From 8b6de0178ebdc5aba9c3b8f86e1babc1015f4b4f Mon Sep 17 00:00:00 2001 From: Hannes Date: Tue, 20 Feb 2024 15:28:12 +0100 Subject: [PATCH] init --- __pycache__/web.cpython-311.pyc | Bin 0 -> 1542 bytes binary/a.out | Bin 0 -> 15880 bytes binary/buf.c | 16 +++++ binary/vincent.out | Bin 0 -> 16064 bytes shell.nix | 9 +++ slides.md | 102 ++++++++++++++++++++++++++++ web.db | 0 web/__pycache__/web.cpython-311.pyc | Bin 0 -> 2340 bytes web/templates/index.html | 21 ++++++ web/web.db | Bin 0 -> 8192 bytes web/web.py | 34 ++++++++++ 11 files changed, 182 insertions(+) create mode 100644 __pycache__/web.cpython-311.pyc create mode 100755 binary/a.out create mode 100644 binary/buf.c create mode 100644 binary/vincent.out create mode 100644 shell.nix create mode 100644 slides.md create mode 100644 web.db create mode 100644 web/__pycache__/web.cpython-311.pyc create mode 100644 web/templates/index.html create mode 100644 web/web.db create mode 100644 web/web.py diff --git a/__pycache__/web.cpython-311.pyc b/__pycache__/web.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..fdc98ba761a1902fb3a540c3ffb724637e662d7b GIT binary patch literal 1542 zcmah}&1)M+6o0cH(n?+@irt#HZp_kPgIb6RrarX7r6q1$0uCiNg|e)6#vh5KRcFVw zBc!k{hAP1&KD14tE$HO7_+RMXP^=(`SO^4454kD$=2PFSyo%)-`gZ5d%=_Za`@Nap zMn}_t^y-7Z*t7!hx7@^}o-B@j#KjY!KuHM-a#l*DtQ3^8T2Kinz!awK6MzF8eJbcw z-GM@a>8)feJ3Z4g_Eg`2eKa^27!?er-%Z6^n)r`CP04M@CSOXE<*X9wpOqZ{UPxBm z*h$Vh4tb8FuaP|gF~|@=;CW-Bgu*`B9mHpb2Gk+2g!Dh5y8|6nhEKai8bi@+E%vDc z=BO@*DVsXNDLOu@8P{@~tayzUvwE0ZWx^4HbLkK!{jW;vg3X0V*Q->RD|iCMSrRI= z=*z^d~V;g>My&|}0uQ~3$^~!1#zj{ARV04=nxrweal0Szm zfaj^q5100Cw%%x`W;?0b;L~n071W+jz4Ob*zkk@Cn(s`_9~$#b<-0F-?{r5-gU^r9 z4US39m2*sk!v2Yp;ld6B**aD7*cr}%-8u!uYa2?2%iJ0O@Y?2Vqy{!;gVfW{TE4nqy_EUa zbSs~$E@ZW+m|?=*;J(MhB->){hG3zw!i2l#luB7O)cfvQ(WCc6E!xP$Ez9B~IENbd zJi#yHQUc>MWC8qRjy+u3U3z@$(XF<5rDI-sX3jh{XAWmSYMc3vnSW+3J~bEH=8cYd zBUpTauw3tE-s}O1OoxR4^uj2T>)mBiumWP+yVn z2A2@^Gcs(u;*^MB*spe*tBFJ*fZy literal 0 HcmV?d00001 diff --git a/binary/a.out b/binary/a.out new file mode 100755 index 0000000000000000000000000000000000000000..b28fb78e7cb985e464fcaf8e664339e8ec49591e GIT binary patch literal 15880 zcmeHOZ)_Y_5uZCJu}c#B920U)XtE_u2vxm4|Ban0Wc}xyGs+*6q!ks=_4#gXpL(}< zy;~=?DFzOtdWSJAomRLT$eH#>xRu> zz)pAoHXyPN4@1?Ec1xlc!)}G>I`*qUO}r=-ls2mLDP;kOmL8HO-ijDpboB^z2t_nR zT$_07smM0)^@+aD4Tu)MN_!fSQ8Ys-(QmpIi1zZRD~rvp!{R|h6+{nnUOvZKcw`c9 ziFr%R6TQs+6fOCroX}C=d=_d9w8(a~dtMnQKW~nCbL=l#!x$u*IU2_xu@FB*mg%xEcSHl>D-iEY97yKMpMmgdV6PcTU$p9S}oahb2ej7PBl+; zcQto)=%u{grXthz#PFcGc=*_35Izf62$Ob05UR4nY@>@3@}+Adf8vwKoYAmM!$^6e z_=NMYVriufDob7|jvR#lyF#2Tt2j5Ufq!xh{MU$Uc=#oXz-sZqG%4F=$w?L+GndTR zP?&T|2xm(9R8NmtN+syBV9@p1F@kyN~T3e)}R$gD@OJn`H5jp)}16 z8at6&9$eZ|b%vo-EuLu}iPU*;@7#)baCM&*LZE{T1Q`f25M&_8K#+kT13?D>x_IAZ0?N0>F3gXuI8*9NG@TT3%|6<62)0~g<+FV26UJ@Ws< zH^>pQ7`Ya|OI^IYPBTC?we;q_ayjwM_@5KAS1)g@pua-&+?Vdcmv>&SM{wyCw4aaP zMW3dM&v!k{k5$kY5LJ<{&#PRiv8#+0H6BQifgl4x27(L(83-~EWFW{ukbxirK?Z^h z1R3~X214{7Q8H&8&|psqj!)Qm*pr5YmCfe0J*5XBw4>%x`Y%@fH?&+X7qD!gPM|KJ z{sQW~@0QCiq9*yMs~|LU0zy-f(2h;Dbr5VI29- z=pm}Y<2m#*P(yuWus-^khK*|4Ajm+Ffgl4x27(L(83-~EWZ?fJ0|x%NN)ll$d;Vw-A;|--f+tvSVlDfj zadV-P*O-4l+p>Ro2ix+fwVmx-ykD7~&q$lsx~~PNlD&ybhYSUUxq_ZsN#r?|_BWDja}`847^)=r(t6jH>!9aV z65MR5MB2x{W!3duVt@S8SlNCqp>St8jl!tZjZn+wD=SK+lt@`(y)860J{Au2Xp&nlL^>Y{F3qHJ! zarqpesf6Z12<`{kCqN?OMDH7faCXQ%R+V^q1`ldiK39T&9Sb370{L7B{t6aW>;Dhd zz<;FTY=K4mr{6ED#i899A=nE3alN6)jUfB!CDw10|2B}%gW&IBfpYDaI3`4cC`36w zQojZ9)%w1Fgz&!Hbgl6 z>csh!`_D6oM{wL@KL4|bZwc4K1)e{0KN=z&$9;tHz1+%+9LImX-(!E;+(M#$n?n74 zg)6A)^akS8e}9}`kbfBO%G_>+lqx!{dLB27Cr2};lN<*GMy>ITjbPd;VyWa ziugOBnV!t$rjg>YO!RcBTt_Fz^c3~XveT-wgC}~A#?AP#0n-F?;E7|sM~C_`2;NW3 zc*1mR69Xr}JbdJMU+)p~_~78l_$l*LZ{LwPGW>h~4cX3*8~17Zf5oOv{ic;pI!RC$ zz%K$+*PB%D?zP9zRU7Xy6{Wm6k+joU3(TS8=#|dc=48oAV_X|g>8x3_viVffu_%O- zNtuNV`kJGq630|;B~-tVQ0c&a^gMO6Us6Gt1JFy;IVU-a+9|qvLQ41=gHJeZp~?{Sjyz>D#OG&yp$vnxKzkG zpsPOVjx~j4ngm#vR~gl<2_E)|G;+mq8SePI3@KyaWG<7!R`VDOPr7Qr4Tkvw9j9Rq zXIEu*f9L|ONAM$q_h?t5HHIq4`(<=r_X_!XWj7kNcnH71e0iVB@H%5z)&m05>v3Mb ze4ojCRhl@mmiv*w^nFD49BF@n+h5>?%p>f$fwib!FD^DkkQ zmoMudjfwL4kqCbNkA3`M%}}nxno{tBt14$1KLM^_p&k$ZxK`GK^4_7}Uu@AgklWzl z%lh*czXvLQ=%Pey(Tj-E+>!QWT`2F7E>m()=<`b=JQ>H|B1SI4m-odMTgaQ%Ow}TM z(YLYM%a?WL67yr#^h*1}f5*p{^+Q)opNBlV*V#51aBFx`U z;qR_^x&`5Tb!F~)e1|#U2zQL`!&~r>{>c54o+qX69y-jmyVftIA+Ge9xYk{rf4 + +int main() { + int num = 0; + char buf[10]; + + printf("Name: "); + scanf("%s", &buf); + + if (num > 0) { + printf("Ohno\n"); + printf("%d", num); + } + + printf("Hello %s!", buf); +} \ No newline at end of file diff --git a/binary/vincent.out b/binary/vincent.out new file mode 100644 index 0000000000000000000000000000000000000000..584db145cedc15fbf02e085440dd74f4639a2304 GIT binary patch literal 16064 zcmeHOYit}>6~4R9!)cS)NgU!NC0;>;Qc_QB$Ic5(){jlbmGdBRL_vgMybtfH`!Kt+ z#I7I&QmPooH2f)5#UlkoQ-OqqDwHB59EBzXsVMoE3WNe`Bu9dfq)@p$vYaz>zR7sH zPNj+;AkCF_zk9y(xOdLnnZ2`f@0VizyTYN6La9+7Q!JgXcbF&?TTxLesm^xdS^ zsRcyOqfb=Se!LoX6u?@st082+My^!Bha6e~(L+Y|o2y*o4p9LrIS%%l&kB+K*dhG{ zLhrU0VP`54``g8Ti3s%iaaYbXI|gSuXJcC08y18gi|lt+{LYFW@D_K73K03^obYFx z_i3V_e+bPAA21)1>`ok9K3EN-b;J?#qXhr9Y*=F-Jul_?R}j5 zfV4N)d3ap%50vz(P1(%gmiA5AL~}NiFOM{jY}?YjrClo(v^Kk8?pK69Jf?Q!S< zNeP6JPmxHv_!CAv z{e+P+Gg&oU%;c?V2_bV7L!Anl9enD z?CHrC^2q^nFv~p|$`$g`6T>mBYDk9^rsJ!j>or8b4{IJLkw!TJXM1J`j&(d%Rs}jjvaKFKIer%b;Ps;rSd{p?_sG|oD`RY!G=ds4; z1m&8C=P`*g?cweFttf7J_=PYgobm8zo7Gdovn{SE=6~(s`FcUQ?BSj30-6AW3Tv->Ix0 zC#Y*uY@cS$og06wR4S)znJ0#KZd`F?o)F%-aSk$hPuSkQ%JwHY=94>pa)(!L{Y&52 zmCxv7f6|Y?acloTtaYmOl0MP-8)~Jpas^rbEv3~pJw+lNz(nVEV)TjmZ4BFItd(?V zZ)whLUC^)GwHheEs}i8LaxGQY zM8^StKK^5!tXAcXhxFr}-{Y!2cHLU6k9Yo%gz2~MRw~m8O2&ox-zGV9n0#mX-#9`_ z4s?k8=ww6^`uM!{8|*l-nbxU`v1zLFF&$XSu`ixwarzv^)hA*%^|1@2>h-FAMylgq zoK{DhNz?4roFvV7Y}$5d^eRfEu;c3Ehh`G`#s<3s*8J(mNO9>rch4Rt?#SRi1SQBo zkbxirK?Z^h1Q`f25M&_8K#+kT13?Dvh4!nihpEc%dY}7ir4l7nOY3(nZG5cm!6UWD)Xp_KKD_y1`!yi@ zf0{m%WQTWTY|gwzpEJaBUs1R%?&nL?-glXdEv-De}kJk)xS?qwjfRGjs+GT?*x?C+X)&;H=8IMA1 zM8^6+etzNt{on6a3M@~`Vmz$vo1Dii)}ktPRrC)yv~u1eEA^nrje;u$0ph04$T~i( zDb&S)pYyn2?cgd$RL{v`Kk!$jW9avk*wNxiyP*AbBE#;V73cUUuQo+5J?-N?A@S%9 ztt}((^jK-jmgwIW8OI^v|7(Et-~NCt@-Q3~-0yuj_8Z?v#(K})Jv}=j8x9SY^Hw?1 z+N!l{EzPZETWmer)~2Oh_AA}> zwcuZ*O11vabzDES<20z52qN6WYH_AW9a5{5e;i!0-B!5k=n>`jwtb^}J%PVN6}csV zvaya55}Cy~LfYo(?h&1>+(>-ATJ7c&+BV{shnFebcffCB9)brC&cUZ7zQ5fP@ez+d zs$U^~S$MU=I0pX=^W3sH$?ZyghxmFL4~x*Ts)FNmewrO!snC4RJL%0`eYcp4s`8_ z8L_>+1}&TK{p8-RJ$*ey(-sILri)hZJ)n%;{rkGR`i*_Nb{&ij7z171{W0?J?*NEm zLI1lg*iR-*%T)GpP?Xu*1l%C)vSGj_cyj=yj9i_y{v^y^_-`ai1tV?d6TB&)Zy#AD zGI^t1N+uK~ioT4&Qb~NP>{xIc+DewR!vKlltp`>26U^Qb;kw)Xs8dsBEsJ97(AyRPp-z_iyq4>)wLE*E z{5fZS{}+hkoFKmYdm_IpcutToc3)9v{1$z@{t@v5M%lq*ivrjJM?v@jU-9{$76tGGcg|Db2kMtp@%A6{9w45>VDGpcFLhfg*W zNd {}; +in pkgs.mkShell { + packages = [ + (pkgs.python3.withPackages (python-pkgs: [ + python-pkgs.flask + ])) + ]; +} \ No newline at end of file diff --git a/slides.md b/slides.md new file mode 100644 index 0000000..7f4fbe8 --- /dev/null +++ b/slides.md @@ -0,0 +1,102 @@ +# Intro Hacking (CTF) + +--- + +## Wat is een CTF + +Capture the Flag + +`ZeusCTF{1k_b3n_33n_fl4g_H4DJ5D}` + +--- + +## Belangrijke termen, dingen, systemen, encodings + +- base64 (meme) +- binary +- hex + +- veel dingen zijn een zip, `file` cmd docx, jar, apk + +--- + +## Belangrijke tools + +- Cyberchef (base64, binary, hex) +- pwntools +- curl +- netcat (nc) + +--- + +- web + - sql injection (databanken) + - console + - cookies (local storage) + - request headers + - xss + +--- + +- reversing + - packed binaries + - binary + - assembly (comparch) + - hexedit + - strings + - (ghidra) -> Vragen op voorhand installeren + - (gdb-gef) (run) + +--- + +- mobile + - android (java) + - apk in zip ;) + - bytecode viewer + - native libraries + +--- + +- forensic + - info in fotos (metadata, steganography (hidden data)) + - wireshark (HTTP/DNS) (comnet) + +--- + +- binary exploitation / pwn + - buffer/heap/stack overflow + - printf strings + +--- + +- crypto + - XOR (raf) + - discover the key? met een gekende file header bv + - rsa :'( + +--- + +- OSINT (Open Source INTelligence) + - Rare categorie die bestaat + - social media + - publiek toegankelijke data + +--- + +CTF event volgende week + +type challenges van: je eerste CTF challenge + +--- + +Zin in meer +CTF NEXT WEEK +CSCBE 8-9 maart + + +Overthewire + +https://picoctf.com/ +https://pwn.college/ + +CSCBE \ No newline at end of file diff --git a/web.db b/web.db new file mode 100644 index 0000000..e69de29 diff --git a/web/__pycache__/web.cpython-311.pyc b/web/__pycache__/web.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..cf20104ccaa5d8f4d06f1d62dee998ff8ce2817e GIT binary patch literal 2340 zcma(SO>Y}TboRsE_4hUbhp04hsp`sU6(g$VfDolcg~Y8APCt(pS}UkF7l7Y>MHe}WxWsx^|ON~jXtjB@LVH|yB(rcg1v`)207H}Ac9 zU;ASy(mpJ0ptPU(YJo1Uf5tNQVDEzXP}vsY9DJRD)eW=_%LiQq zN(YH=G1T2+-*faZ7G_bx{}*SOPI#E-y<*l}V!{GbD7mssOp8S*DPcl07SYSatVLKz z&n}S+C1%+unIzYh&S&lja1Pr26u>=X^{#}F)iV=;dobDtz6YGw8S7{bRbp1xk$_w5 z(Xi-t&x)|_l9rM8gn$gVj5N)B8JxAUb6JzDs^iJ4WNsYK!R3?%Vr4ChQhtCb=9OZ> zBBz;>GfE|rv#1Zy34w`t&g6#2o+XocLnq067U*U&XJC?CCCg^AP_n3z$!Bv*h0+3- z@8~Fh#=M{*gXd@jjw|q)rvX$@%ctEv^wq`MOATM#_Qfmbn~JZp+B*E&w`cFa**H95 zAD*bI6IF5Z!&@IW1EI>)E*wM8gd~&Rzi^q!AI!{N2E!DcSa}1RIZo{kZZvn*?j>;W z0hjk&2=4DW2_d&T-8;d>xgUgD-}$a;9!U3T2uvT}VlSLnTynxsW=|xCXkAp7Mz7SC1?D+^{(nl9& z6B^(tln#?js6ietUV6q-ftXB!!eQP{elvOApt@5-%$r-Lra_rPR!D9cnvXh9tXw`@ zEK*)ylxGU_n^1KfNz6;LC2Z)>zF-Dr35f;xCHCl)2ZG7Gd70dEu~>|TJ1E1j=m}VI zN1H7G74%g0Z64cPxN+*%sfIjc%R_Z}s5LNrC;52b_|CxbTD~!mv3N4*#MCeqN3+S<{_ zT4F~_)W_awXy+iO3Py=K@!+Dnq0$^C2&mJwIm=0)^4vFH2LNIFw|0B2srqlLH`N>dTmGu^ zv?ZiQE7u%PBqEgmYUwcm%rnn_f|TcnW0sSvPO3Rc$J9)wl+{Tl!=!Av+(}dqH6T5m z1Y(00$x>`wEoFcVW?E#$a%}twIm(=jd#1jn8+f@$-llJWA|46zR{(8E5QHWQSDdGb zLKWv}qIc{6?|tG8R7iF5y0KwYq_!*z;Wp}lAQC-a4u3veJ-v0N7T-!%h8x0|EsV9r kkZ`Dt0Q@Z>@njD(0{ph{N?VkK!8QWG$-^#;gLdxq4+1LVUH||9 literal 0 HcmV?d00001 diff --git a/web/templates/index.html b/web/templates/index.html new file mode 100644 index 0000000..cb850e1 --- /dev/null +++ b/web/templates/index.html @@ -0,0 +1,21 @@ +{% autoescape true %} + + + + + + + Posts + + +
+ + + +
+ {% for post in posts %} +

{{ post[1] }}

+ {% endfor %} + + +{% endautoescape %} \ No newline at end of file diff --git a/web/web.db b/web/web.db new file mode 100644 index 0000000000000000000000000000000000000000..cefae12bdc9ac95a2d075ff0768f9adbbaec513d GIT binary patch literal 8192 zcmeI#u}VWR6b9g&n~SBOL~ytWLeJI~L=o2_)*6aXgw_mh5^V}suD0An^a<>1_#F0C zy1VxYOp6s42RDcRkdyp5Wcs#T^?P}6JQ|k|Ht@077DVEdSqM>yoy1<3j3HfL;z>X9 zZ?Pf{ZuYj8kJY<~3k3lPKmY;|fB*y_009U<00Izzz@G%pX(P)r%7eWv++^&7Uu{We zpxZ{XX`l5puSVQ>@~+H>d~s=XR}c0%xR=02Uz_IgZ=R}|Pz&{;<}sik009U<00Izz z00bZa0SG_<0ucC50<~09XV~(0Wj+Zfws2)=)Q{@T*5TKvDy7_^*SCB7SWUj;CP}$V L)AZSnT;V?fyF)aa literal 0 HcmV?d00001 diff --git a/web/web.py b/web/web.py new file mode 100644 index 0000000..ed2bbaa --- /dev/null +++ b/web/web.py @@ -0,0 +1,34 @@ +import sqlite3 +import random +from flask import Flask, g, request, render_template, make_response + +app = Flask(__name__) + +def get_db(): + db = getattr(g, '_database', None) + if db is None: + db = g._database = sqlite3.connect("./web.db") + return db + +@app.route("/", methods = ['GET', 'POST']) +def root(): + request + user_cookie = request.cookies.get("userid") + if request.method == "POST": + print(str(request.form)) + if request.method == "GET": + posts = get_db().cursor().execute(f"select * from posts").fetchall() + + resp = make_response(render_template('./index.html', posts=posts)) + if user_cookie is None: + resp.set_cookie("userid", str(random.randint(100000, 999999))) + return resp + + return "YES" + +@app.teardown_appcontext +def close_connection(exception): + db = getattr(g, '_database', None) + if db is not None: + db.close() +