Posts

commit 8b6de0178ebdc5aba9c3b8f86e1babc1015f4b4f Author: Hannes Date: Tue Feb 20 15:28:12 2024 +0100 init diff --git a/__pycache__/web.cpython-311.pyc b/__pycache__/web.cpython-311.pyc new file mode 100644 index 0000000..fdc98ba Binary files /dev/null and b/__pycache__/web.cpython-311.pyc differ diff --git a/binary/a.out b/binary/a.out new file mode 100755 index 0000000..b28fb78 Binary files /dev/null and b/binary/a.out differ diff --git a/binary/buf.c b/binary/buf.c new file mode 100644 index 0000000..4149eb8 --- /dev/null +++ b/binary/buf.c @@ -0,0 +1,16 @@ +#include + +int main() { + int num = 0; + char buf[10]; + + printf("Name: "); + scanf("%s", &buf); + + if (num > 0) { + printf("Ohno\n"); + printf("%d", num); + } + + printf("Hello %s!", buf); +} \ No newline at end of file diff --git a/binary/vincent.out b/binary/vincent.out new file mode 100644 index 0000000..584db14 Binary files /dev/null and b/binary/vincent.out differ diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..f02596e --- /dev/null +++ b/shell.nix @@ -0,0 +1,9 @@ +let + pkgs = import {}; +in pkgs.mkShell { + packages = [ + (pkgs.python3.withPackages (python-pkgs: [ + python-pkgs.flask + ])) + ]; +} \ No newline at end of file diff --git a/slides.md b/slides.md new file mode 100644 index 0000000..7f4fbe8 --- /dev/null +++ b/slides.md @@ -0,0 +1,102 @@ +# Intro Hacking (CTF) + +--- + +## Wat is een CTF + +Capture the Flag + +`ZeusCTF{1k_b3n_33n_fl4g_H4DJ5D}` + +--- + +## Belangrijke termen, dingen, systemen, encodings + +- base64 (meme) +- binary +- hex + +- veel dingen zijn een zip, `file` cmd docx, jar, apk + +--- + +## Belangrijke tools + +- Cyberchef (base64, binary, hex) +- pwntools +- curl +- netcat (nc) + +--- + +- web + - sql injection (databanken) + - console + - cookies (local storage) + - request headers + - xss + +--- + +- reversing + - packed binaries + - binary + - assembly (comparch) + - hexedit + - strings + - (ghidra) -> Vragen op voorhand installeren + - (gdb-gef) (run) + +--- + +- mobile + - android (java) + - apk in zip ;) + - bytecode viewer + - native libraries + +--- + +- forensic + - info in fotos (metadata, steganography (hidden data)) + - wireshark (HTTP/DNS) (comnet) + +--- + +- binary exploitation / pwn + - buffer/heap/stack overflow + - printf strings + +--- + +- crypto + - XOR (raf) + - discover the key? met een gekende file header bv + - rsa :'( + +--- + +- OSINT (Open Source INTelligence) + - Rare categorie die bestaat + - social media + - publiek toegankelijke data + +--- + +CTF event volgende week + +type challenges van: je eerste CTF challenge + +--- + +Zin in meer +CTF NEXT WEEK +CSCBE 8-9 maart + + +Overthewire + +https://picoctf.com/ +https://pwn.college/ + +CSCBE \ No newline at end of file diff --git a/web.db b/web.db new file mode 100644 index 0000000..e69de29 diff --git a/web/__pycache__/web.cpython-311.pyc b/web/__pycache__/web.cpython-311.pyc new file mode 100644 index 0000000..cf20104 Binary files /dev/null and b/web/__pycache__/web.cpython-311.pyc differ diff --git a/web/templates/index.html b/web/templates/index.html new file mode 100644 index 0000000..cb850e1 --- /dev/null +++ b/web/templates/index.html @@ -0,0 +1,21 @@ +{% autoescape true %} + + + + + + + Posts + + + + {% for post in posts %} +

+ {% endfor %} + + +{% endautoescape %} \ No newline at end of file diff --git a/web/web.db b/web/web.db new file mode 100644 index 0000000..cefae12 Binary files /dev/null and b/web/web.db differ diff --git a/web/web.py b/web/web.py new file mode 100644 index 0000000..ed2bbaa --- /dev/null +++ b/web/web.py @@ -0,0 +1,34 @@ +import sqlite3 +import random +from flask import Flask, g, request, render_template, make_response + +app = Flask(__name__) + +def get_db(): + db = getattr(g, '_database', None) + if db is None: + db = g._database = sqlite3.connect("./web.db") + return db + +@app.route("/", methods = ['GET', 'POST']) +def root(): + request + user_cookie = request.cookies.get("userid") + if request.method == "POST": + print(str(request.form)) + if request.method == "GET": + posts = get_db().cursor().execute(f"select * from posts").fetchall() + + resp = make_response(render_template('./index.html', posts=posts)) + if user_cookie is None: + resp.set_cookie("userid", str(random.randint(100000, 999999))) + return resp + + return "YES" + +@app.teardown_appcontext +def close_connection(exception): + db = getattr(g, '_database', None) + if db is not None: + db.close() +