Jump to content
Sign in to follow this  
Nytro

Video #92: picoCTF 2019 (part 2)

Recommended Posts


GynvaelEN


Part 1: https://www.youtube.com/watch?v=pYrGJ...
Table of Content:
00:08 [PROLOG] nervous_testpilot - Focus | http://nervoustestpilot.co.uk/
02:15 [PROLOG] TheFatRat - Monody (feat. Laura Brehm) | https://youtube.com/user/ThisIsTheFatRat
07:06 [PROLOG] Stellardrone - Bettween The Rings
13:20 ⁂ START ⁂ - Greetings ( ;E ;) )
13:45 Short agenda about todays' stream; Q&A rules
14:50 Announcements and hypes
 - introduction of mod's page - foxtrot_charlie | https://foxtrotlabs.cc/
 - Paged Out! #2 is out // Call For Papers (one page) until 02/20/2020 (20 Feb 2020);
 - 16:21 Authors of articles from 1st rel of Paged Out! who have chosen non-TIP/POOL SAA should receive an email; if not get back to me :)
 - I've made one of Winja CTF '18 tasks and now it's released | https://github.com/google/google-ctf/...
 - It looks like Dec 2018 will be exciting contest between TOP 4 of CTF Time | ctftime.org
19:24 Let's get started!
20:44 2Warm / general / 50pts
22:42 picobrowser / web exp / 200pts
 - on page we see that we are not picobrowser so we are going to change User-Agent
 - see Dev Tools in web browser, but could be solved in different way, e.g. curl
26:39 Question: Can we use CTFs for prepare for OSCP? Q @ YT chat: are CTFs useful for real life pentesting?
29:03 plumbing / general / 200pts
 - netcat + "grep to win" technique which is easy and was described previously
30:11 rsa-pop-quiz / crypto / 200pts
 - tools: netcat + Python CLI as helper for calculations
 - knowledge: basics of prime numbers and RSA theory
 - objectives of this task: get to know with RSA - it's really simple
51:31 slippery-shellcode / bin exp / 200pts
 - tools: checksec.sh (checking protection of running binary)
 - knowledge: basics of assembly and code review of C-like languages
 - objectives of this task: old-school basic exploitation with a NOP sled; 32-bit ELF binary (execute shellcode, get the rid of problem with buffering, have no protections, isn't PIE...)
 + 0:57:44 about shellcodes
 + 1:00:00 writing a shellcode that uses fopen/fgets found in memory at known locations
1:10:42 Q: Do you know what AVX2 is used for in assembly?
 - some historical roots of SIMD extensions in Intel CPUs (MMX, SSE, AVX), why was it created, and registers naming (mm0, xmm0, ymm0, zmm0)
 - note from viewer: there is JSON parser library that uses vectorized instructions
1:15:16 Q: Check whether it is statically linked on the server also, not just the downloaded version.
 - why this should *not* be true for CTFs because of annoying players and what's the difference from not-lab exploitation cases
1:16:40 vault-door-3 / rev eng / 200pts
 - reversing Java code
1:27:28 "I'm going to show you another way to do this" :)
 - taking a fresh look at the same problem since I got confused by trying to do the reverse mapping in my head on livestream (which I failed hard); so instead, I showed a way to get the mapping to generate itself
1:32:29 Q: What motivates you when doing a hard challenge?
1:34:10 whats-the-difference / general / 200pts
 - comparing two binary files with use of python
Q: What about zip() in Python when the length of lists is not equal?
Q: How hard does a challenge have to be to resemble that of a real life scenario in the work force (or as close as it come)?
1:39:58 where-is-the-file / general / 200pts - file starting with .
1:41:20 WhitePages / forensics / 250pts
 - three code units: E2 80 83 ... :)
 - funky ASCII art or binary ASCII encoding?
 - at the end: a note about ASCII and code pages
1:51:03 c0rrupt / forensics / 250pts
1:51:43 In YT chat Daniel mentioned 24/7 CTF challenges (https://247ctf.com/). Take a look at it - they are really cool!
Returning to task:
 - broken PNG file...
 - ...but many files are simply based on zlib aka DEFLATE (e.g. ZIP, GZIP, HTTP compression, but also PNG)  - we will try to brute force it!
 - ...and in the end hack it in GIMP.
2:01:55 Q: With zlib compression, can we decompress even without the beginning of the bytes stream? Or if we have "holes" in the bytes stream?
2:03:55 m00nwalk / forensics / 250pts
 - WAV file with 11MB
Please make volume down, because we are m00nwalking with SSTV over the stream sound directly 😎
- from 2:07:00 to 2:07:56
- from 2:09:57 to 2:10:03
- from 2:10:53 to 2:11:33
2:18:17 Q: What did you study in college/University and what certs did you get?
See also (in Polish but Google Translate could do the thing):
- https://gynvael.coldwind.pl/?id=337
- https://gynvael.coldwind.pl/?id=338
2:20:36 Epilog
 Thanks for attending folks!
 Thank you foxtrot_charlie for being my Moderator today!
 Next stream is planned on next Wednesday (part 3).
2:21:06 [EPILOG] nervous_testpilot - Our Heroes | http://nervoustestpilot.co.uk
(kudos to J.V. for ToC!)

Our Discord: https://discord.gg/QAwfE5R
Our IRC: #gynvaelstream-en on freenode

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...