I was playing with the Saintcon 2019 password cracking challenges and I was over thinking this particular challenge…..Luckily someone else shared their ideas which really helped me. https://www.openwall.com/lists/john-users/2019/10/29/1 Basically the one I am referring to is a password challenge that was paying respects to Ken Thompson and his recently cracked vintage password that was based on a chess move. Given the following hash, just by looking at it and comparing it to hashes you can see it is bcrypt: $2b$10$YGtiAZYewmJE0Yh7O9E4AO49nQA2s4lhwDvWE./IOTyTQ.sgkGbuC with the examples of the password being:2. Nf3 Nc639. Qxh5 Bf6 I originally was building some python code using common chess python library to generate all the possible moves…however lots of flaws in this thinking because there are a LOT of possible moves and the code was giving me a headache as it continued to grow…and grow… Luckily it was pointed out the pattern…from here:https://en.wikipedia.org/wiki/Deep_Blue_versus_Kasparov,_1997,_Game_6. one or two numbers followed […]
Well, we won’t get too basic here, going all the way back to what the User-Agent is…. you can read about that here on wikipedia I have two favorite ways to change the User-Agent, the first is via Curl…. I am a CLI guy. So here we are going to hit a little website I created that will display the user-agent https://lancegrover.com/user-agent.php Here you see we user curl, first without any settings. Next we do the “-H” to set the User-Agent…. So it will look like this: ok, good times, but sometimes we need to be able to do this in the browser…. Currently I run Google Chrome, so we will go with that. When in your browser on the website you want go ahead and press F12 to bring up the developer tools. Then select the additional menu (three dots) -> “More tools”->”Network conditions” Now you will deselect the […]
Supper basic here, but I just wanted to write up some notes on a fun little CTF starter I did. The description of this challenge said, here is the executable, get a URL and password out of it. First thing I always run is strings: Well…we see there is a “secret” function we need to find, and we see it gives us the password somehow… Now we need to execute this bad boy in a sandbox, I usually create a vm that I can blow away, copy the executable there then run it with some tools. First we will run objdump on it to see what functions are in this bad boy: This is where we find the function name…is actually called secret! LOL Now we decide what way to run this bad boy, do we put it into gdb to debug it or use ltrace? Lets start with ltrace: […]
Wired up the maglock to the REX, the new one works! Now…I can run some hacking tests but I don’t have a way to unlock the door from the outside, so….I need to get some more parts that I am waiting on….
I have started wiring up my maglock and RCR-REX….I have found that my maglock just isn’t strong enough so I ordered a better quality one…so back on the waiting.
Anyone that knows me….knows that I am not a fan of running windblows as my operating system. BUT….someone presented me with a challenge….and dang…I just can’t stop until I solve certain kinds of challenges, especially when they are related to Security. Anyway, the problem….. You saw one of my previous posts dealing with ProxyTunnel and tunneling ssh connections over an apache server via ssl….well.. A friend tried running proxytunnel on windblows as I described it and it didn’t work for them. My experience with the problem: I downloaded the 1.9.0 windows exe version of proxytunnel, attempted my connection to the https apache proxy just like I had done in the past and I was getting “error: Socket write error.” That certain level of frustration you only get dealing with Windblows…..oh, you know what I am talking about, I felt it. Worked on this for 2 days…or more…I never tell how […]
Well, mostly just photos here. Finally finished the Holocron project.
So many reasons to be able to do this, and I hope the title is descriptive enough. I will admit that most people who want to do this are people who are on a corporate environment that is blocking ssh traffic…. but my purposes are a little darker….like usual (wink). Sometimes ssh is blocked, some times you want to hide your ssh traffic….in my case I wanted a way to hide my ssh traffic from my raspberry pi drop boxes. When I do a pen test engagement and I physically break in I drop off a raspberry pi and the more stealthy I can have it be, as I have it perform tasks, the more dangerous and longer I can leverage it to help identify the vulnerabilities I need to find. Yes, you can also use this method to circumvent corporate firewalls and security systems that are blocking ssh traffic, […]
My hobby time this week has been consumed with a project for my daughter. Her “Activity Days” girls are doing a Pinewood Derby with the Cub Scouts in our ward so I built her a car. Originally she wanted a puppy car….and she and I worked on a few designs but when we found out the race is this week I had to look for something that was a little less time consuming…. so we built one after her second favorite thing…Hershey Chocolate bars!
I have a few theories on how to circumvent the RCR-REX request to exit sensors. Cloud of moisture moving towards/away from sensor along with can of air to trip PIR; long straw/hose with can of air? radio jamming or some other method using the HackRF – it looks like the operating frequency for the RCR-REX-W is 5.8Ghz….. Tinfoil to reflect the 5.8Ghz microwave signals….or an unbrella that has reflection/obsorbsion of the radio waves…. Push rod with pop-up? Or drop down object like unbrella – might trigger both sensors at the same time cover the RCR sensor with tinfoil or something repeater of radio waves, the delay could simulate distance? It uses the doppler method so as an object gets closer the waves will be reflected back at a quicker rate, my understanding is it does not do a signal on that wave just a specific frequency could still try the small […]