Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Some basic hacking techniques via example: NoNa...

Some basic hacking techniques via example: NoNameCon badge by Oleksii Sobolevskyi

Oleksii Sobolevskyi showed, how he solved all the 6 tasks, that were encoded into a hardware badge of the NoNameCon 2019 conference in Kyiv. It included exploring simple XSS vulnerabilities as well as reverse engineering a binary.

MacPaw Tech Talks

August 08, 2019
Tweet

More Decks by MacPaw Tech Talks

Other Decks in Programming

Transcript

  1. Capture the Flag (CTF) — это игра, в которой участники

    пытаются захватить флаг противников и защитить свой.
  2. 1. Mr Bean Walker – reverse engineering 2. BruteSearcher –

    web application security 3. NoNameCon SpyNet – web application security 4. Ployka PWNer – cryptography 5. Binary Hero – reverse engineering 6. Side Blennel – steganography https://www.nonamecon.org/badge
  3. XSS

  4. XSS (англ. Cross-Site Scripting — «межсайтовый скриптинг») — тип атаки

    на веб-системы, заключающийся во внедрении в выдаваемую веб-системой страницу вредоносного кода (который будет выполнен на компьютере пользователя при открытии им этой страницы) и взаимодействии этого кода с веб-сервером злоумышленника.
  5. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36
  6. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36
  7. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36
  8. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36 ???
  9. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36 81 = 0x51
  10. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36
  11. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36 a1+0 = a13
  12. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36 a1+0 = 0xd2
  13. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36 a1+4 = a8
  14. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36 a8 = 0x53
  15. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36 a1+4 = 0x53
  16. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36 0xbf, 0xd2, 0x51, 0xb9, 0xd2, 0x53, 0xab, 0xa, 0xea, 0x83, 0x55, 0x4e, 0xfb, 0x8d
  17. • https://www.nonamecon.org/badge • screen • strings • dirb (http://dirb.sourceforge.net/) •

    https://xsshunter.com/ • https://github.com/tintinweb/ecdsa-private-key-recovery • https://docs.espressif.com/projects/esp-idf/en/release-v3.2/get- started/macos-setup.html#toolchain-setup • https://github.com/radareorg/cutter • https://0x04.net/~mwk/doc/xtensa.pdf • https://play.google.com/store/apps/details? id=no.nordicsemi.android.mcp • https://play.google.com/store/apps/details? id=com.macdom.ble.blescanner • https://play.google.com/store/apps/details? id=com.macdom.ble.blescanner • base64
  18. Q&A