Wednesday, June 12, 2013

Social Engineering BSides CTF

DISCLAIMER

I asked Ben0xA and drbearsec for permission to post this write up. They were both okay with it. 


Step 1: Complain to the organizers


Step 2: Claim you could have solved the challenge


 Step 3: DM the enemy asking for the solution


Step 4: Open the challenge back up




Step 5: Troll the enemy


Step 6: Enter the flag and profit



Tuesday, April 30, 2013

BSides Chicago CTF: Not The Secret Portal

 Web Challenge: Not The Secret Portal

This is a write up of the "Not The Secret Portal" web challenge rated as easy difficulty. We're presented with the following description:

I really enjoy working for a top secret government agency. There are so many different secrets. For example, did you know that there is a hidden office behind thevending machine? You just enter the code 1D107 and the door will open. At least that's what the guys down in research told me. I haven't gotten the code to work yet, but I think it's probably only active at certain times of the day. I probably shouldn't be telling you these secrets.

Anyway, we found an active page that looks like a rogue agent portal. But it clearly says it's not so we aren't sure what to do with it. We believe it may have been hosted at nottherogueagent.net. Take a look at it and see if it's anything important.

You can view the page here.

Good luck!

Pretty Pictures!


Browse to the page linked in the description.

View the source code.

Browse to addenum.php



We're hoping to find a hidden parameter in one of these requests for injection.

Didn't expect to find anything here. Moving onto the rogue agent's portal.

No hidden parameters here.
Same response as before


"We believe it may have been hosted at nottherogueagent.net"


Change the Referer to http://nottherogueagenet.net.

Facepalm :(


BSidesChicago CTF: Keep it Secret, Keep it Safe

Forensics Challenge: Keep it Secret, Keep it Safe

This is a write up for the "Keep it Secret, Keep it Safe" forensics challenge rated as moderate difficulty. We're presented with the following description and a zip file:

This is a reminder that your annual performance review is in 2 weeks. We will be criticizing every thing you have done since you have joined us. Don't worry too much about it. I've been messing things up since I was hired 25 years ago and they still haven't fired me.

During a recent raid, we were able to get a copy of a virtual machine saved state file from a hard drive we found in a wooden box. We believe this may have had some vital information on it and we need you to figure it out.

Oh, the department heads wanted me to remind you that your performance review weighs heavily on your success of this challenge. So no pressure. Go get em!

The file is attached.

Good luck!

Time for another ascii.io session.



We end up extracting a PNG file from the virtual machine saved state file as instructed using a tool called binwalk. Let's take a look at this file with vital information on it.


At first we tried SGFja2VycyBSdWx1cyEhIQ== as the flag, and then face palmed as it's base64 encoded. We can use a variety of tools to decode base64. The flag ended up being "Hackers Rulus!!!" after decoding the string.

Monday, April 29, 2013

BSidesChicago CTF: Hashes

BSides Chicago CTF Hashes Challenge

This is a write up for the "Hashes" challenge which was rated as moderate difficult. We were given the following LM hashes in a text file:

389121516173B5F9B343EE1EAD7651B1
31C63AD76B4872142C40474FAF5D2BD6
8EF4B5254FAC7DAED2D88E7184DE2905
854A7F4FB7FB8DEC7ED3D4C864316624
CAB88CB406EBA02339EDD88AFE3907A3
621CEB108062157F963688481C77B35B
72EB02DA1DF9416525AD3B83FA6627C7
6AAA3B912A6A3E3CB79AE2610DD89D4C

In the past, I've used a python script called findmyhash to query online rainbow tables to crack LM hashes. This script no longer works so I wrote a script in python to query the ophcrack LM/NTLM rainbow tables. The output is show below via ascii.io. Sorry the write up is short, but this was an easy one.



Tuesday, April 9, 2013

Traversing User Timelines with the Twitter API

Introduction

I recently took up a python project for two professors at my university. They've undertaken a research project looking at football players' use of Twitter. The professors gave me the following information across several emails:

"We need some code or a really small program that automatically scrapes the publicly-available Tweets from Twitter's API of specific Twitter users.  I just need a program that will take the date/time of the post and the <140 character Tweet, and pull them all into a file for a selected individual. We're looking at using captain's tweets during the 2012-2013 NFL season to predict team performance. Ideally, we need the date range from September 1, 2013 until February 5, 2013."

This seems simple enough, but unfortunately Twitter REST API v1.1 has recently put limitations on the amount of tweets you can query. The RESTful service with the most amount of tweets available is user_timeline. It supports up to 3200 tweets. You can't get all 3200 tweets at once. However, Twitter does provide instructions on how to traverse timelines. It's also important to note we're limited to 150 requests per hour.

Traversing the Timeline

Our first example request:

https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=_Lopi_&count=200

We search for the smallest tweet id_str in the output which is "296725293270441985". After this, we send another request with the "max_id" parameter set to "296725293270441985".

https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=_Lopi_&count=200&max_id=296725293270441985

Now we know how to traverse through a timeline. Time to write the python script the professors at my university requested.

Writing the Code

You can also find the code on my github if you prefer to view it that way.

## tweetball.py [python]
#!/usr/bin/env python
 
import json
import urllib2
import sys
 
def banner():
        print '''                                                                  
                                      O.                                      
                                     OOO                                      
                                   ZOOOOOO                                    
                                 :OOOOOOOOO~                                  
                               :OOOOOOOOOOOOOZ                                
          OO..               OOOOOOOOOOOOOOOOOOO..               OO            
          8OOOOOO.     .OOOOOO8OOOOOOO.    O O8OOOO8O.     .8OOOOOO            
          OOOOOOOOOOOOOOOOO8OOOOOOOO    OO.  .OOOOO8OOOOOOOOOOOOOOO            
          OOOOOO 8OOOOOOOO+OOO8OOO    OO      OOOOO$O8OOOOOO$OOOOOO            
          OOOOO. O88OOOOO. OOOOOO   O8+       OOOO  OOOO8OOO  OOOOO            
          OOOO    OOOOOO    OOOO   OO. .      O8O   .8OOOOO   .OOO8            
          OOOO. . OOOOOO  ..OOO  .O  O        OOO .  OOOOOO    OOOO            
          OOOOOOOO$OOOOOO8OO.OO   I.O        OOO.OOOOOOOOO=OOOO8OOO            
          OOOOOO$OOOOOOOOOOO8OO  .I         .OOOOOOOOOOOOOOOOOOOOOO            
          OOOOOO OOOOOOOO..OOOO  O          OOOOOOI OOOOOOOO  OOOO8            
          OO8.     .OOO.     OO..        .OOOOOO     .+OOO      OOO            
          OOOOO   O8OOOO.  .OOO,O       8OOO8OOO8.  .OOOOOO    OOOO            
          OOOO OO.OOOOOO.OO.OO8OO   .OOOOOOOOOOOO OO.OOOOOO.OO 8OOO            
          OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO8OOOOOOO8OOO            
          OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO            
          OOO                                                   OOO            
          OOO   Z$$Z$Z   Z$Z$Z$$$.$Z$ZZ$$ZZZ$ZZ $$$$$$Z$        OOO            
          OOO   $$Z$$$.  Z$Z$$$$$ ZZ$$$$Z$Z$Z$Z $Z$$Z$$$        OOO            
          OOO   $$Z$$ZZ   $Z$$$Z  $Z$Z$$$$$Z$$Z  ZZZZZZ.        OOO            
          OOO.    Z$$$$    $$$Z    :$Z$$   =$$$   $Z$$          OO8            
          OOO     ZZ$Z$$   $$$$    :$$Z$      .   Z$$$          OOO            
          OOO     $$ZZZ$   $$$$    :$ZZ$          $$$Z          OO8            
          OOO     $$$Z$ZZ  $$ZZ    :$ZZ$     .    $$$Z          OOO            
          OOO     $$$$Z$Z. $ZZZ    :$$$$  $ZZ     $ZZ$          OOO            
          OOO     $$$$$$$Z $$ZZ    :$$$Z$$$Z$     $Z$Z          OOO            
          OOO     $$Z$ZZ$$:$Z$Z    :$$$ZZ$$$Z     $$$$          OOO            
          O8O     $$$$ $$$$$$$$    :Z$Z$   $$     $$$Z          O8O            
          OOO     $$$Z $Z$$$$$$    :Z$$$          ZZ$$    $$$   OO8            
          OOO     $ZZ$  $$Z$$ZZ    :$$$Z          $$$$    $$Z   OOO            
          OOO     $$$$  7$$Z$$Z    :ZZ$$          $$Z$    Z$Z   OO8            
          OOO   $ZZ$$Z. .$$Z$$Z    :$$$Z          Z$$$..ZZZ$$   O8O            
          OOO   $$Z$Z$$. =$$$$$    :$$Z$         .Z$$Z$$ZZ$$$   OOO            
          ZOOO .Z$Z$$$$:  $$$ZZ    :Z$$Z        $$$$Z$$ZZZ$$   OO8O            
           OOOO        :  .$$$Z  .$$$Z$$        ZZ$Z$Z:      .OOOO            
            O8OO8.         ..$$   $Z$Z$ZZ       $.          OOOOO              
              O8OOOOO..           .$$$$$Z              .OOOOOOO.              
                OOOOOOOOOOOO         ..Z$.      .OOOO8OOOOOO=.                
                   .OOOOOOOOOOOOO.          OOOOOOOO8OOO..                    
                            ZOOOOOOO     ,OOOOOO                              
                                OOOOOI .OOOOZ                                  
                                  .OOOOO8O.                                    
                                    ZOOOO                                      
                                      O.                                      
'''                                                                    
       
 
        title = 'tweetball.py: Python script to scrape publicly available tweets during the 2012-2013 NFL Season'
        contact = 'chris.spehn@gmail.com'
       
        print '---------------------------------------------------------------------------------------------------'
        print title
        print 'contact: ' + contact
        print '---------------------------------------------------------------------------------------------------'
                   
 
def usage():
        print "You can't launch tweetball.py without a twitter name!"
        print "Usage: python tweetball.py twitter_name"
        print "Example: python tweetball.py _Lopi_"
 
# Date format: Wed Dec 05 20:49:21 +0000 2012
# NFL Football Season Date Range: Sep 01 2012 -- Feb 05 2013
import time
tweetMin = time.strptime("Sep 01 2012", "%b %d %Y")
tweetMax = time.strptime("Feb 05 2013", "%b %d %Y")
def compareDate(tweetDate):
    tweetDate = tweetDate.split()
    tweetDay = time.strptime(" ".join(tweetDate[1:3] + [tweetDate[-1]]), "%b %d %Y")
    return tweetMin <= tweetDay and tweetDay <= tweetMax
 
# Timeline request for 200 tweets, 3200 maximum
# Maximum of 150 requests an hour
# Timeline request: https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=_Lopi_&count=200
def getTimeline():
 
        tweet_id = 999999999999999999999999999
        screen_name = sys.argv[1]
        filename = screen_name + ".txt"
        count = 1
       
        print '[+] Starting to scrape tweets'
        print "[+] Sending request number " + str(count) + " to Twitter"
        req = urllib2.Request('https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=' + screen_name + '&count=200')
        response = urllib2.urlopen(req)
        print "[+] Receiving response from Twitter"
        the_page = response.read()
        print "[+] Parsing response from Twitter"
        tweets = json.loads(the_page)
        timeline = json.dumps(json.loads(the_page), indent=4, sort_keys=True)
 
        for tweet in tweets:
                tweetDate = tweet['created_at'].encode('utf-8')
                if compareDate(tweetDate) == 1:
                        the_tweets = tweet['text'].encode('utf-8') + "\n"
                        f = open(filename, 'a')
                        f.write(tweetDate + ": " + the_tweets)
                        f.close()
 
        for str_id in tweets:
                if tweet_id > str_id['id']:
                        tweet_id = str_id['id']
 
        print "[+] Smallest Tweet ID Found: " + str(tweet_id)
       
 
        print "[+] Writing tweets to file: " + filename
       
 
        while len(str(str_id['id'])) > 11:
                try:
                        count = count + 1
                        print "[+] Sending another request with max_id=" + str(tweet_id)
                        print "[+] Sending request number " + str(count) + " to Twitter"
                        req = urllib2.Request('https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=' + screen_name + '&count=200' + '&max_id=' + str(tweet_id))
                        response = urllib2.urlopen(req)
                        print "[+] Receiving response from Twitter"
                        the_page = response.read()
                        print "[+] Parsing response from Twitter"
                        tweets = json.loads(the_page)
                        timeline = json.dumps(json.loads(the_page), indent=4, sort_keys=True)
 
                        for tweet in tweets:
                                tweetDate = tweet['created_at'].encode('utf-8')
                                if compareDate(tweetDate) == 1:
                                        the_tweets = tweet['text'].encode('utf-8') + "\n"
                                        f = open(filename, 'a')
                                        f.write(tweetDate + ": " + the_tweets)
                                        f.close()
 
                        print "[+] Writing tweets to file: " + filename
               
                        for str_id in tweets:
                                if tweet_id > str_id['id']:
                                        tweet_id = str_id['id']
 
                        print "[+] Smallest Tweet ID Found: " + str(tweet_id)
 
 
 
                except:
                        sys.exit("[+] An unexpected error occurred")
 
def main():
        banner()
        getTimeline()
 
if __name__ == '__main__':
    if len(sys.argv) <> 2:
        usage()
        sys.exit(1)
    else:
        main()

Testing the Script



## python tweetball.py _Lopi_ [plain_text]
lopi@killface ~ $ python2.7 tweetball.py _Lopi_

O.
OOO
ZOOOOOO
:OOOOOOOOO~
:OOOOOOOOOOOOOZ
OO.. OOOOOOOOOOOOOOOOOOO.. OO
8OOOOOO. .OOOOOO8OOOOOOO. O O8OOOO8O. .8OOOOOO
OOOOOOOOOOOOOOOOO8OOOOOOOO OO. .OOOOO8OOOOOOOOOOOOOOO
OOOOOO 8OOOOOOOO+OOO8OOO OO OOOOO$O8OOOOOO$OOOOOO
OOOOO. O88OOOOO. OOOOOO O8+ OOOO OOOO8OOO OOOOO
OOOO OOOOOO OOOO OO. . O8O .8OOOOO .OOO8
OOOO. . OOOOOO ..OOO .O O OOO . OOOOOO OOOO
OOOOOOOO$OOOOOO8OO.OO I.O OOO.OOOOOOOOO=OOOO8OOO
OOOOOO$OOOOOOOOOOO8OO .I .OOOOOOOOOOOOOOOOOOOOOO
OOOOOO OOOOOOOO..OOOO O OOOOOOI OOOOOOOO OOOO8
OO8. .OOO. OO.. .OOOOOO .+OOO OOO
OOOOO O8OOOO. .OOO,O 8OOO8OOO8. .OOOOOO OOOO
OOOO OO.OOOOOO.OO.OO8OO .OOOOOOOOOOOO OO.OOOOOO.OO 8OOO
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO8OOOOOOO8OOO
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
OOO OOO
OOO Z$$Z$Z Z$Z$Z$$$.$Z$ZZ$$ZZZ$ZZ $$$$$$Z$ OOO
OOO $$Z$$$. Z$Z$$$$$ ZZ$$$$Z$Z$Z$Z $Z$$Z$$$ OOO
OOO $$Z$$ZZ $Z$$$Z $Z$Z$$$$$Z$$Z ZZZZZZ. OOO
OOO. Z$$$$ $$$Z :$Z$$ =$$$ $Z$$ OO8
OOO ZZ$Z$$ $$$$ :$$Z$ . Z$$$ OOO
OOO $$ZZZ$ $$$$ :$ZZ$ $$$Z OO8
OOO $$$Z$ZZ $$ZZ :$ZZ$ . $$$Z OOO
OOO $$$$Z$Z. $ZZZ :$$$$ $ZZ $ZZ$ OOO
OOO $$$$$$$Z $$ZZ :$$$Z$$$Z$ $Z$Z OOO
OOO $$Z$ZZ$$:$Z$Z :$$$ZZ$$$Z $$$$ OOO
O8O $$$$ $$$$$$$$ :Z$Z$ $$ $$$Z O8O
OOO $$$Z $Z$$$$$$ :Z$$$ ZZ$$ $$$ OO8
OOO $ZZ$ $$Z$$ZZ :$$$Z $$$$ $$Z OOO
OOO $$$$ 7$$Z$$Z :ZZ$$ $$Z$ Z$Z OO8
OOO $ZZ$$Z. .$$Z$$Z :$$$Z Z$$$..ZZZ$$ O8O
OOO $$Z$Z$$. =$$$$$ :$$Z$ .Z$$Z$$ZZ$$$ OOO
ZOOO .Z$Z$$$$: $$$ZZ :Z$$Z $$$$Z$$ZZZ$$ OO8O
OOOO : .$$$Z .$$$Z$$ ZZ$Z$Z: .OOOO
O8OO8. ..$$ $Z$Z$ZZ $. OOOOO
O8OOOOO.. .$$$$$Z .OOOOOOO.
OOOOOOOOOOOO ..Z$. .OOOO8OOOOOO=.
.OOOOOOOOOOOOO. OOOOOOOO8OOO..
ZOOOOOOO ,OOOOOO
OOOOOI .OOOOZ
.OOOOO8O.
ZOOOO
O.

---------------------------------------------------------------------------------------------------
tweetball.py: Python script to scrape publicly available tweets during the 2012-2013 NFL Season
contact: chris.spehn@gmail.com
---------------------------------------------------------------------------------------------------
[+] Starting to scrape tweets
[+] Sending request number 1 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Smallest Tweet ID Found: 296724121360924673
[+] Writing tweets to file: _Lopi_.txt
[+] Sending another request with max_id=296724121360924673
[+] Sending request number 2 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Writing tweets to file: _Lopi_.txt
[+] Smallest Tweet ID Found: 256076088344715265
[+] Sending another request with max_id=256076088344715265
[+] Sending request number 3 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Writing tweets to file: _Lopi_.txt
[+] Smallest Tweet ID Found: 232591286845177857
[+] Sending another request with max_id=232591286845177857
[+] Sending request number 4 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Writing tweets to file: _Lopi_.txt
[+] Smallest Tweet ID Found: 210842598842183681
[+] Sending another request with max_id=210842598842183681
[+] Sending request number 5 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Writing tweets to file: _Lopi_.txt
[+] Smallest Tweet ID Found: 184347232517103616
[+] Sending another request with max_id=184347232517103616
[+] Sending request number 6 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Writing tweets to file: _Lopi_.txt
[+] Smallest Tweet ID Found: 149960621063016448
[+] Sending another request with max_id=149960621063016448
[+] Sending request number 7 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Writing tweets to file: _Lopi_.txt
[+] Smallest Tweet ID Found: 116212022500278272
[+] Sending another request with max_id=116212022500278272
[+] Sending request number 8 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Writing tweets to file: _Lopi_.txt
[+] Smallest Tweet ID Found: 74367908058378240
[+] Sending another request with max_id=74367908058378240
[+] Sending request number 9 to Twitter
[+] Receiving response from Twitter
[+] Parsing response from Twitter
[+] Writing tweets to file: _Lopi_.txt
[+] Smallest Tweet ID Found: 29056247838


Reviewing the Output


## _Lopi_.txt [plain_text]
Tue Feb 05 23:12:57 +0000 2013: @arch3angel @TrustedSec sadface :(
Tue Feb 05 22:34:37 +0000 2013: @arch3angel @trustedsec haha thanks, fight fire with fire right? ;)
Tue Feb 05 22:06:43 +0000 2013: @wimremes @trustedsec thanks, although its nothing official yet
Tue Feb 05 22:05:51 +0000 2013: @HackerHuntress @trustedsec thanks, although its nothing official yet
Tue Feb 05 22:03:07 +0000 2013: Excuse my language, but holy shit I'm on track to be @trustedsec's first intern!
Tue Feb 05 20:46:47 +0000 2013: Interview playlist time!
Tue Feb 05 19:11:11 +0000 2013: @HackerHuntress @deyo2794 Haha, I suppose that's true :)
Tue Feb 05 19:09:26 +0000 2013: @HackerHuntress @deyo2794 Well, last time I spoked to this person it was at Derbycon and he humped me repeatedly. #wishiwerekidding
Tue Feb 05 19:02:10 +0000 2013: Incredibly nervous about this interview at 3 today
Tue Feb 05 01:14:14 +0000 2013: RT @Gunther_AR: Plaid CTF 2013 starts on April 19, 2013 at 21:00 UTC. #plaidctf2013 http://t.co/b1BOcAie
It's definitely one of the best ...
Mon Feb 04 18:16:31 +0000 2013: @phoobar Nah, I let a few domains expire last year
Mon Feb 04 17:20:19 +0000 2013: RT @GreySyntax: Mirrored #evasi0n https://t.co/IxmuOP2D /cc @evad3rs
Mon Feb 04 17:19:39 +0000 2013: @phoobar I transferred all of my domains to namecheap awhile back
Mon Feb 04 17:18:02 +0000 2013: RT @MatiasKatz: The iOS 6.x jailbreak by @evad3rs has been released. Now, the Internet will go mute for about 10 minutes :) http://t.co/ ...
Mon Feb 04 16:00:24 +0000 2013: Note taking strategies for academic success: http://t.co/srLjtvXK #eng249techcomm
Mon Feb 04 15:59:51 +0000 2013: Important note taking skills to have: http://t.co/5P5esP7N #eng249techcomm
Mon Feb 04 15:59:18 +0000 2013: Five Successful Tips for Note Taking in College: http://t.co/KT2o5zgw #eng249techcomm
Fri Feb 01 19:36:23 +0000 2013: #FF to one my favorite security people @g0tmi1k, you should follow him and read his blog if you don't already!
Fri Feb 01 19:04:47 +0000 2013: Pro tip of the day: get Spinach instead of Lettuce on your sandwiches, it's healthier and tastes better
Thu Jan 31 17:19:12 +0000 2013: The problem with talking to really busy people is they forget they were even talking to you unless you remind them /cc @dave_rel1k
Thu Jan 31 17:03:11 +0000 2013: I really wish rPlaylister was available for iOS, TV for Reddit just doesn't cut it :(
Thu Jan 31 01:30:12 +0000 2013: @beefproject Wasn't aware of that, but I was referring to shank + java mass pwner script together.
Thu Jan 31 01:13:16 +0000 2013: Why hasn't anyone combined https://t.co/3h0Q0JQS and https://t.co/PS8EEuHg yet? /cc @beefproject
Thu Jan 31 01:10:07 +0000 2013: This is why I love @duckduckgo: http://t.co/bTrPlAof
Wed Jan 30 22:47:18 +0000 2013: Hmm getting a shell on my iPhone via @beefproject would be pretty awesome, I'll have to do some research to see if it's possible
Wed Jan 30 22:26:18 +0000 2013: Bleh, the idea I had for @beefproject has already been done: https://t.co/3h0Q0JQS
Wed Jan 30 21:24:57 +0000 2013: @NationalCCDC Red team leader David Cowen does an AMA on reddit: http://t.co/BmmKUxzH
Wed Jan 30 21:20:52 +0000 2013: @HackerHuntress You're a wise woman, Ms. Huntress
Wed Jan 30 21:20:17 +0000 2013: @bhollemb working on it!
Wed Jan 30 21:18:11 +0000 2013: TIL @AccuvantLabs == Nickelback and @IOActive == Hasselhoff /cc @wimremes @shawnmoyer
Wed Jan 30 21:14:12 +0000 2013: @purehate_ @wimremes better stop looking for app sec consultants and start looking for social engineering consultants to force the koolaid
Wed Jan 30 21:13:21 +0000 2013: Overall, that's probably a good thing though :P
Wed Jan 30 21:12:54 +0000 2013: Even thought most people tell me I'm going to be perfectly fine; I still worry about internships, jobs, and my future in the sec community
Wed Jan 30 21:03:55 +0000 2013: Bleh, I must be confused today @wimremes is not from @AccuvantLabs /cc @purehate_
Wed Jan 30 21:03:17 +0000 2013: @purehate_ Makes sense, wish I could afford to do it while going to school :/
Wed Jan 30 21:02:34 +0000 2013: @purehate_ @AccuvantLabs Ignore that last tweet, @wimremes is on top of things!
Wed Jan 30 21:00:36 +0000 2013: @purehate_ @AccuvantLabs Any idea if Accuvant does internships?
Wed Jan 30 20:58:38 +0000 2013: @IllinoisStateU ACM Club asking how we host @ISUSec's website. Guess I'll help them get something going as well since I have free hosting.
Wed Jan 30 20:58:38 +0000 2013: @IllinoisStateU ACM Club asking how we host @ISUSec's website. Guess I'll help them get something going as well since I have free hosting.
Wed Jan 30 05:07:00 +0000 2013: @beefproject It was a pretty simple demo showing off basic features. I have a few ideas for more something more complex in the future though
Wed Jan 30 01:29:25 +0000 2013: Just put together a @beefproject demo in 30 minutes, thanks gents!
Tue Jan 29 17:50:50 +0000 2013: RT @ISUSec: Kick off meeting tonight with other IT clubs on campus! Free pizza and demos? Why wouldn't you go?
Tue Jan 29 17:31:43 +0000 2013: Server access acquired, I can go back to work if I want to ^_^
Tue Jan 29 16:51:53 +0000 2013: @deyo2794 Maybe I should create my own server access to speed up the process :D
Tue Jan 29 16:48:21 +0000 2013: Planned on working all day, but then I realized I'm waiting for server access to continue this project ><
Tue Jan 29 16:33:50 +0000 2013: RT @DasRealChiggins: 1/29 I'll be doing my most difficult demo with @isusec & IT Club. Come check us out in STV 101 at 8pm! @Illinoi ...
Tue Jan 29 16:32:42 +0000 2013: @defcon831 @spiderlabs yessir
Tue Jan 29 04:53:47 +0000 2013: @g0tmi1k awesome job on vulnhub!
Tue Jan 29 02:53:48 +0000 2013: Nothin lik a a few tasty brews while I prepare a demo for @ISUSec presentation tomorrow
Tue Jan 29 00:56:49 +0000 2013: Interview with @SpiderLabs went well or so I think :D
Mon Jan 28 21:58:19 +0000 2013: @VitoPiazzano cool, thanks for the suggestion!
Mon Jan 28 21:42:55 +0000 2013: @phoobar @tqbf true, I'll have to shoot him an email
Mon Jan 28 21:42:05 +0000 2013: @deyo2794 To recap, no internship and no job offer from the orange. Pushed me to look for opportunities though.
Mon Jan 28 21:36:02 +0000 2013: @deyo2794 Nope, the orange pretty much turned me away when I told them I'm not graduating until Dec
Mon Jan 28 21:26:29 +0000 2013: If anyone in my twitter sphere has any leads for a security internship this summer, please let me know!
Mon Jan 28 21:25:02 +0000 2013: @The_Vidette Do an article on @ISUSec and consider it done :P
Mon Jan 28 20:55:28 +0000 2013: @c7five Thanks, didn't take you long to find me on the twitters :P
Mon Jan 28 20:49:51 +0000 2013: In other news, I have a phone interview with the Director of Security Research at @SpiderLabs ^^
Mon Jan 28 20:40:26 +0000 2013: Dear @LightSpeedPOS, please learn to put proper error handling into your client application so it doesn't crash every time curl fails
Sun Jan 27 21:51:39 +0000 2013: RT @Jhaddix: Adriuno Network monitoring code: https://t.co/lmrs8a5A
Fri Jan 25 21:47:27 +0000 2013: This point of sales system would be pretty good if the client didn't crash every time I try to do anything, at least it's pretty! #ilstu
Fri Jan 25 19:08:07 +0000 2013: MySQLi pass <-- Apparently this point of sales system likes sql injection ^^
Fri Jan 25 18:37:08 +0000 2013: @defcon831 you know it ;)
Fri Jan 25 18:28:42 +0000 2013: If you wear a popped collar and stay on facebook for all of class, expect mass deauth packets #ilstu
Thu Jan 24 21:50:24 +0000 2013: @IllinoisStateU finally getting involved with @ISUSec after meeting every week for almost two years. Better late than never :P #ilstu
Thu Jan 24 20:35:31 +0000 2013: RT @postmodern_mod3: Fact: @github cannot prevent you from being stupid. https://t.co/832e87qa
Wed Jan 23 19:28:11 +0000 2013: @ISUSec Meeting tonight at 8:00 pm in OU133. Officer elections, discussion about funding/support from the uni, and presentation on Darknets
Wed Jan 23 19:05:18 +0000 2013: Starting a web development project for @IllinoisStateU today #ilstu
Wed Jan 23 02:48:01 +0000 2013: @MStudman63 Have I ever told you how much I love and hate you ;)
Wed Jan 23 02:01:56 +0000 2013: @Bro_IDS Didn't realize Bro IDS does internships :P
Wed Jan 23 02:01:34 +0000 2013: RT @Bro_IDS: Once again the Bro Team is looking for a student summer intern: http://t.co/LjsT6rKj
Wed Jan 23 02:00:51 +0000 2013: Sorry, had to do a silly assignment for my technical writing class. Spam stops now!
Wed Jan 23 02:00:04 +0000 2013: @Rchowar1 great article and a very important step towards better electronic privacy #eng249techcomm
Wed Jan 23 01:58:19 +0000 2013: @jtodd44 "Know the Limits of Virtual Humor" <-- had to be my favorite section
Wed Jan 23 01:57:13 +0000 2013: @CadeBoland Haha this is so true, people can get defensive for no reason #eng249techcomm
Wed Jan 23 01:55:25 +0000 2013: @HupkeDaniel Great tips for declining job offers via email, I had to do this recently and this would have helped! #eng249techcomm
Wed Jan 23 01:53:59 +0000 2013: @MelCopersmet Purdue OWL is an excellent resource, thanks! #eng249techcomm
Wed Jan 23 01:53:21 +0000 2013: Worst email habits and annoyances: http://t.co/rLVCB6Ra #eng249techcomm
Wed Jan 23 01:52:01 +0000 2013: 25 Gmail tips that make you look more professional: http://t.co/rohml7Xv #eng249techcomm
Wed Jan 23 01:50:35 +0000 2013: Take advantage of contact groups in gmail: http://t.co/PaI0C9Jl #eng249techcomm
Wed Jan 23 01:48:44 +0000 2013: Make your life easier using gmail filters: http://t.co/TokqyWCl #eng249techcomm
Wed Jan 23 01:47:06 +0000 2013: Knows your rights in the work place regarding email: http://t.co/KIwR1eRP #eng249techcomm
Tue Jan 22 23:40:38 +0000 2013: RT @DasRealChiggins: Dear Professor, stop wasting my time.
Tue Jan 22 23:34:05 +0000 2013: @HackerHuntress @Ben0xA lets dooo it
Tue Jan 22 23:09:10 +0000 2013: @Ben0xA @jwgoerlich @HackerHuntress yarly ^_^
Tue Jan 22 23:09:00 +0000 2013: @Ben0xA @HackerHuntress I have enough trouble writing interesting blog posts
Tue Jan 22 22:59:30 +0000 2013: @planetbeing I couldn't agree more :P
Tue Jan 22 22:59:21 +0000 2013: RT @planetbeing: Why is everyone getting so excited about the jailbreak? Afaik, best news I got today was http://t.co/zxsKEr0k is coming ...
Tue Jan 22 22:12:41 +0000 2013: @DasRealChiggins @HackerHuntress @Ben0xA I have to admit it was next level CTF play from us
Tue Jan 22 22:10:22 +0000 2013: @jwgoerlich @HackerHuntress @Ben0xA I would do it again in a heartbeat :D
Tue Jan 22 22:09:54 +0000 2013: @HackerHuntress @Ben0xA Clever girl, at least I redeemed myself somewhat with NCL or so I hope anyway.
Tue Jan 22 22:03:12 +0000 2013: @HackerHuntress I was tricked into dancing gangnam style on stage with @Ben0xA, and I survived. Pretty sure you can give a talk like np :P
Fri Jan 18 01:14:59 +0000 2013: @netforces haha sounds good
Thu Jan 17 19:05:17 +0000 2013: RT @4v4t4r: #Security #Challenge #CTF #Web + Libro #Ethical #Hacking2 > http://t.co/IIXZnCDm  #SecTrack #HackLab
Thu Jan 17 16:19:33 +0000 2013: @netforces Red team can't participate remotely for CIHSCDC, sorry man :(
Thu Jan 17 16:18:43 +0000 2013: @Ben0xA clever girl :P
Wed Jan 16 23:26:56 +0000 2013: @xillwillx @redditflipboard I really want one
Wed Jan 16 23:25:45 +0000 2013: RT @xillwillx: RT @redditflipboard: I found a vending machine in Japan that puts your face on figurines.  http://t.co/hYCTm57w > want.
Wed Jan 16 16:55:37 +0000 2013: Please ignore any tweets with #eng249techcomm if you're a security person, it's for a class
Wed Jan 16 16:53:55 +0000 2013: Seoul Min will receive a gift basket of Sake, and a assorted gift basket with fruit, books, etc. for Lee Brasseur #eng249techcomm
Wed Jan 16 16:39:42 +0000 2013: This proves it #eng249techcomm
Tue Jan 15 23:02:34 +0000 2013: @netforces ask and you shall receive :P
Tue Jan 15 22:51:15 +0000 2013: @netforces Check out http://t.co/WP1T2IBL and give me your email if you want the email I received yeterday
Tue Jan 15 02:33:50 +0000 2013: @ForgottenSec @deyo2794 dm me your email
Mon Jan 14 23:55:41 +0000 2013: @phoobar you speak the truth sir
Mon Jan 14 22:28:11 +0000 2013: Man I wish we had better teachers at @IllinoisStateU #ilstu
Mon Jan 14 22:14:39 +0000 2013: CIHSCDC taking place on April 5th this year. If I talked to you about red teaming, please get in touch with me! /cc @ForgottenSec @deyo2794
Fri Jan 11 14:43:13 +0000 2013: Why am I wide awake this early on my last day of break
Wed Jan 09 23:08:25 +0000 2013: @ForgottenSec Thanks man!
Wed Jan 09 23:05:05 +0000 2013: Woot, can't wait to hear back about this internship opportunity :)
Wed Jan 09 02:15:13 +0000 2013: @dave_rel1k @trustedsec thanks, hit up the form on the site
Tue Jan 08 23:01:55 +0000 2013: I wonder if @TrustedSec does internships ^^
Tue Jan 08 22:54:08 +0000 2013: RT @jack_rtfm: Favorite Linux Commands http://t.co/Rcn8MLsl
Tue Jan 08 22:33:49 +0000 2013: I love how the Stego solutions provided by @NatlCyberLeague are pretty much "Use this tool and get the flag". How is this done manually?
Sun Jan 06 00:17:51 +0000 2013: RT @g0tmi1k: Testing out the seedbox for @VulnHub =) Will try to get it released THIS month (sorry for the delay) http://t.co/YjaZqv5Z
Sun Jan 06 00:17:44 +0000 2013: @g0tmi1k @VulnHub Nice work, can't wait until @VulnHub is fully functional!
Sun Jan 06 00:16:57 +0000 2013: RT @NullMode_: Study CCNA for free! https://t.co/KI3nzFdL
Sun Jan 06 00:15:23 +0000 2013: RT @digininja: RT: @achillean: Added SMB to Shodan :) http://t.co/xKpsLldq - That is great, scary and sad all at once
Sat Jan 05 23:24:42 +0000 2013: RT @NullMode_: Nice short article on how UDP scanning works https://t.co/g3QmDO0s
Sat Jan 05 22:54:43 +0000 2013: I keep frantically checking the status of my application for @mozilla's security engineering internship even though it's Saturday. #Fail
Sat Jan 05 22:52:49 +0000 2013: @defcon831 thanks man!
Fri Jan 04 00:24:00 +0000 2013: Back to /r/netsec Q1 hiring thread to find all the internships
Fri Jan 04 00:22:49 +0000 2013: Just applied for @mozilla security engineering internship!
Sun Dec 30 00:23:49 +0000 2012: @IllinoisStateU @NatlCyberLeague Oops, didn't see ISU promoted this until now!
Sun Dec 30 00:23:05 +0000 2012: RT @IllinoisStateU: Today on STATEside: Meet Chris Spehn, IT student who just won a national cybersecurity championship, @NatlCyberLeagu ...
Fri Dec 21 23:52:36 +0000 2012: @briankrebs Are you done with the how to break into security series?
Fri Dec 21 23:35:20 +0000 2012: This is all you get for winning a National competition http://t.co/QSzs3ChQ
Mon Dec 17 00:31:27 +0000 2012: Been playing way too much dota 2 recently
Mon Dec 17 00:07:04 +0000 2012: Bleh, hopefully that fixed the twitter issues.
Sun Dec 16 23:59:25 +0000 2012: @JGamblin I was napping, looking for the leak mow
Fri Dec 14 20:34:17 +0000 2012: @coder543 gotta remove all those pesky apps with access to my twitter account
Fri Dec 14 20:30:10 +0000 2012: @coder543 forgot to remove access to some twitter app, it went rogue
Fri Dec 14 18:56:14 +0000 2012: @Ben0xA http://t.co/dgbKXxa7 <-- Here's your shirt, should be showing up in other places on ISU's website as well
Thu Dec 13 16:26:39 +0000 2012: @Ben0xA should be on ISU's blog tomorrow, I'll link ya
Wed Dec 12 19:53:25 +0000 2012: @Ben0xA Your t-shirt is about to be seen by lots of people. Wearing it for this photo shoot ISU asked me to do. Poster child incoming...
Tue Dec 11 21:03:13 +0000 2012: Silly twitter apps trying to tweet for me :P
Tue Dec 11 20:59:55 +0000 2012: @DotADeMoN Accept my steam friend request :P
Mon Dec 10 05:40:09 +0000 2012: RT @r_netsec: SANS Holiday Challenge 2012 - http://t.co/4BHVmP56
Sun Dec 09 22:42:15 +0000 2012: The extremely edited recording I was given: http://t.co/nxTRKSOv
Sun Dec 09 22:39:11 +0000 2012: I was on the radio on Friday for winning @NatlCyberLeague: http://t.co/Q0gDA94g
Wed Dec 05 21:47:08 +0000 2012: @ForgottenSec Lol, apparently @cramniprut is listed as a known red teamer: http://t.co/62xJYyyA
Wed Dec 05 21:41:47 +0000 2012: Excellent write up by @ForgottenSec on #NCL2012 Network 1 challenge: http://t.co/ICB1P0TE
Wed Dec 05 21:40:54 +0000 2012: Nice write up by @defcon831 on #NCL2012 Advanced Crypto challenges: http://t.co/dHAuMIWs
Wed Dec 05 20:49:21 +0000 2012: @seccdc @NatlCyberLeague Thank you so much!
Mon Dec 03 22:16:36 +0000 2012: @defcon831 Yeah, CCDC is fun. It can be very frustrating at times though.
Sun Dec 02 01:34:09 +0000 2012: @acjordan2 Thanks man, ISU finally beat DePaul!
Sun Dec 02 01:28:47 +0000 2012: @defcon831 Check my blog post. I have a screenshot of all the flags I captured. http://t.co/9efD3iy9
Sun Dec 02 01:24:29 +0000 2012: Blog post: How I won the NCL 2012 Championships -- http://t.co/9efD3iy9 /cc @NatlCyberLeague @ForgottenSec @defcon831 @HaxDogma #2012NCL
Sun Dec 02 01:22:37 +0000 2012: @defcon831 @HaxDogma @ForgottenSec I've done CCDC the past two years, not sure if I'll do a third.
Sun Dec 02 01:21:59 +0000 2012: @HaxDogma @defcon831 @ForgottenSec Thanks man, congrats on 6th place!
Sat Dec 01 23:47:42 +0000 2012: RT @NatlCyberLeague: 2012 NCL Fall Pilot Season Championship results here: http://t.co/XSP145Bb #2012NCL
Sat Dec 01 23:02:03 +0000 2012: I am the Champion of #2012NCL :D
Sat Dec 01 22:31:15 +0000 2012: RT @ForgottenSec: @NatlCyberLeague It was an awesome competition, I look forward to the next run.  Thanks @threatspace for coming up wit ...
Sat Dec 01 22:26:58 +0000 2012: @ForgottenSec @defcon831 Same here, I'll write up Web App 3 for you.
Sat Dec 01 22:25:34 +0000 2012: @defcon831 Thanks, waiting to see the scores now :)
Sat Dec 01 18:34:56 +0000 2012: NCL Championships in 30 minutes #2012NCL
Sat Dec 01 18:34:16 +0000 2012: RT @NatlCyberLeague: T-3 hours to kickoff of the 2012 NCL Fall Pilot Season Championship. Are you ready for some CTF? #2012NCL
Sat Dec 01 18:34:13 +0000 2012: RT @NatlCyberLeague: NCL Championship 12/01/12 - 30 best competitors from the country battle it out CTF-style for bragging rights. Good  ...
Fri Nov 30 04:52:29 +0000 2012: @defcon831 Yeah, I don't think we have to do anything special for the last three. Still no luck here.
Thu Nov 29 23:49:01 +0000 2012: @defcon831 Yeah, each one has a different salt
Thu Nov 29 23:17:46 +0000 2012: @defcon831 Bleh, I thought so. What else have you tried?
Thu Nov 29 23:09:04 +0000 2012: @defcon831 This probably isn't the password format for root. I'm 20 minutes in and at NCL-VXXX-0000.
Thu Nov 29 23:02:04 +0000 2012: @defcon831 Here's exactly what I did if you're curious: http://t.co/m8axOVZe
Thu Nov 29 22:55:03 +0000 2012: @defcon831 Use the "KoreLogicRulesAppend4Num" rule for john. Edit john.conf and change the rule to -[c:] \p[u:] Az"[0-9][0-9][0-9][0-9]" <+
Thu Nov 29 20:55:37 +0000 2012: @defcon831 Can I see your rules? You're proabably using ?l instead of ?u or something similar
Thu Nov 29 00:34:42 +0000 2012: @defcon831 Nope, I never made rules for john to do it. You tried all combinations of NCL-ABCD-1234?
Thu Nov 22 02:55:37 +0000 2012: @StealthyBadger Awe sorry man, thanks for the support!
Thu Nov 22 02:53:11 +0000 2012: @defcon831 thanks, you too!
Thu Nov 22 00:26:06 +0000 2012: RT @NatlCyberLeague: 2012 Fall Pilot Season Leader Boards updated: http://t.co/r3errmLH
Tue Nov 20 21:20:19 +0000 2012: @NatlCyberLeague "11/19/12: Participants in NCL Championship announced (top 10 in each Conference advance)" <-- Where are the scores?
Mon Nov 19 21:04:19 +0000 2012: Maintenance turned off the water in my apartment when I was taking a shower ^_^
Sun Nov 18 21:25:44 +0000 2012: @defcon831 This is what I did, but I never cracked the private key successfully: http://t.co/H1toC9oc
Sun Nov 18 21:13:13 +0000 2012: @defcon831 Ah, I used a python tool called findmyhash to search all the publicly available rainbow tables for the Windows passwords.
Sun Nov 18 18:51:17 +0000 2012: @defcon831 Nope, but I think we needed a custom word list in NCL-ABCD-1234 format. Its probably something different though.
Sat Nov 17 21:49:51 +0000 2012: Sitting at 34/50 flags in Competition 3 for #NCL2012 with 10 minutes left
Sat Nov 17 21:49:14 +0000 2012: RT @NatlCyberLeague: Competition 3: highest number of flags correctly captured: 32 out of 50. #2012NCL
Sun Nov 11 18:29:36 +0000 2012: Geo Stalking with Bing maps and the Twitter Maps App: http://t.co/xRfzcqxO
Sat Nov 10 18:38:01 +0000 2012: #NCL would be a cool competition if I didn't have to compete against teams as an individual
Thu Nov 08 21:22:34 +0000 2012: I need to read less and do more
Wed Nov 07 21:37:36 +0000 2012: @ISUSec meeting tonight at 8:00 PM in OU133. Topics include embedding the Teensy, ISUSec CTF, and Red Team collaboration via armitage!
Wed Nov 07 21:05:17 +0000 2012: I <3 Armitage
Sat Nov 03 17:59:57 +0000 2012: Getting ready to start #NCL2012 Competition 2 Log File Analysis. Time to grab a beer!
Fri Nov 02 22:36:29 +0000 2012: @HackerHuntress sorry I missed your call earlier
Wed Oct 31 20:50:19 +0000 2012: Stripe CTF shirt came in today! http://t.co/7qwjrpTQ
Wed Oct 31 18:13:12 +0000 2012: @Ben0xA touché
Wed Oct 31 17:54:19 +0000 2012: @Ben0xA Not sure what's better, getting paid to dance gangnam style for a few mins or getting paid to hack high school students all day
Wed Oct 31 17:47:50 +0000 2012: @Ben0xA Haha I received the email yesterday otherwise I probably would assume it's a troll
Wed Oct 31 17:43:02 +0000 2012: There is still a paycheck from May for you here in the Payroll office.  Please bring a photo id to our office to pick it up. <-- w00t
Tue Oct 30 22:19:23 +0000 2012: Phew, I'm on level 16. Not sure if I even understand how I solved level 15, but I'm moving forward! http://t.co/4GMS8BQ0
Mon Oct 29 17:58:44 +0000 2012: RT @MWCCDC: State CCDC registration has begun.  All state competitions from Illinois, Indiana, Iowa, Kentucky, Michigan,... http://t.co/ ...
Mon Oct 29 17:52:12 +0000 2012: Lol what, nmap is part of gnome-extra in the official @archlinux repositories ^^
Fri Oct 26 20:11:56 +0000 2012: @nickpack I don't run Arch on all of my boxes either. I only run it my desktop.
Fri Oct 26 20:08:21 +0000 2012: @nickpack Arch also has some of the best documentation I've ever seen. If you have a problem with arch then you probably didnt read the wiki
Fri Oct 26 20:07:27 +0000 2012: @nickpack yeah, for me it's all about the community and philosophy behind the distro. I absolutely love the arch philosophy and community.
Fri Oct 26 19:56:42 +0000 2012: @nickpack fair enough, I'm an arch fanboy though :P
Fri Oct 26 19:52:48 +0000 2012: @nickpack haha, what would you like to see? Crunchbang?
Fri Oct 26 19:49:31 +0000 2012: My new 23.6" monitor gives me a little more screen space, talk about excited! http://t.co/n7xU0gl3
Fri Oct 26 18:15:13 +0000 2012: @ForgottenSec What school are you from again?
Fri Oct 26 18:13:40 +0000 2012: @HackerHuntress Thanks, the next competition is the same day I'm scheduled to hack your lab. It's only four hours long though.
Fri Oct 26 18:00:19 +0000 2012: @ForgottenSec Likewise, I better see you in the finals ;)
Fri Oct 26 17:48:38 +0000 2012: Today I learned I'm ranked third overall in the NCL: http://t.co/RgkZkaRu
Wed Oct 24 22:24:08 +0000 2012: Come check it out tonight at ISUSec's meeting in OU133 at 8:00 p.m.
Wed Oct 24 22:24:04 +0000 2012: Well, I successfully created a introductory security CTF in a few hours. Looking into making a simple scoreboard now.
Wed Oct 24 19:47:44 +0000 2012: Ugh, I'm better off making some basic challenges instead of searching for them in CTF archives :/
Wed Oct 24 19:32:26 +0000 2012: @HackerHuntress @deyo2794 @ISUSec DM it to me, doesn't have to be technical
Wed Oct 24 19:26:09 +0000 2012: @deyo2794 @ISUSec I agree, but I'm not sure exactly how to do that :P
Wed Oct 24 19:20:50 +0000 2012: @deyo2794 @ISUSec Skill levels vary, but we mostly have beginners. Some have never done a CTF before.
Wed Oct 24 19:17:36 +0000 2012: Doing an introduction to CTF tonight at @ISUSec, any suggestions for basic challenges? Only have a few levels of stripe running atm
Wed Oct 24 16:34:22 +0000 2012: RT @j0emccray: New from Mubix lm2ntlm with John the Ripper http://t.co/ktKIEcb9
Tue Oct 23 22:56:50 +0000 2012: I missed you @archlinux
Mon Oct 22 22:22:45 +0000 2012: Getting all the things done today
Sat Oct 20 23:04:25 +0000 2012: Wish I had more time to get all the flags in the NCL WebApp #CTF, but it was fun! http://t.co/UvaGkY3h
Sat Oct 20 21:13:33 +0000 2012: 1500/2100 points in the NCL #CTF with an 50 minutes to go!
Sat Oct 20 19:23:28 +0000 2012: I really suck at javascript
Sat Oct 20 18:59:34 +0000 2012: I currently have 33.3% of the flags in the NCL WebApp #CTF, most of which I was the first person to capture flag :)
Sat Oct 20 17:27:42 +0000 2012: NCL #CTF channel is starting to get interesting ^^
Sat Oct 20 17:13:33 +0000 2012: RT @jamesejr7: National Cyber League (NCL) 2012 Fall Pilot Season WebApp #CTF at 1300!
Fri Oct 19 22:20:55 +0000 2012: @irongeek_adc @hack3rcon success!
Fri Oct 19 22:06:29 +0000 2012: @irongeek_adc @hack3rcon Broken link is broken :(
Tue Oct 16 21:34:40 +0000 2012: @ForgottenSec are you doing NCL?
Tue Oct 16 21:15:03 +0000 2012: Anyone else excited for the NCL CTF this Saturday? #ccdc #ncl
Tue Oct 16 21:12:11 +0000 2012: Woot, made it to the next round of interviews with @SecInnovation
Sun Oct 14 18:27:59 +0000 2012: That jump was pretty insane, congrats to the team! #livejump
Sat Oct 13 18:52:49 +0000 2012: Today I learned BT5R3 doesn't come with gdb installed by default
Thu Oct 11 22:21:57 +0000 2012: @SecInnovation Managed to get the text file readable, but still have no idea what this is for :P
Thu Oct 11 21:59:46 +0000 2012: @SecInnovation Your challenge at http://t.co/EV2g43u0 has been pretty fun so far. Not really sure what to do with this txt file though :P
Thu Oct 11 17:04:10 +0000 2012: Woot, I am officially one of @j0emccray's security rookies!
Thu Oct 11 17:02:44 +0000 2012: @Ben0xA @jwgoerlich @sukotto_san I'm down for a #roadtrip to #misec
Thu Oct 11 03:25:10 +0000 2012: I hate VMWare lab manager
Wed Oct 10 17:22:15 +0000 2012: @deyo2794 My personal blog runs on blogger - http://t.co/XB6IzzXb, ISUSec's blog is wordpress - http://t.co/Ak27pR5P
Wed Oct 10 17:14:43 +0000 2012: @mckeay @HackerHuntress True, never really thought of it like that
Wed Oct 10 17:13:48 +0000 2012: Speaking of my blog, I should start actively writing posts again
Wed Oct 10 17:08:34 +0000 2012: @mckeay @HackerHuntress I've actually received more interviews from my blog and twitter then sending out my resume
Wed Oct 10 17:07:33 +0000 2012: @Secureholio @failOpen We didn't know what r/s means, @HackerHuntress educated us
Wed Oct 10 17:05:20 +0000 2012: @HackerHuntress @failOpen @Secureholio That makes sense. To be fair, I haven't configured a router in years; switch in maybe a year
Wed Oct 10 17:02:10 +0000 2012: @failOpen @HackerHuntress @Secureholio I was about to ask the same question
Wed Oct 10 16:58:46 +0000 2012: @Secureholio I was literally thinking the exactly same thing yesterday though. I need to specialize because I'm nothing but a generalist :P
Wed Oct 10 16:57:51 +0000 2012: @Secureholio I consider myself an infosec generalist, not a hacker. Too much of a skiddie to be the real deal.
Wed Oct 10 16:57:51 +0000 2012: @Secureholio I consider myself an infosec generalist, not a hacker. Too much of a skiddie to be the real deal.
Mon Oct 08 23:02:35 +0000 2012: @claudijd ninja status
Mon Oct 08 23:02:17 +0000 2012: Might have to take a look at writing cortana scripts for Armitage tonight
Mon Oct 08 23:01:16 +0000 2012: @claudijd check your dm when you get a chance please
Mon Oct 08 19:04:10 +0000 2012: @HackerHuntress Noooooooooo, *runs away*
Mon Oct 08 18:56:01 +0000 2012: @HackerHuntress way too 1337
Sat Oct 06 14:57:16 +0000 2012: Coldest day so far this winter, and I'm supposed to go tailgating #firstworldproblems
Sat Oct 06 01:58:14 +0000 2012: RT @NatlCyberLeague: 2012 Fall Pilot Season stats: 550+ students, from 85+ two/four year schools in 27 states competing: http://t.co/qDX ...
Fri Oct 05 21:51:49 +0000 2012: @jewliefouts I'm rude, didn't even tell you congrats. Congrats jewels!
Fri Oct 05 21:45:19 +0000 2012: @jewliefouts subtle troll is subtle.........
Fri Oct 05 21:42:50 +0000 2012: @jewliefouts be careful what you say on the twitters :P
Fri Oct 05 21:35:32 +0000 2012: @HackerHuntress I have plenty of time to decide
Fri Oct 05 21:24:51 +0000 2012: Just received a job offer to work on a pentesting team at a major financial institution. Time to do some thinking...
Fri Oct 05 20:26:27 +0000 2012: @rogueclown Awesome talk on Python at #DerbyCon, one of the best introductions I've seen
Fri Oct 05 19:21:06 +0000 2012: Having some fun with Ettercap, Driftnet, and URLSnarf ^_^
Thu Oct 04 19:30:35 +0000 2012: RT @jcran: Announcing the PX Enterprise Testing Appliance (PX-EPA) http://t.co/XLSaVEVO [Blog Post]
Thu Oct 04 18:37:56 +0000 2012: @overflowingInt @Ben0xA Normal, IL
Thu Oct 04 18:08:32 +0000 2012: Just sent my resume to @j0emccray's security rookies program, time to bust out the #DerbyCon business cards. #fingerscrossed
Thu Oct 04 17:20:31 +0000 2012: @Ben0xA has to be one of the nicest people I've ever with met with the exception of tricking me into dancing gungnam style at #DerbyCon
Wed Oct 03 19:30:45 +0000 2012: @HackerHuntress yarly
Wed Oct 03 19:21:21 +0000 2012: Updated my resume today, excited to send it out to all the companies I talked to at #Derbycon :D
Wed Oct 03 04:47:51 +0000 2012: RT @r0wnin: Katana 3.0 Beta available for download only for another 24 hours http://t.co/cqrypDXW
Tue Oct 02 21:20:21 +0000 2012: @HackerHuntress @isusec I hate IE, but I'll look into fixing it. Thanks!
Tue Oct 02 21:10:10 +0000 2012: @HackerHuntress @ISUSec say what?
Tue Oct 02 20:35:13 +0000 2012: Most of the presentations and/or workshops for @ISUSec are up on http://t.co/Ak27pR5P now!
Tue Oct 02 20:07:40 +0000 2012: @jwgoerlich Thanks, consider yourself pinged :P
Tue Oct 02 20:00:30 +0000 2012: @jwgoerlich Would you mind sharing what you're doing? I've been thinking of doing that for @ISUSec
Tue Oct 02 19:55:31 +0000 2012: @BillReyor Don't feel bad, I didn't know either; had to ask @cramniprut how he was doing it :P
Tue Oct 02 19:54:33 +0000 2012: @deyo2794 I'd like to see that, but @ndr3www probably won't like it
Tue Oct 02 19:53:22 +0000 2012: @BillReyor Google does it all for you: File > Publish in Google docs. Embed code with options there.
Tue Oct 02 19:22:27 +0000 2012: Doing some much needed maintenance on http://t.co/Ak27pR5P. Fixed most of the issues, and changed wordpress themes. It's looking decent!
Tue Oct 02 13:58:59 +0000 2012: RT @Ben0xA: It's User Security Awareness Month. My #DerbyCon talk was on this topic. Video & Slide Deck here http://t.co/sONZYTzZ #I ...
Mon Oct 01 23:05:38 +0000 2012: @jwgoerlich @Ben0xA @DerbyCon Woot, now I can see myself dancing gangnam style in HD. Thanks @irongeek_adc
Mon Oct 01 19:53:20 +0000 2012: Woot, boarded my train with 8 minutes to spare. That was a close one :P
Mon Oct 01 19:37:43 +0000 2012: @phoobar @shawnmoyer possibly, right now I think i'm barely going to make it on time
Mon Oct 01 19:31:26 +0000 2012: Uh oh, I might not make my train at 3:00. Could be stuck in STL until 6 :(
Mon Oct 01 19:30:37 +0000 2012: @deyo2794 haha awesome
Mon Oct 01 19:22:19 +0000 2012: @deyo2794 sounds good to me, I'll check it out when I get on my train
Mon Oct 01 19:20:06 +0000 2012: @deyo2794 I could edit rick roll to be gungnam roll since its pretty much the new rick roll :D
Mon Oct 01 19:15:45 +0000 2012: Hmm.. suppose I could bust out my pineapple on Amtrak. It would be fun, but I want my own project to work on :(
Mon Oct 01 19:13:50 +0000 2012: Heading back to ISU, have at least a 4 hour trip ahead of me. Need to find something to work on. Trying to use #DerbyCon as inspiration.
Mon Oct 01 19:11:02 +0000 2012: RT @Ben0xA: [Blog] DerbyCon 2.0 - The Reunion Write Up http://t.co/36VZX9Jr #InfoSec #Security #DerbyCon cc: @DerbyCon
Mon Oct 01 03:30:52 +0000 2012: You can see me dancing with @Ben0xA on stage gungnam style during his talk here: http://t.co/IhylKjad #DerbyCon
Mon Oct 01 02:45:49 +0000 2012: @elizmmartin @Ben0xA thanks for sendin me that video!
Sun Sep 30 19:21:33 +0000 2012: @elizmmartin @Ben0xA done and done
Sun Sep 30 18:59:26 +0000 2012: @elizmmartin @Ben0xA woot, I need that asap
Sun Sep 30 13:57:35 +0000 2012: @SecBarbie thanks, it was awesome meeting you too; I promise to try and make the Chicago cons
Sun Sep 30 13:02:22 +0000 2012: Have to leave #DerbyCon early for a funeral, thanks for another awesome con
Sun Sep 30 01:16:36 +0000 2012: @Ben0xA GUNDAM STYLE http://t.co/GHRRayQ3 (via @gdbassett) <— I’m proud to say this is me
Sun Sep 30 00:37:29 +0000 2012: @irongeek_adc Please upload @Ben0xA’s talk so I can see myself dancing on stage like an idiot #DerbyCon
Sat Sep 29 23:12:36 +0000 2012: @securid haha thanks man, more awesome dancing to come at the after party :P
Sat Sep 29 20:36:42 +0000 2012: Just danced on stage with @Ben0xA at his talk. Protip: don’t volunteer unless you want to be embarrassed. #DerbyCon
Sat Sep 29 01:51:04 +0000 2012: @derbyconctf I’m proud to say my team started the cheater’s club
Fri Sep 28 23:15:27 +0000 2012: RT @cramniprut: “@derbyconctf: Trying to cheat at the @derbyconctf gets you this! #DerbyCon http://t.co/klSai6NV” << Not cheating, ...
Fri Sep 28 20:31:56 +0000 2012: @deyo2794 check your dm
Fri Sep 28 20:28:44 +0000 2012: @deyo2794 hidden in a room playing CTF, I’ll be around the lobby area/outside in a few mins
Fri Sep 28 18:02:06 +0000 2012: @deyo2794 outside qdoba right now
Fri Sep 28 14:34:04 +0000 2012: 20 miles from Louisville #DerbyCon
Fri Sep 28 14:28:50 +0000 2012: Took over @cramniprut’s car radio from the back seat with my iPad and a USB am/fm transmitter #DerbyCon
Fri Sep 28 12:26:55 +0000 2012: @acjordan2 What are their names and what’s the favor?
Thu Sep 27 14:18:07 +0000 2012: 6 hours of driving today. 5 hours of driving tomorrow for #DerbyCon.
Wed Sep 26 22:28:55 +0000 2012: Introduction to Penetration Testing tonight at @ISUSec in OU133 at 8:00 p.m.
Wed Sep 26 22:25:55 +0000 2012: RT @drb0n3z: If you are staying at a hotel for @DerbyCon, pay attention to the model of hotel locks on your room door...
Wed Sep 26 19:38:02 +0000 2012: @acjordan2 yeah I should be there, you?
Wed Sep 26 19:37:27 +0000 2012: @ForgottenSec Consider it done
Mon Sep 24 19:14:36 +0000 2012: RT @humanhacker: No more waiting!  Defcon 20 #SocialEngineering CTF Report finally released:  http://t.co/6sJBdg8t RT pls
Mon Sep 24 19:14:10 +0000 2012: @HackerHuntress thanks <3
Mon Sep 24 18:29:29 +0000 2012: RT @khanfu: Now at http://t.co/i8ilFk6I: Mobile schedule for DerbyCon 2.0, also available as plain HTML (for older phones) and iCalendar ...
Mon Sep 24 18:15:21 +0000 2012: @theprez98 @DerbyCon I was looking over the schedule and noticed Raphael Mudge's talk is the only one without a title
Mon Sep 24 18:05:48 +0000 2012: @deyo2794 Thanks, and expect nothing but heckling during your talk :P
Mon Sep 24 18:05:11 +0000 2012: @JGamblin Thanks man, it's definitely appreciated
Mon Sep 24 17:51:48 +0000 2012: Anyway, here's to hoping I can still go to #Derbycon, play #CTF, and hack all the things.
Mon Sep 24 17:48:42 +0000 2012: Worked it out with the hotel so @ndr3www, @cramniprut, and @DasRealChiggins can still use my reward points. #Derbycon
Mon Sep 24 17:46:25 +0000 2012: Might not be able to go to #Derbycon this weekend. Found out my grandma has cancer and will only make it a few more weeks at best :(
Wed Sep 19 22:26:29 +0000 2012: RT @weddingpresent: From a 1972 Archie comic where he time-travels to the year 2012. (via Mark Newman) http://t.co/DqvWV4UM
Wed Sep 19 16:42:52 +0000 2012: @XenoPhage what all do you have?
Wed Sep 19 15:12:33 +0000 2012: RT @Ben0xA: Let the patching and tool update begin for #DerbyCon CTF -- cc: @_lopi_
Tue Sep 18 23:41:33 +0000 2012: @irongeek_adc works fine
Tue Sep 18 21:03:53 +0000 2012: @armitagehacker That's pretty cool, who needs an intern when you have a cortana bot -- Headline: Security companies code their own interns
Tue Sep 18 20:36:16 +0000 2012: @armitagehacker @SecurityTube Do you have people using Cortana scripts in their engagements?
Tue Sep 18 20:33:28 +0000 2012: RT @armitagehacker: Where am I going and why am I in a handbasket? Here's an interview by @SecurityTube on my career, product roadmap, e ...
Tue Sep 18 20:13:38 +0000 2012: @Ben0xA same, can't wait to play ctf again :D
Tue Sep 18 20:11:53 +0000 2012: RT @mattjay: Capture ALL the Flags http://t.co/dTGYEpR2 <- Writeup from one of my Houston guys @JohnathanKuskos of the Stripe CTF. Sp ...
Tue Sep 18 20:11:49 +0000 2012: @mattjay @JohnathanKuskos Nice write up, your solution to level 3 was elegant compared to mine. I used a subquery to select the id.
Tue Sep 18 19:14:52 +0000 2012: w00tage, #DerbyCon is next friday
Tue Sep 18 19:13:32 +0000 2012: RT @RSnake: Finally got around to donating the XSS cheat sheet to @OWASP http://t.co/EI1zI9AK Now everyone can edit/modify at will.
Mon Sep 17 18:55:32 +0000 2012: RT @fjhackett: New blog: Breaking into Security http://t.co/9Y5Yx3bp
Sat Sep 15 00:19:31 +0000 2012: Coding an irc bot in Python for fun, code is on Github <3
Thu Sep 13 00:49:36 +0000 2012: I need to come up with a project to work on :/
Wed Sep 12 17:56:37 +0000 2012: Bleh, Apple has been nothing but disappointing today.
Tue Sep 11 16:34:35 +0000 2012: Bleh I guess that’s old news. I’m behind on the twitters.
Tue Sep 11 16:28:33 +0000 2012: I wonder who's planning on bringing a monkey on stage at @DerbyCon... http://t.co/JT0SsK3R
Mon Sep 10 23:57:42 +0000 2012: RT @mubix: #SharedLinks CryptOMG Walkthrough - Challenge 1 http://t.co/4gozpR7I
Wed Sep 05 21:14:45 +0000 2012: RT @DasRealChiggins: Tonight @ISUSec semester kickoff meeting! Watch @_Lopi_ and I give demos, pray @WhoBobbyJones doesn't get hurt too  ...
Tue Sep 04 23:34:31 +0000 2012: I'm not sure what scares me more, the new furby or the million Apple UDID's that were released
Tue Sep 04 21:42:05 +0000 2012: RT @briankrebs: RT @joviannfeed: FBI calls out AntiSec, claim they had nothing to do with stolen Apple IDs http://t.co/cWSMoCm2 < &am ...

Saturday, December 1, 2012

How I won the NCL 2012 Championship

National Cyber League 2012

Before the NCL 2012 championships, I was ranked 6th nationally and 3rd in the midwest conference. I ended up winning the NCL championships with 12,00 points or 9/25 flags. This is a write up of the challenge that won the competition for me.


Web Exploitation - Target 3

We're presented with the following page. This is the best screen shot I have of the original page. The only files that existed originally are flag_01.php, index.php, and put.php. 


After some tinkering, I discovered I could upload files to the server using the HTTP PUT method. I kept uploading blank files such as roar.html and LOLNCL.html. I didn't understand how I could upload a php file with the data I specify. Earlier on, I analyzed all of the requests and responses with a tool called Burp Suite. I realized I could simply append my code to the raw HTTP request. I sent a GET request for put.php to Repeater within Burp Suite and added my code to the end of the request. The php code I added is a system command to list all the files and permissions.


I browse to https://184.72.228.91/.pwn.php and see the same files as we saw in index.php. From here, I changed the php code to a php web shell called b374k shell.



Flag 1


I view the contents of flag_01 and find the first flag for Web Exploitation - Target 3.



Flag 3


I browsed to the /home directory. There was a user called ubuntu. I browsed to /home/ubuntu/ and looked at the files. The third flag was sitting in a file plaintext.

cat flag_03.txt


Flag 4 and 5


I browse to the root (/) directory and find flag_04.txt.asc, flag_04.txt.pgp, flag_05.tgz.asc, flag05_tgz.gpg, pub.key, and gpg.key. I downloaded all of these files to my desktop which runs Arch Linux 64 bit.

// import the public key
gpg --import ~/Downloads/pub.key 
// import the private key
gpg --allow-secret-key-import --import ~/Downloads/gpg.key 
// decrypt the file
gpg -d ~/Downloads/flag_04.txt.asc > flag_04.txt
// view the flag
cat flag_04.txt
// decrypt the file 
gpg -d ~/Downloads/flag_05.tgz.asc > flag_05.tgz
// decompress the file
tar zxvf flag_05.tgz 
// view the flag
cat flag_05.txt



That's how I won the NCL 2012 Championship. I was surprised more people didn't solve this challenge since all I really had to do was upload a web shell, look at files, download files, and decrypt them.

Tuesday, January 31, 2012

How a random question changed my default search engine to DuckDuckGo

Last semester I created a registered student organization for those interested in penetration testing and security at my university. The club I created is focused on self motivated students interested in getting their hands dirty to fill the gap with the theory from class. I'm commonly asked questions about penetration testing, security, networking, Linux, and anything vaguely related. Some questions I don't give answers to because I feel the answer is easily obtainable using Google or a manual page. A fellow student from my university's security club asked me a question about a tool called Ettercap. Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.

This is where the problem arose; he asked if there's was an option in Ettercap to create a log file and claimed he couldn't find the answer on Google. This person is usually pretty good about finding information on his own so I assumed he was making a simple mistake. I checked the man page for Ettercap on my own machine and found the proper command line option, -L. Even though I found the answer quickly, I began to wonder why he couldn't find the manual page on Google or even a guide detailing how to use Ettercap; this just didn't make any sense. I started to investigate the issue and quickly realized that both of us were logged into our Google accounts; both of us have search history and personalization enabled as well. I realized that Google was filtering both of our results, and I couldn't simply tell someone to Google a subject anymore; giving the answer "Google it" could potentially return different results when two different people research a given subject. I began to wonder how I could tell two people to research a topic and get the same search results from a given query. This is where I learned about what Eli Pariser calls the "filter bubble".

This made me investigate some of the alternatives to Google. There are quite a few different Google anonymity services such as Scroogle. However, this wasn't exactly getting away from Google. I wanted an alternative that could utilize Google and the other search engines available as well as provide encrypted communications. I remember reading about a search engine called DuckDuckGo on Reddit. I decided to look into DuckDuckGo and give it a try. DuckDuckGo is exactly what I was looking for to solve this problem. I found out you can even utilize DuckDuckGo to search Google, Bing, and other websites. For example:

  • !g ettercap
  • !gi ettercap
  • !gv ettercap
  • !b ettercap
  • !bi ettercap

The first query (!g ettercap) searches Google for Ettercap, the second (!gi ettercap) does a Google image search for Ettercap, and the third (!gv ettercap) searches Google videos for Ettercap. The other queries search using Bing instead of Google. The best part is the results you get will be the same as everyone else. I decided to change my Firefox configuration to use the encrypted version of DuckDuckGo in the address bar much like Google Chrome functions. Here's the steps to do it:

  1. Type about:config in the address bar and press ENTER
  2. Locate and double-click the entry for keyword.URL
  3. Set the value to https://duckduckgo.com/?t=lm&q=
Anyway, that's why I switched to DuckDuckGo. It's a much more feature rich search engine. Last time I checked you can't query every search engine available with Google.