Thứ Tư, 30 tháng 4, 2014

writeup dareyourmind

1.java
 +Really EASY one 
          view source-->pass
 +Nice one 
          view source-->copy toàn bộ code html-->tìm site chạy html online-->paste vào và alert giá trị d-->d là pass
 +Easy Again 
          view source-->search js3.js-->pass
2.crypto 
 +1945 
          lấy ảnh search trên google để tìm thuật toán-->đó là Navajo-->http://www.dcode.fr/code-navajo-->battleship
 +md5 
          view source để lấy mã MD5 của file ảnh, sau đó giải mã
 +Basic crypto 
          mission này mình chưa biết thuật toán, nhưng cơ bản nó làm theo phương pháp này
           -thay  W=E ; L=T ; Z=H ; A=I ; K=S ; F=N ; U=C ; J=R ; O=W ; H=P ; T=B ; D=L ; G=O ; M=U ; Y=G; Q=Y; V=D;
           -pass là: REALWORLD
 +...  
          mã morse, dùng site www.dcode.fr/code-morse
 +RSA I 
          -chạy code
  <code> prime = 71306041856078779
   ssqrt = int(prime**0.5)
   for i in xrange(2, ssqrt):
   if prime%i == 0:
   print i </code>
           -KQ: 258726997*275603407
+ Bell
          Lấy ảnh tìm trên google, thấy tên ông này gắn liền với cái gì, thì cái đó là flag
+ BLAISEDEVIGENERE 
          Lấy tiêu đề tìm với googleà tên thuật toánà http://www.dcode.fr/chiffre-vigenere à dùng key  BLAISEDEVIGENERE để decode
3.Stegano
+1st stegano   dùng paint, đổ màu vào
+Black&White stegano  dùng site: http://www.onlinebarcodereader.com/
+BinaryCoded and ASCII dùng paint, đổ màu vào

4.Logic
 +When is my birthday?  31/12-01/01
+3 Cathy daughters
 Tích bằng 36 nên có các trường hợp sau:
1, 3, 12
2, 2, 9
3, 3, 4
6, 2, 3
1, 2, 18
1, 4, 9
1, 1, 36
1, 6, 6
đêm thử hết các trường hợp(do mình kém en nên không phân tích được) -->điền vào với cú pháp như ví dụ, nhưng nhớ là theo chiều giảm dần nhé. 
5. Realistic
+Miamiam a Cookie
 Dùng edit this cookies-->xóa name-->check lại bằng pass rỗng-->thấy gợi ý-->copy và paste user vào name trong addon-->check lại và thấy pass
 


Thứ Ba, 22 tháng 4, 2014

Test Heartbleed with Nmap or Metasploit in Kali

Nmap 
1. Update nmap & nse
$ apt-get install nmap
$ nmap --script-updatedb
(Or you can download ssl-heartbleed.nse from https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse, and tls.lua from http://nmap.org/svn/nselib/tls.lua. Save tls.lua to /usr/share/nmap/nselib and ssl-heartbleed.nse to /usr/share/nmap/scripts/)

2.  Using nmap scan with heartbleed script.
$ nmap -sV --script=ssl-heartbleed target

Metasploit
1. Update your metasploit
$ msfupdate 

2. Get your msfconsole
$ msfconsole 

3. Use auxiliary/scanner/ssl/openssl_heartbleed module and set RHOSTS to target host. And run
msf> use auxiliary/scanner/ssl/openssl_heartbleed
msf> set RHOSTS  
msf> run


Linux Commands

10 Linux Commands For Finding Files And Directories

1. find /-name file1
This command is used in order to search for a directory or file from the root system.
2. find /-user user1
This is a command that allows you to find files and directories that are owned by user1.
3. find / home/user1-name \ * bin
This command helps you when you need to find files that have the .bin extension in the home/user1 directory.
4. find / usr / bin-type f-atime +100
This command is useful for finding the finally files that haven't been used in the last 100 days.
5. find / usr / bin-type f-mtime -10
This command works like the last one, but searches in the last 10 days.
6. find /-name \ * rpm-exec chmod 755 '{}' \;
Use this command when you need to find and modify files with specific permissions. In the above command you're looking for files with permissions 'rpm'.
7. find /-xdev-name \ * rpm
This command helps you find files that end with extensions while ignoring removable devices.
8. locate \ * ps
With this you can find files with ps.
9. whereis halt
This command is useful when you need to see the location of a binary file or the source of the support.
10. Which halt
This will show you the complete path of a binary or executable file.

15 Linux Command That Can Be Used To View System Info 

1. arch
This command will show you the architecture of your system.
2. uname-m
This is another command to view the architecture of the system.
3. uname-r
This command is used to check the kernel version that is being used in the system.
4. dmidecode-q
This command give you the hardware components in your system.
5. hdparm-i / dev / hda
This is the command that shows the characteristics of your hard disk.
6. hdparm-tT / dev / sda
This command is used in order to conduct tests readings on hard drives.
7. cat / proc / cpuinfo
These commands can help you in getting CPU information.
8. cat / proc / interrupts
These commands are used to interrupt a process.
9. cat / proc / meminfo
This command verifies the memory usage in your system.
10. cat / proc / swaps
These commands are used in order to swap files.
11. cat / proc / version
These three commands can display the kernel version for your system.
12. cat / proc / net / dev
These four commands are used to view the network adapters and display statistics of the system.
13. cat / proc / mounts
This command shows you the mounted file system.
14. lspci-tv
If you need to view the PCI display devices then this is the command to use.
15. lsusb-tv
This is the command for displaying USB devices.