Shifting Red

So my focus lately has been towards red teaming. I’ve been very busy with my own start up as well as BsidesOrlando, which was awesome, but now it’s time to switch my attention back to self learning.

Some of the things I’ve been doing is focusing on building a proper red team bag for myself to take on engagements, I’m still working on putting together a list, but here are a few examples of things that have been useful.

  • K tool (under door tool)- I’ve just recently started playing with bypass tools and this is one of my favorites to use. With the American With Disabilities Act and fire code, a lot of business utilize lever style door handles, which this thing will exploit in a matter of seconds.
  • Bogota entry set – self explanatory, depending on the lock, I’ll usually get through within 30 seconds of starting to pick it.
  • Full lockpick set – I have my favorite, which I got from TOOOL (Tremendous Twelve), but having these has been important since the Bogota entry set won’t get you past every lock
  • Monocular – Great for creeping on employees from my car across the street. I’m not happy with the one I have, but I can usually get a badge template in my head and sketch down in my…
  • Field notes – Paper is still king when it comes to quickly writing something down and saving it for later
  • Fisher Space Pen – Love this little pen, fits in my pocket without being obtrusive and even writes upside down!
  • Nexus7 Community PwnPad – While I haven’t had much use for it, it’s handy to do wifi recon and nabbing keys. The problem with the Nexus7 is that it’s slow for a lot of things, so I’ll often have to take anything that needs cracking back to my server.
  • LA Police Gear Operator Backpack – Lots of space to put all my things an organize them well. Also sits great on my shoulders when walking long distances to tail a target.

More is coming. I gave a talk at BsidesOrlando that covers a lot of this stuff, as well as self-learning techniques, but my slides were lost. I submitted to Derbycon, so I may have to make new ones! The video will be published soon though.

Posted in Uncategorized

DC813 MiniCTF 0×2 Writeup

My Defcon Group in Tampa is getting pretty awesome. Makes me miss DC407 and everyone over in Orlando and all the potential that was there before I left the area. Ah nostalgia, but I digress.

DC813 has been throwing up some mini CTFs lately, specifically a guy named Mick who’s pretty rad at getting this stuff together. Tonight was the second one and the first one I’ve been successful at. Sadly at 0×1 I had some hardware issues and couldn’t complete a lot of the challenges. The system I chose to use was vanilla Kali, so you’d be able to solve most of these on your own. I want to get permission to post the challenges online from the creator.

Challenge One, Passwd Pwnage:

This one was pretty easy, we were given a flat file with a username and hash in it:

test:$6$8bpMs.NZ$GidfGfDaoansq7tUNaI9Eb7C/t91h31/Ymn7UFYdazAGRZCB02NMwtvVtRScWdTf1IaNzcOr8rddvsLZIQ8jC.:15980:0:99999:7:::

This was quickly solved by running the file through john using the rockyou wordlist that comes with Kali:

john --wordlist='/usr/share/wordlists/rockyou.txt' '/root/minictf0x2/challenge1'

John ran for about 7 seconds before finding the solution: password123

Challenge Two, What is OTV’s Number:

This was a trivia question, specifically from the movie Hackers. The solution was 212-555-4240. Google-fu was helpful

Challenge Three, I Speak When I Listen:

This challenge was maddening and the last problem I solved. It ended up in a 3 way grepping match between me and 2 other guys, which I didn’t win, but caused me to come in second. What was maddening about the problem is that the hint was easier to understand than I thought. I didn’t fully understand it till I started this writeup, you’ll see at the end of this section what it meant.

On to it then. Challenge three, we were given a hint in the title “I Speak When I Listen” and an Android APK titled DroidSheep.apk. The apk had to be disassembled so I had to do a bit of research on APK, but found the program apktool installed by default on Kali. apktool wouldn’t work according to the documentation, but a post on the Kali forums suggested copying the apk into the apktool folder /usr/share/apktool. Ran the tool with this command:

apktool d DroidSheep.apk droidsheep

Started grepping the directory /user/share/apktool/droidsheep for the keywords in the hint, but the only one that returned anything was “listen”. The command used to  try to locate the flag was

grep -r "listen" /usr/share/apktool/droidsheep.

Unfortunately, I didn’t figure this out on my own, I just overheard the organizers whispering when I had half the string highlighted. The flag was in the first result of the screenshot: “Droidsheep is listening for sessions” The clue meant that DroidSheep “spoke” while it listened :D

Challenge Four, Cereal Killer

I learned a bit from this challenge. It was a seemingly corrupted video file that wouldn’t play. I had to dip into the hint basket for this one. One of the organizers mentioned hexediting, to my dismay. I am not good at hex. After downloading hexedit because we were told Kali didn’t have a hex editor, I scrolled through it for a bit, went back to the top and worked on another challenge. After a while, I found out Kali comes with hexeditor… after a while this was me:i-have-no-idea-what-im-doing-dog

 

I had to get a hint, which was “magic numbers”. I had no idea what that meant either, so I had to turn to Google. If you don’t know what they are, magic numbers, in this context, refer to a series of numbers in the header of a filetype. Specificaly m4v, which this file’s was corrupted.

AWAITING SCREENSHOT

And here is the corrected magic number:

Select to zoom

The video was finally playable, which was a clip of Hackers at the very end when everyone was arrested and being interrogated by the Secret Service, when Cereal Killer saves the day by broadcasting pirate TV and revealing the whole plot and the account number of Plague’s overseas bank account, which was the flag: 03087-08351-27H

Part 2 Coming up once I find some time, as I have to redo some of the screenshots, which got lost while competing at HackMiami Winterfest’s CTF by accident.

Tagged with: ,
Posted in 2013, Main Menu

Pins and tumblers

Today’s post is about something I barely talk about on here, but I’m very passionate in my life: lockpicking.  Lately, I’ve been feeling down on myself with my digital motivations and skills, so I’ve turned to the physical to boost my confidence, which has been therapeutic to say the least.

I started picking locks when I was about 20, I think. What got me interested was reading 2600, immersing myself in the hacker culture, reading online and all the typical things you do when you want to integrate into a subculture. I remember having no idea where to get picks, so I wandered into my local Army/Navy Supply store and asking the owners if they had any, which they did and I paid way too much for them. It’s funny looking back at what you do to learn or adopt when you have no idea about it. I wasn’t very good at it, didn’t have the motivation stick with it, so like all things I found difficult at the time, I just gave up and let my expensive crappy lockpicks collect dust. It wasn’t until I helped start DC407 almost 5 years ago that I became re-interested in the hacker hobby, diving headfirst into it. Like so many people who learn lockpicking, I just simply raked locks, which was satisfying for a time. In the last 2 years though, I’ve really dedicated to the hobby and teaching others how to open simple locks. I’ve learned the terminology, stopped raking and learned how to single pin pick and bypass more advanced security locks.  I’ve had the pleasure to teach all sorts of people how to pick locks from 6 year olds to senior citizens in the last year.

Lately I’ve been trying to push myself out there as a sort of SME. I’m not happy with the label of expert when it applies to myself because there is still so much to learn, but compared to the beginner, I’m a lock popping genius. I’ve had a lot of good opportunities to showcase my skill and share what I know with people. Earlier this year, I was able to secure a spot running the lockpick village at HackMiamiCon, I’m running the lockpick village for BsidesTampa and this past weekend got to help at the village at Orlando Mini Maker Faire with a good friend and fellow hobbyist. The past weekend was awesome for a few reasons, one being that I was able to remember almost all the terms I’ve worked hard to memorize about lock mechanisms. Second, I was able to work with some kids and adults who were able to master the techniques that took me a while to learn (because I’m lazy) in just a short period of time. The kids amazed me the most, there was a kid there who had never picked anything in his life and he was able to master the basic progressives from TOOOL and #1 & #2 spool. Another kid was consistently there and listened to me very intently on how to master spool locks (he was able to get to #3 and start on #4 before we closed), but in addition, he was helping people who were walking up to the busy table and I hadn’t yet had the chance to address. (The table was very popular) Listening to my girlfriend’s stories about her experiences working in the school system has been making me jaded, and these kids have reversed some of the negativity I’ve been feeling about the next generation. (re: getting old, get off my lawn, etc) There was a little one there even, he may have been 5 or 6 that came up right before I took a break and stood next to me to open up a few of the basic progressive locks without saying anything. It was freaking cool. Hacker parents, keep it up!

So what’s the point of this self-congratulatory post? There are a few…. If you become good at something, attempt to teach it. You learn a lot about what you don’t know, if your passions/resolve are true and the actual skills it takes to teach. You’ll suck at first (I did), but you get better at it. If you can take someone who metaphorically walks in from the street and teach them the core concepts about what you know, you can be thoroughly secure about your skills. (re: confidence).  Putting yourself out there itself is another thing, don’t doubt yourself. It can be terrifying to put yourself on a stage and say you are good at something and want others to know about that something. Don’t let fear cripple you, but motivate you. If you fuck up, use it as a teaching opportunity. Free SE/rapport building tool: if you fuck up and correct yourself later, people will respect you more because it makes you appear human. Just remember, they are more afraid of you than you are of them ;)

I’ll be teaching a class at my local hackerspace soon, keep an eye out on the site for the schedule http://makerspacetampabay.org/

 

Tagged with: , , , , , , ,
Posted in advice dog, lockpicking