writeup dareyourmind

1.java

 +Really EASY one 

          view source-->pass

 +Nice one 

          view source-->copy toàn bộ code html-->tìm site chạy html online-->paste vào và alert giá trị d-->d là pass

 +Easy Again 

          view source-->search js3.js-->pass

2.crypto 

 +1945 

          lấy ảnh search trên google để tìm thuật toán-->đó là Navajo-->http://www.dcode.fr/code-navajo-->battleship

 +md5 

          view source để lấy mã MD5 của file ảnh, sau đó giải mã

 +Basic crypto 

          mission này mình chưa biết thuật toán, nhưng cơ bản nó làm theo phương pháp này

           -thay  W=E ; L=T ; Z=H ; A=I ; K=S ; F=N ; U=C ; J=R ; O=W ; H=P ; T=B ; D=L ; G=O ; M=U ; Y=G; Q=Y; V=D;

           -pass là: REALWORLD

 +...  

          mã morse, dùng site www.dcode.fr/code-morse

 +RSA I 

          -chạy code

  <code> prime = 71306041856078779

   ssqrt = int(prime**0.5)

   for i in xrange(2, ssqrt):

   if prime%i == 0:

   print i </code>

           -KQ: 258726997*275603407

+ Bell

          Lấy ảnh tìm trên google, thấy tên ông này gắn liền với cái gì, thì cái đó là flag

+ BLAISEDEVIGENERE 

          Lấy tiêu đề tìm với googleà tên thuật toánà http://www.dcode.fr/chiffre-vigenere à dùng key  BLAISEDEVIGENERE để decode

3.Stegano

+1st stegano   dùng paint, đổ màu vào

+Black&White stegano  dùng site: http://www.onlinebarcodereader.com/

+BinaryCoded and ASCII dùng paint, đổ màu vào

4.Logic

 +When is my birthday?  31/12-01/01

+3 Cathy daughters

 Tích bằng 36 nên có các trường hợp sau:

1, 3, 12

2, 2, 9

3, 3, 4

6, 2, 3

1, 2, 18

1, 4, 9

1, 1, 36

1, 6, 6

đêm thử hết các trường hợp(do mình kém en nên không phân tích được) -->điền vào với cú pháp như ví dụ, nhưng nhớ là theo chiều giảm dần nhé. 

5. Realistic

+Miamiam a Cookie

 Dùng edit this cookies-->xóa name-->check lại bằng pass rỗng-->thấy gợi ý-->copy và paste user vào name trong addon-->check lại và thấy pass

 

Test Heartbleed with Nmap or Metasploit in Kali

Nmap 
1. Update nmap & nse
$ apt-get install nmap
$ nmap --script-updatedb
(Or you can download ssl-heartbleed.nse from https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse, and tls.lua from http://nmap.org/svn/nselib/tls.lua. Save tls.lua to /usr/share/nmap/nselib and ssl-heartbleed.nse to /usr/share/nmap/scripts/)

2.  Using nmap scan with heartbleed script.
$ nmap -sV --script=ssl-heartbleed target

Metasploit
1. Update your metasploit
$ msfupdate 

2. Get your msfconsole
$ msfconsole 

3. Use auxiliary/scanner/ssl/openssl_heartbleed module and set RHOSTS to target host. And run
msf> use auxiliary/scanner/ssl/openssl_heartbleed
msf> set RHOSTS  
msf> run

Linux Commands

10 Linux Commands For Finding Files And Directories

1. find /-name file1

This command is used in order to search for a directory or file from the root system.

2. find /-user user1

This is a command that allows you to find files and directories that are owned by user1.

3. find / home/user1-name \ * bin

This command helps you when you need to find files that have the .bin extension in the home/user1 directory.

4. find / usr / bin-type f-atime +100

This command is useful for finding the finally files that haven't been used in the last 100 days.

5. find / usr / bin-type f-mtime -10

This command works like the last one, but searches in the last 10 days.

6. find /-name \ * rpm-exec chmod 755 '{}' \;

Use this command when you need to find and modify files with specific permissions. In the above command you're looking for files with permissions 'rpm'.

7. find /-xdev-name \ * rpm

This command helps you find files that end with extensions while ignoring removable devices.

8. locate \ * ps

With this you can find files with ps.

9. whereis halt

This command is useful when you need to see the location of a binary file or the source of the support.

10. Which halt

This will show you the complete path of a binary or executable file.

15 Linux Command That Can Be Used To View System Info 

1. arch

This command will show you the architecture of your system.

2. uname-m

This is another command to view the architecture of the system.

3. uname-r

This command is used to check the kernel version that is being used in the system.

4. dmidecode-q

This command give you the hardware components in your system.

5. hdparm-i / dev / hda

This is the command that shows the characteristics of your hard disk.

6. hdparm-tT / dev / sda

This command is used in order to conduct tests readings on hard drives.

7. cat / proc / cpuinfo

These commands can help you in getting CPU information.

8. cat / proc / interrupts

These commands are used to interrupt a process.

9. cat / proc / meminfo

This command verifies the memory usage in your system.

10. cat / proc / swaps

These commands are used in order to swap files.

11. cat / proc / version

These three commands can display the kernel version for your system.

12. cat / proc / net / dev

These four commands are used to view the network adapters and display statistics of the system.

13. cat / proc / mounts

This command shows you the mounted file system.

14. lspci-tv

If you need to view the PCI display devices then this is the command to use.

15. lsusb-tv

This is the command for displaying USB devices.