Browse Category

Resources

OverTheWire: Bandit Level 0

Aug 03, 2016
/
General, Resources, Write-ups

Definitely, level 0 is a giveaway to get you started with the actual challenges.

Level 0 goal: The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Firstly, you should know how to connect to the bandit.labs.overthewire.org server via secure shell (SSH) protocol. If you are using Kali Linux, you can directly run an SSH command to connect to the server. However, if you are using Windows, there is no SSH client installed by default.

While there are many very good SSH clients in the market that were designed for Windows environment usages, personally, I would prefer PuTTY as it is easy to setup and pretty lightweight.

Once you are done, press “Open” and you should be able to gain access to the bandit0 box.

OverTheWire Bandit – Level 0 to 6 – detailed step-by-step walkthrough video with explanations!

OverTheWire Bandit Write-up

Aug 02, 2016
/
General, Resources, Write-ups

I created a series of detailed step-by-step walkthrough video with explanations.
Check out the playlist here: https://www.youtube.com/watch?v=93PE-kStl34&list=PL2mncq0mb-6ibI02KufoaXnZHgNc6G9dO

A list of write-ups for OverTheWire Bandit, a simple Capture The Flag (CTF) game aimed at beginners.

The objective of the game is to solve the challenges and find the password to proceed to the next level.

To get started, the player needs to know how to connect to the server using a Secure Shell (SSH), which is essentially the bread and butter of any information security professional. Fine, probably something essential for any IT professionals to know how to use.

For an absolute beginner who has not used SSH before, it is never too late to get started. It is time to put on a learning hat and try out the OverTheWire Bandit challenges!

While the website itself did mention that the challenges were designed for beginners, it is still pretty fun for IT professionals to challenge themselves.

https://www.youtube.com/watch?v=93PE-kStl34&list=PL2mncq0mb-6ibI02KufoaXnZHgNc6G9dO

List of Write-ups

Fixes for VM: No Internet Connectivity

Jul 31, 2016
/
Resources

Have you ever experienced situations when you Virtual Machines (VM) were unable to connect to the internet after you have boot it up?

Initially, you probably only have a loopback IP address like the following, well, you are not alone – it happened to me when I was setting up my new Kali Linux or Ubuntu VM as well.

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:56011078 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56011078 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4792283266 (4.4 GiB)  TX bytes:4792283266 (4.4 GiB)

You have probably restarted your networking services,

service restart networking

Or performed all kind of different steps, configuring your network, subnet, dhcp, etc information at /etc/network/interfaces but to no avail… you probably have an IP address, but you cannot connect to the internet.

ping: www.google.com: Name or service not known

Today, I am going to share a fix for this issue. It is actually very simple, but it took me a series of troubleshooting before I discover these simple steps to resolve this issue.

Step 1: Simply download the vmnetcfg.exe file, you can easily find an updated copy of the file from the internet. Don’t forget to scan it using virustotal, make it a habit.

By the way, if you are interested, vmnetcfg.exe is a tool which allow users to manage a Windows host computer’s virtual interfaces.

Step 2: Place the vmnetcfg.exe file inside your program files folder.

It is probably located at the default location of “C:\Program Files (x86)\VMware\VMware Workstation” when you installed VMware Workstation to your computer.

Step 3: Here is the most important part. Run your vmnetcfg.exe file, you will find the following window appearing on your screen.

Look for your VMnet0 or whichever port that is mapped to your machine’s network card, select the option of “Bridged (connect VMs directly to the external network)” and choose your network card in the drop down list. When you are done, click “OK” and there you go, your issue is probably fixed.

Well, I hope that this post has served you well and helped you save some time.

InfoSec Institute CTF #1: Hacking for n00bz

Jul 23, 2016
/
General, Resources, Write-ups

Below are the full list of write-up for InfoSec Institute CTF #1: Hacking for n00bz, designed for CTF beginners to practice and test their skills.

I hope that they are helpful to you!

Hacking for n00bz – Level 14

Jul 23, 2016
/
General, Resources, Write-ups

Level 14 shows the exact same format of a file to be downloaded, just like some of the past few levels. So, let’s download it and get started with some analysis.

Well, it seems like there is no file to be downloaded after all, upon clicking “Yes”, it basically opens up a phpMyAdmin SQL Dump with a lot of information, mainly the databases related to level 14. Strange enough, it seems like there was a WordPress blog being setup in this database before. There were many information in this dump, including the admin login credentials.

Among the entire list, one of the most suspicious record is definitely the id number 104 record of the “friends” table,

INSERT INTO `friends` (`id`, `name`, `address`, `status`) VALUES
(104, ‘\\u0069\\u006e\\u0066\\u006f\\u0073\\u0065\\u0063\\u005f\\u0066\\u006c\\u0061\\u0067\\u0069\\u0073\\u005f\\u0077\\u0068\\u0061\\u0074\\u0073\\u006f\\u0072\\u0063\\u0065\\u0072\\u0079\\u0069\\u0073\\u0074\\u0068\\u0069\\u0073’, ‘annoying’, ‘0x0a’);

Why is the name field made up from so many weird characters and numbers?

The string is actually a hexadecimal value being written into text. See the double backslash symbol, it is for displaying the string on HTML without having any syntax error. In order to see the “real” value, you should replace the double backslash symbols (\\) with single backslash symbols (\). You can do it yourself, or choose to copy from mine (I did it using notepad’s Find and Replace feature…)

\u0069\u006e\u0066\u006f\u0073\u0065\u0063\u005f\u0066\u006c\u0061\u0067\u0069\u0073\u005f\u0077\u0068\u0061\u0074\u0073\u006f\u0072\u0063\u0065\u0072\u0079\u0069\u0073\u0074\u0068\u0069\u0073

If you throw it into a Hexadecimal to ASCII converter tool, you will get the flag for level 14, “infosec_flagis_whatsorceryisthis”

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz