Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 20:59:18 <GrossT> game over
- 20:59:24 <Rewzilla> :)
- 20:59:28 <freefirex> GG
- 20:59:32 <root4days> _____ _____ _ _
- 20:59:33 <root4days> | __ \ / ____| | | |
- 20:59:33 <root4days> | | | | (___ | | | |
- 20:59:33 <root4days> | | | |\___ \| | | |
- 20:59:33 <root4days> | |__| |____) | |__| |
- 20:59:33 <root4days> |_____/|_____/ \____/
- 20:59:35 <root4days>
- 20:59:36 <OhYou_> fail
- 20:59:37 <root4days>
- 20:59:47 <root4days> _____ _____ _ _
- 20:59:47 <root4days> | __ \ / ____| | | |
- 20:59:47 <root4days> | | | | (___ | | | |
- 20:59:47 -> bahaviland has joined #threatspace
- 20:59:49 <root4days> | | | |\___ \| | | |
- 20:59:51 <root4days> | |__| |____) | |__| |
- 20:59:52 -> J2TheROC has joined #threatspace
- 20:59:53 <root4days> |_____/|_____/ \____/
- 20:59:57 <root4days>
- 20:59:59 * OhYou_ reports for flood
- 20:59:59 <root4days>
- 21:00:21 <- Rewzilla has left #threatspace ["Leaving"]
- 21:00:29 -> Rewzilla has joined #threatspace
- 21:00:36 <ipp> congratz root4days Rewzilla and whomever else is on DSU
- 21:00:43 <freefirex> Thanks :)
- 21:00:46 <J2TheROC> yep
- 21:00:50 <GrossT> :D
- 21:00:52 <ipp> I tried to do my best
- 21:00:54 <ipp> to prevent that
- 21:00:58 <Rewzilla> haha
- 21:01:00 -> m4dh4tt3rs_minio has joined #threatspace
- 21:01:01 <Rewzilla> gg all
- 21:01:05 <ipp> gg
- 21:01:08 <xonec> gg
- 21:01:11 <m4dh4tt3rs_minio> Good Game Everyone
- 21:01:17 <root4days> gg
- 21:01:25 <J2TheROC> gg
- 21:02:45 <OhYou_> alright, now lets all share answers
- 21:02:59 <bahaviland> I got
- 21:03:01 <bahaviland> for 2+2
- 21:03:01 <bahaviland> 4
- 21:03:18 <freefirex> dang I got 5
- 21:03:30 <root4days> i got 22
- 21:03:32 <bahaviland> Check for hemorrhoids with a small mirror
- 21:03:40 <J2TheROC> oh that was a + i thought it was x
- 21:03:48 <Rewzilla> bahaviland how did you get that???
- 21:04:15 <bahaviland> I asked a psychic
- 21:04:29 <bahaviland> she read my palm
- 21:04:45 <- bahaviland has left #threatspace ["Leaving"]
- 21:04:58 <Rewzilla> ohhhhh of course i should have thought of that ><
- 21:05:04 <- root4days has left #threatspace ["Leaving"]
- 21:05:04 <- freefirex has left #threatspace
- 21:08:14 <xonec> what was the theme for passwords 1
- 21:08:48 <Rewzilla> high-collision-algos
- 21:08:55 <xonec> i noticed half were WOW related
- 21:11:02 <xonec> Lol as soon as i used rockyou to try to crack them, i saw the collision rate
- 21:11:09 <ipp> World of Warcraft xonec
- 21:11:24 <xonec> ipp: All of them?
- 21:11:25 <ipp> I created a script to crawl wow wiki, extract text of all the links
- 21:11:31 <ipp> all but root
- 21:12:25 <xonec> Dude! i crawl most of the wiki too, but only got half
- 21:12:51 <ipp> did you extract the text in links
- 21:12:55 <ipp> because there were spaces
- 21:12:59 <ipp> so if you just did words
- 21:13:02 <ipp> you wouldn't get it
- 21:13:13 <xonec> what was root?
- 21:13:27 <OhYou_> ncl format probably
- 21:13:35 <OhYou_> aint nobody got time for that
- 21:13:39 <ipp> NCL-####-UUUU according to someone else, i hadn't got it
- 21:13:39 <ipp> i did UUUU-####
- 21:13:40 <xonec> Yeah i took spaces into account
- 21:14:08 <OhYou_> speakign of ncl format, Dat wireless 4
- 21:15:02 <OhYou_> that must have been painful for people without gpus
- 21:16:06 <Rewzilla> something I've learned form ncl-games is that password cracking is almost always less about gpu power and more about clever dictionaries
- 21:16:24 <OhYou_> so from what I've heard, NCL is going to be releasing the answers to all these shortly?
- 21:16:36 <OhYou_> except for wifi 4
- 21:16:49 -> nix_xin has joined #threatspace
- 21:17:10 <OhYou_> my ears still hurt from my 290x going for like 2 hours
- 21:17:10 <xonec> How about web exploits?
- 21:17:21 <xonec> lol ^
- 21:17:47 <nix_xin> Yeah, how about those web servers?
- 21:18:04 <nix_xin> Web 1 , Web 2 specifically?
- 21:18:04 <OhYou_> Yea web servers
- 21:18:49 <xonec> the web server with drupal installed looked pretty beat up
- 21:19:15 <nix_xin> HAHAHA !! Luckily I got in just in time to get flag1
- 21:19:26 <nix_xin> Someone screwed it up bad
- 21:20:17 <xonec> i think some people used their ncl login credentials to create accounts on one of those web servers.
- 21:20:32 <ipp> Web 2 - https://www.idontplaydarts.com/2010/07/mongodb-is-vulnerable-to-sql-injection-in-php-at-least/
- 21:20:38 <ipp> Web 1 - Write a captcha analyzer
- 21:20:55 <nix_xin> Ahh!
- 21:20:58 <ipp> and get it correct 10,000 times in a row
- 21:21:05 <GrossT> and don
- 21:21:13 <GrossT> *go over 10000
- 21:21:19 <ipp> I stopped it at 9,999
- 21:21:27 <ipp> took the loop out
- 21:21:30 <ipp> and ran it again haha
- 21:21:30 <OhYou_> and then mistype the 10000
- 21:21:34 <GrossT> ^that
- 21:21:39 <m4dh4tt3rs_minio> lol
- 21:21:41 <xonec> ipp: how do you write a captcha analyzer?
- 21:21:44 <xonec> Lol
- 21:21:56 <ipp> http://www.boyter.org/decoding-captchas/
- 21:22:02 <ipp> redid a little of that code
- 21:22:10 <ipp> used mechanize to simulate the web
- 21:22:32 <nix_xin> Ahhh!
- 21:22:33 <xonec> interesting
- 21:22:37 <nix_xin> very!
- 21:22:46 <OhYou_> I tried outsourcing it to china but they kept getting it wrong
- 21:22:58 <ipp> I'll try to get around to cleaning my code
- 21:23:02 <ipp> and create a github
- 21:23:29 <xonec> man, this ncl folks are raising the bar every time. GG
- 21:23:37 <ipp> If I don't have something by the end of the month, ping me and i'll let you read my horrible code
- 21:23:46 <OhYou_> so the intended way of solving that was to type out the captchas 10,000 times
- 21:24:24 <ipp> and don't mess up
- 21:24:25 <OhYou_> couldnt they have at least used cookies to keep track of how manty you did?
- 21:24:28 <ipp> because it rests to 0
- 21:24:28 <xonec> more or less write your own ocr for captchas
- 21:24:38 <nix_xin> I used JMeter to hit the captcha page 10,000...it crapped out eventually
- 21:24:44 <OhYou_> so that you know, could change it?
- 21:25:15 <OhYou_> are the images complete random?
- 21:25:25 <ipp> on the captcha?
- 21:25:27 <ipp> it seemed so
- 21:25:30 <ipp> and they are case sensitive
- 21:25:34 <OhYou_> thats evil
- 21:26:10 <OhYou_> I mean, if they used standard captchas, I could have probably blew through it in an hour
- 21:26:25 <ipp> eh? this one was realyl simple
- 21:26:27 <ipp> no overlap
- 21:26:43 <OhYou_> I mean standard as in easy for humans
- 21:26:49 <ipp> oh haha
- 21:27:41 <nix_xin> Ok, so what was up eith Web2
- 21:27:50 <ipp> I linked it, it was a mongo db
- 21:28:06 <ipp> and you could do like username[$ne]=1&password[$ne]=1
- 21:28:11 <ipp> do do a select * basically
- 21:28:16 <GrossT> wait it wasn't postgres, like the image??? :P
- 21:28:21 <OhYou_> did you get what sql server was running on that stupid victim in ne5?
- 21:28:26 <ipp> Nope
- 21:28:36 <ipp> If you sent an invalid char i forget which, you got an error message
- 21:28:36 <nix_xin> How did you know it was mongo db?
- 21:28:43 <xonec> Yeah^
- 21:28:55 <nix_xin> From the error?
- 21:29:00 <xonec> ipp: how did you know?
- 21:29:04 <GrossT> try other sql injections until you get an error
- 21:29:08 <GrossT> google error
- 21:29:09 <GrossT> done
- 21:29:10 <ipp> yea it said mongo
- 21:29:10 <ipp> in the error
- 21:29:10 <ipp> and gave the query essentially
- 21:29:37 <nix_xin> Dang..I ran sqlmap on it a few times and no glory....
- 21:30:11 <nix_xin> Keep trying harder next time....check!
- 21:30:14 <GrossT> prolly need: http://www.nosqlmap.net/
- 21:30:25 <ipp> https://107.22.162.98/index.php?username=admin%92&password=
- 21:30:27 <ipp> ^error message
- 21:30:48 <OhYou_> well...
- 21:30:59 <nix_xin> DANG !
- 21:31:11 <xonec> dude!
- 21:31:12 <nix_xin> Thanks for that man ...
- 21:31:43 <ipp> https://107.22.162.98/index.php?username[$ne]=1&password[$ne]=1
- 21:31:44 <ipp> ^Exploit
- 21:32:13 <OhYou_> I love how the key was the same on crypto 9.4 and 9.5 btw lol
- 21:32:43 <GrossT> you don't even need the =1 part
- 21:33:08 <ipp> ah til
- 21:33:21 <ipp> Anything else i can help with?
- 21:33:45 <nix_xin> Yes, the server with the crc32.py file....
- 21:33:52 <ipp> It was Reverse Engineering
- 21:34:04 <ipp> needed to dumpa bin off port 1234
- 21:34:13 <nix_xin> I scanned it, found nothing....nikto'd it, found nothing,
- 21:34:28 <nix_xin> Ahhhhh!
- 21:34:32 <nix_xin> nice!
- 21:34:35 <ipp> open up in debugger (i used EDB)
- 21:34:41 <ipp> examine memory, then crc32-b what it came with and do a few other things
- 21:34:47 <ipp> i don't fully remember off hte top of my head
- 21:34:54 <ipp> it was similiar to exploits 4-6
- 21:35:09 <ipp> except the termination character of input was NUL versus EOT
- 21:35:30 <OhYou_> so were we suppost to get a shell on one fo the web ones?
- 21:35:34 <nix_xin> nice....will do
- 21:35:45 <ipp> If you don't have RE experience, i twill be difficult
- 21:35:58 <nix_xin> RE and regular expressions
- 21:36:00 <ipp> no
- 21:36:03 <ipp> Reverse Engineering
- 21:36:09 <nix_xin> oh!
- 21:36:12 -> Vital_ has joined #threatspace
- 21:36:16 <ipp> You open it up in a debugger
- 21:36:20 <ipp> step threw the statements
- 21:36:36 <nix_xin> gotcha!
- 21:36:40 <ipp> for instance exploit 4 or 5, had a string that it was adding 2F to which is a ROT cipher
- 21:37:02 <ipp> if you input like abc123 it becomes easy to see it do the ROT in memory
- 21:37:07 <ipp> because it stays sequential
- 21:37:40 <ipp> or if you just know some "ROTX Words" you can input them
- 21:37:48 <ipp> like ln ares is a ROT word
- 21:37:54 <ipp> which looks semi legitimate
- 21:37:54 <OhYou_> so what the hell was the brainwallet password... past the season: part
- 21:38:00 <ipp> idk
- 21:38:08 <ipp> probably NCL format
- 21:38:19 <ipp> wasn't enough points for me to crack it
- 21:38:28 <ipp> and Rewzilla got the $
- 21:38:32 <OhYou_> yea
- 21:38:52 <OhYou_> Rewzilla what are you going to spend your $0.14 on?
- 21:39:04 <GrossT> silkroad 3.0
- 21:39:31 <OhYou_> you can buy 0.00003 oz of fake drugs with that
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement