31C3 CTF writeup
Categories
- pwn
- crypto
- reversing
- malware
- signals
- web
web > 5CHAN (15pts)
- only img ids 1 thru 8 inclusive are displayed
- flag should be in img id 9
- @ http://188.40.18.89/?page=pic&id=0%20OR%20id%3E8;–
Github Search allows advanced filters that allow us to search for these private keys @ link.
This looks for:
Although a decent amount of people have dummy keys, a large amount have real pem files. In addition, there are cases in which people notice that they have accidentally pushed a private key and push a new commit stripping their private key. This does not prevent anyone slightly determined from finding your private key, as the original key will still exist in your git history (publicly accessible)
As a proof of concept to warn people of the dangers of accidentally posting sensitive information such as private keys to their github repos, I attempted to gain access to Amazon EC2 servers with a couple of Bash/Python scripts by scraping Github...
file <binary>
or otool -h <binary>
Check .gdbinit via help user
within gdbattach
ing to <pid>
, or running live using exec-file <binary>
set args
or r
/run < <input>
b
/bp
on mem loc, eg. bp 0x1234
, or symbol, eg. bp [NSControl stringValue]
bpl
bpe/bp
...from: Nevernote Admin < **nevernoteadmin@nevernote.com** >
to: challenger@ctf.isis.poly.edu
date: Thurs, Sep 19, 2013 at 3:05 PM
subject: Help
Friend,
Evil hackers have taken control of the Nevernote server and locked me out. While I'm working on restoring access, is there anyway you can get in to my account and save a copy of my notes? I know the system is super secure but if anybody can do it - its you.
Thanks,
Nevernote Admin
'OR''='
$_REQUEST
, $_GET
, $_POST
& $_FILES
, before sending a message to the Admin’s email address via the system itself