init

binary/buf.c

@@ -0,0 +1,16 @@
+#include <stdio.h>
+
+int main() {
+    int num = 0;
+    char buf[10];
+
+    printf("Name: ");
+    scanf("%s", &buf);
+
+    if (num > 0) {
+        printf("Ohno\n");
+        printf("%d", num);
+    }
+
+    printf("Hello %s!", buf);
+}

shell.nix

@@ -0,0 +1,9 @@
+let
+  pkgs = import <nixpkgs> {};
+in pkgs.mkShell {
+  packages = [
+    (pkgs.python3.withPackages (python-pkgs: [
+      python-pkgs.flask
+    ]))
+  ];
+}

slides.md

@@ -0,0 +1,102 @@
+# Intro Hacking (CTF)
+
+---
+
+## Wat is een CTF
+
+Capture the Flag
+
+`ZeusCTF{1k_b3n_33n_fl4g_H4DJ5D}`
+
+---
+
+## Belangrijke termen, dingen, systemen, encodings
+
+- base64 (meme)
+- binary
+- hex
+
+- veel dingen zijn een zip, `file` cmd docx, jar, apk
+
+---
+
+## Belangrijke tools
+
+- Cyberchef (base64, binary, hex)
+- pwntools
+- curl
+- netcat (nc)
+
+---
+
+- web
+    - sql injection (databanken)
+    - console
+    - cookies (local storage)
+    - request headers
+    - xss
+
+---
+
+- reversing
+    - packed binaries
+    - binary
+    - assembly (comparch)
+    - hexedit
+    - strings
+    - (ghidra) -> Vragen op voorhand installeren
+    - (gdb-gef) (run)
+
+---
+
+- mobile
+    - android (java)
+    - apk in zip ;)
+    - bytecode viewer
+    - native libraries
+
+---
+
+- forensic
+    - info in fotos (metadata, steganography (hidden data))
+    - wireshark (HTTP/DNS) (comnet)
+
+---
+
+- binary exploitation / pwn
+    - buffer/heap/stack overflow
+    - printf strings
+
+---
+
+- crypto
+    - XOR (raf)
+        - discover the key? met een gekende file header bv
+    - rsa :'(
+
+---
+
+- OSINT (Open Source INTelligence)
+    - Rare categorie die bestaat
+    - social media
+    - publiek toegankelijke data
+
+---
+
+CTF event volgende week
+
+type challenges van: je eerste CTF challenge
+
+--- 
+
+Zin in meer
+CTF NEXT WEEK
+CSCBE 8-9 maart
+
+
+Overthewire
+
+https://picoctf.com/
+https://pwn.college/
+
+CSCBE 

web/templates/index.html

@@ -0,0 +1,21 @@
+{% autoescape true %}
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Posts</title>
+</head>
+<body>
+    <form method="POST">
+        <input type="text"/>
+        <input type="submit"/>
+        
+    </form>
+        {% for post in posts %}
+            <p> {{ post[1] }} </p>
+        {% endfor %}
+</body>
+</html>
+{% endautoescape %}

web/web.py

@@ -0,0 +1,34 @@
+import sqlite3
+import random
+from flask import Flask, g, request, render_template, make_response
+
+app = Flask(__name__)
+
+def get_db():
+    db = getattr(g, '_database', None)
+    if db is None:
+        db = g._database = sqlite3.connect("./web.db")
+    return db
+
+@app.route("/", methods = ['GET', 'POST'])
+def root():
+    request
+    user_cookie = request.cookies.get("userid")
+    if request.method == "POST":
+        print(str(request.form))
+    if request.method == "GET":
+        posts = get_db().cursor().execute(f"select * from posts").fetchall()
+
+        resp = make_response(render_template('./index.html', posts=posts))
+        if user_cookie is None:
+            resp.set_cookie("userid", str(random.randint(100000, 999999)))
+        return resp
+
+    return "YES"
+
+@app.teardown_appcontext
+def close_connection(exception):
+    db = getattr(g, '_database', None)
+    if db is not None:
+        db.close()
+