Some basic hacking techniques via example: NoNameCon badge by Oleksii Sobolevskyi

Transcript

1. Basic hacking techniques via example: NoNameCon badge Oleksii Sobolevskyi Software

   Engineer
2. None
3. None

4. https://www.nonamecon.org/badge

5. None

6. Capture the Flag (CTF) — это игра, в которой участники

   пытаются захватить флаг противников и защитить свой.

7. 1. Mr Bean Walker – reverse engineering 2. BruteSearcher –

   web application security 3. NoNameCon SpyNet – web application security 4. Ployka PWNer – cryptography 5. Binary Hero – reverse engineering 6. Side Blennel – steganography https://www.nonamecon.org/badge
8. None
9. None
10. None
11. None
12. None
13. None
14. None
15. None

16. https://youtu.be/chfoAWevHMs

17. https://youtu.be/chfoAWevHMs

18. None
19. None
20. None
21. None
22. None
23. None
24. None
25. None
26. None

27. http://dirb.sourceforge.net/

28. None
29. None
30. None
31. None
32. None
33. None
34. None
35. None
36. None
37. None
38. None
39. None
40. None

41. XSS

42. XSS (англ. Cross-Site Scripting — «межсайтовый скриптинг») — тип атаки

    на веб-системы, заключающийся во внедрении в выдаваемую веб-системой страницу вредоносного кода (который будет выполнен на компьютере пользователя при открытии им этой страницы) и взаимодействии этого кода с веб-сервером злоумышленника.
43. None
44. None
45. None
46. None
47. None
48. None
49. None
50. None
51. None
52. None
53. None

54. https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

55. None
56. None
57. None
58. None
59. None
60. None
61. None
62. None
63. None
64. None
65. None
66. None

67. https://github.com/tintinweb/ecdsa-private-key-recovery

68. None
69. None
70. None
71. None
72. None
73. None
74. None
75. None
76. None
77. None
78. None
79. None
80. None
81. None
82. None

83. https://docs.espressif.com/projects/esp-idf/en/release-v3.2/get-started/macos-setup.html#toolchain-setup

84. None
85. None
86. None
87. None

88. https://github.com/radareorg/cutter

89. None

90. https://0x04.net/~mwk/doc/xtensa.pdf

91. None
92. None
93. None

94. sprintf a10, a11, a12, a13, a14, a15

95. a10 = flag{%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x}

96. a11 = flag{%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x}

97. a11 = flag{%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x} 14 x %02x ( 2 hex digit

    of integer )

98. sprintf a10, a11, a12, a13, a14, a15 , a1+0, a1+4,

    … a1+36

99. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

    a1+20, a1+24, a1+28, a1+32, a1+36

100. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36

101. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36

102. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36 ???

103. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36 81 = 0x51

104. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36

105. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36 a1+0 = a13

106. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36 a1+0 = 0xd2

107. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36 a1+4 = a8

108. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36 a8 = 0x53

109. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36 a1+4 = 0x53

110. a12, a13, a14, a15 , a1+0, a1+4, a1+8, a1+12, a1+16,

     a1+20, a1+24, a1+28, a1+32, a1+36 0xbf, 0xd2, 0x51, 0xb9, 0xd2, 0x53, 0xab, 0xa, 0xea, 0x83, 0x55, 0x4e, 0xfb, 0x8d
111. None
112. None

113. https://play.google.com/store/apps/details?id=no.nordicsemi.android.mcp https://play.google.com/store/apps/details?id=com.macdom.ble.blescanner

114. None
115. None
116. None
117. None

118. • https://www.nonamecon.org/badge • screen • strings • dirb (http://dirb.sourceforge.net/) •

     https://xsshunter.com/ • https://github.com/tintinweb/ecdsa-private-key-recovery • https://docs.espressif.com/projects/esp-idf/en/release-v3.2/get- started/macos-setup.html#toolchain-setup • https://github.com/radareorg/cutter • https://0x04.net/~mwk/doc/xtensa.pdf • https://play.google.com/store/apps/details? id=no.nordicsemi.android.mcp • https://play.google.com/store/apps/details? id=com.macdom.ble.blescanner • https://play.google.com/store/apps/details? id=com.macdom.ble.blescanner • base64

119. https://github.com/search?q=ctf+writeup https://cryptopals.com/ https://ctftime.org/

120. Q&A