenge so far, and I think it's correct.
    0xACAB
    @fabacab
    Welp, I'm gonna come back to this a bit later. That link should be sufficient for anyone else who wants to jump in and try to solve it with us.
    aubrel
    @aubrel

    The people behind Covid Watch (https://www.covid-watch.org/about) are looking for help on Java development and/or help with containerizing their backend server:

    https://github.com/Co-Epi/coepi-backend-aws

    There's probably a lot more to do on that project, too, it seems cool!

    "Reduce the spread of COVID-19 without increasing the spread of surveillance.

    Covid Watch aims to empower people to protect their communities from COVID-19 without sacrificing their personal privacy."

    1 reply
    techlearningcollective
    @techlearningcollective
    We've opened our Hacker Trivia Night game weekend up for anyone who wants to play. Enjoy, especially if this is your first time. :)
    yoni9091
    @yoni9091
    hey
    where can i find the list of communities you support
    ?
    techlearningcollective
    @techlearningcollective
    Our Web site's About page links out to all the groups we support in the various ways that we do.
    0xACAB
    @fabacab
    There's another apparently noob-friendly CTF happening next week. Anyone from here into it? https://ctf.noobarmy.tech/
    Olu v3.0.0
    @oluoluoxenfree_twitter
    hey hey, are additional courses under development? Also, are there examples of what kind of time locally for you all the workshops would run at? In GMT so just checking before I get over excited :)
    4 replies
    techlearningcollective
    @techlearningcollective
    @/all We just released a new hybrid lab/project that combines topics from several workshops: run your own Tech Learning Collective Web site as a Tor Onion site (Dark Web site). Feel free to try it out and offer feedback here, via email, on GitHub, or during a workshop! Enjoy!