Hey guys,
Today I'll show you a cool challenge site, or rather, a real wargame - SmashTheStack (StS). It was keeping me busy the whole yesterday.
StS is all about Linux cracking/reversing/exploit - a skillset that I surely lack. At the moment they are hosting 5 games, 2 of which are active: io and apfel. Each game is a real system all set up for cracking. You start with a shell account with the lowest access level and by cracking/exploiting the insecure linux applications you can gain access to the next level. Kinda cool huh?
At the moment I, rhican, silkut and ch0wch0w are playing the games, but none has reached the top so far. So maybe you should join the race with us ;)
Need any tool to start the game? Here is a list of programs I used: strace, objdump, rec, and of course gdb. Read some articles about them and you'll get everything done.
Smashing the Stack for Fun and Profit by Aleph One is an excellent article to get you started too - I highly believe that the site name originated from that article, but don't quote me on that :P
Monday 26 November 2007
Saturday 24 November 2007
platonic defection
I have a silly confession to make: I'm affectionate about my hard drive. I know she's not much of a looker and she gets pretty noisy at times, but she has something very unique. Inceptionally she was as run-of-the-mill and no more poignant than your average toaster. Yet having cultivated and nourished her over the years with bits of stuff I care about I've developed a special fondness of my magnetic friend. A compilation of stuff that matters, she is my soul on a platter. Nearly a decade of handpicked odds and ends, business mixed with pleasure, a curious blend of things to be treasured.
A nudie pic of my hard drive
Call me one bit short of a nibble, but didn't Anne Frank even name her diary "Kitty"? Nobody seems to raise brows about that. What makes diaries so special? If you remove the binder, it's basically just thick toiletpaper for people with loose bowels so the diarrhea doesn't seep through. And what about people naming their cars? Lets see a car accelerate from 0 to 7200 RPM in only a few seconds! Not to even mention the marines encouraging rookies to bond with their rifle. At least my platter doesn't cause brainsplatter!
If you ask me, there's nothing wrong with a little plate-onic affection. Sadly, I first had to lose her before I learned how much I appreciated her. As Plato so delicately put it: "Must not all things at the last be swallowed up in death?". One day she just lost her drive. Her tiny little head got stuck and rigor mortis set in. Her once so frolicsome spinning noises were no more. Only that awful tick of death (head damage 1) setting my teeth on edge. Complete platonic defection.
The outlook was as grim as the skies over Moscow the day Joseph Stalin became member of the Communist Party, but I made a vow that I would bring my hard drive back to life even if it meant I would have to cross the Styx to find her. Hours on end I scryed the internet until finally I found this book of shadows from several pagan IT professionals.
I gathered the necessary instruments, plugged her in, and gently started tapping her along the edges with my Screwdriving Wand of the Goddess while invoking the Guardians of the Watchtowers of the corresponding corners, but it was futile. All she did was mock me with her evil voodoo tick.
This called for desperate measures. I still felt her presence, but apparently there was still too much resistance for her to come back to life. So I placed her in the freezer since cold temperatures reduce resistance. After about half an hour I tried again, and after a few minutes I noticed her tick of death gradually started changing. First her arm started moving a little. Finally she was spinning again with her head held high, long enough for me to transfer her essence to my new drive.
PS. If your data is mission critical, go to a proper data recovery agency. These methods can seriously disharmonize the universe and should only be used out of sheer desperation and after carefully reading this document.
A nudie pic of my hard drive
Call me one bit short of a nibble, but didn't Anne Frank even name her diary "Kitty"? Nobody seems to raise brows about that. What makes diaries so special? If you remove the binder, it's basically just thick toiletpaper for people with loose bowels so the diarrhea doesn't seep through. And what about people naming their cars? Lets see a car accelerate from 0 to 7200 RPM in only a few seconds! Not to even mention the marines encouraging rookies to bond with their rifle. At least my platter doesn't cause brainsplatter!
If you ask me, there's nothing wrong with a little plate-onic affection. Sadly, I first had to lose her before I learned how much I appreciated her. As Plato so delicately put it: "Must not all things at the last be swallowed up in death?". One day she just lost her drive. Her tiny little head got stuck and rigor mortis set in. Her once so frolicsome spinning noises were no more. Only that awful tick of death (head damage 1) setting my teeth on edge. Complete platonic defection.
The outlook was as grim as the skies over Moscow the day Joseph Stalin became member of the Communist Party, but I made a vow that I would bring my hard drive back to life even if it meant I would have to cross the Styx to find her. Hours on end I scryed the internet until finally I found this book of shadows from several pagan IT professionals.
I gathered the necessary instruments, plugged her in, and gently started tapping her along the edges with my Screwdriving Wand of the Goddess while invoking the Guardians of the Watchtowers of the corresponding corners, but it was futile. All she did was mock me with her evil voodoo tick.
This called for desperate measures. I still felt her presence, but apparently there was still too much resistance for her to come back to life. So I placed her in the freezer since cold temperatures reduce resistance. After about half an hour I tried again, and after a few minutes I noticed her tick of death gradually started changing. First her arm started moving a little. Finally she was spinning again with her head held high, long enough for me to transfer her essence to my new drive.
PS. If your data is mission critical, go to a proper data recovery agency. These methods can seriously disharmonize the universe and should only be used out of sheer desperation and after carefully reading this document.
Wednesday 14 November 2007
Steganabara explained
Hey guys,
Finally I defeated my laziness and created a project page for Steganabara. You can access it from here.
Also included an explanation of the key features: Bit Mask Filter, Color Map Filter, Color Explorer, Histogram and Color Table.
And now a demonstration of the Bit Mask Filter, applying on StenographyOriginal.png, from the wikipedia page about steganography
Finally I defeated my laziness and created a project page for Steganabara. You can access it from here.
Also included an explanation of the key features: Bit Mask Filter, Color Map Filter, Color Explorer, Histogram and Color Table.
And now a demonstration of the Bit Mask Filter, applying on StenographyOriginal.png, from the wikipedia page about steganography
Monday 12 November 2007
TheBlacksheep
As theAnswer introduced rankk last week, I feel it's time to introduce my favourite challenge site, possibly the best one out there: TheBlackSheep at http://www.bright-shadows.net. Most members refer to it using the shortened name: TBS.
At TBS, challengers can compete in almost all major computer-related fields: javascript, exploit, cryptography, steganography, crackits, programming, flash, java applets, logic and information gathering. Also there's a "special" section, consisting of challenges that require a special skillset. And challenges that are completely a waste of time are taken to /dev/null.
With 300+ challenges and counting, TBS is surely the biggest challenge site. You can find almost all aspects of the computer world there, from the first and simplest crypto system - Caesar, to the modern and ultimately strong one - RSA, from text steganos, to image and sound ones, from simple php exploits, to XSS and SQL injection, from Windows cracking, to cracking other systems, like Linux, C64, and Texas Instrument :P And of course, the applet challenges there are the most challenging, but yet very interesting and educational :)
If, for any reason, you missed such a great site, register a new account there and start playing before it's too late! Beginner? No worry, you can learn many things along the way, from the challenges, and the great tutorials both written by TBS members and linked from other security websites.
At TBS, challengers can compete in almost all major computer-related fields: javascript, exploit, cryptography, steganography, crackits, programming, flash, java applets, logic and information gathering. Also there's a "special" section, consisting of challenges that require a special skillset. And challenges that are completely a waste of time are taken to /dev/null.
With 300+ challenges and counting, TBS is surely the biggest challenge site. You can find almost all aspects of the computer world there, from the first and simplest crypto system - Caesar, to the modern and ultimately strong one - RSA, from text steganos, to image and sound ones, from simple php exploits, to XSS and SQL injection, from Windows cracking, to cracking other systems, like Linux, C64, and Texas Instrument :P And of course, the applet challenges there are the most challenging, but yet very interesting and educational :)
If, for any reason, you missed such a great site, register a new account there and start playing before it's too late! Beginner? No worry, you can learn many things along the way, from the challenges, and the great tutorials both written by TBS members and linked from other security websites.
Monday 5 November 2007
rankk.org
Hey,
another challenge site I've been playing at recently. The design, the "story", most challenges (and solutions :D) are related to egypt or pyramids. I think it's actually a restart of a challenge site called "pyramid".
It contains 160 challenges, including logic, javascript, programming, exploit, stegano and crypto of course.
There are 9 levels in total, to complete the n-th level you need to solve 10-n levels which results in a pyramid like ladder you need to climb.
The current rankk master is quangntenemy, by the way.
Check out rankk.org!
Greetings, ozehka!
Update by quangntenemy: you might want to read my rankk interview too :D
another challenge site I've been playing at recently. The design, the "story", most challenges (and solutions :D) are related to egypt or pyramids. I think it's actually a restart of a challenge site called "pyramid".
It contains 160 challenges, including logic, javascript, programming, exploit, stegano and crypto of course.
There are 9 levels in total, to complete the n-th level you need to solve 10-n levels which results in a pyramid like ladder you need to climb.
The current rankk master is quangntenemy, by the way.
Check out rankk.org!
Greetings, ozehka!
Update by quangntenemy: you might want to read my rankk interview too :D
Sunday 4 November 2007
Mod-x
Hey guys,
Today's hot challenge site is Mod-x at http://www.mod-x.co.uk. Unlike other challenge sites, Mod-x has a unique story line behind it. You are one of the Mod-x agents, the elite team fighting against the evil forces in the cyberspace.
Most tasks involve reversing, code breaking and penetrating other systems. Although the game is fictional, you need real skills in order to complete the tasks and move forward.
Beside the main game, Mod-x also hosts 2 other games: the omega project and disavowed.net. They are also quite interesting.
Give it a try and see how far you can go!
Today's hot challenge site is Mod-x at http://www.mod-x.co.uk. Unlike other challenge sites, Mod-x has a unique story line behind it. You are one of the Mod-x agents, the elite team fighting against the evil forces in the cyberspace.
Most tasks involve reversing, code breaking and penetrating other systems. Although the game is fictional, you need real skills in order to complete the tasks and move forward.
Beside the main game, Mod-x also hosts 2 other games: the omega project and disavowed.net. They are also quite interesting.
Give it a try and see how far you can go!
Subscribe to:
Posts (Atom)
