[13 Apr 2014 | No Comment | ]
The blog’s heart’s beating is normal now

So yeah the ZOMGWTFAPOCALYPTIC bug affected this blog too.

I had a very busy couple of weeks and traveled to Cairo to attend OWASP cairo chapter launch meeting. so i had no time or brains to fix it that time but i disabled SSL.
Today i updated the openssl and libssl to the latest version in the repo and BAZINGA! i am no longer affected.

Reissued the (self-signed) certificates and put the VirtualHost back to apache’s config and restarted. and no more leaking (I hope)

Read the full story »

Tutorials »

[14 Mar 2015 | No Comment | ]

On Linux Mint XFCE.
Rarely when i double click the VLC video playing, it won’t go fully fullscreen – it occupies the whole screen except of the task bar menu.
The solution is a no-brainer actually. The VLC windows is maxmized. So simple click the maximize button again and you can now go full screen.

CTF »

[24 Jan 2015 | No Comment | ]

The last word (crypto200)
Description: Decrypt this
And attachment is supplied: challenge.txt
It looks hex’ish? so i try hex decoding with no luck.
Then i noticed it had too many zeros? so i tried to change every character that’s not 0 to 1 to try for binary.
So as usual i run to python: cry200.py
0110001001110101011010010010000001111000011001000110100101110100001000000
1101101011010110010000001101100011100000111001000100000011100100111001101
1001010110110100100000011000100110101000100000011101110111011001110001011
0011101110011011010100010110101100001011101100010110101110000011011000110
0001011101110110111000100000011000100110101000100000010011110110000101110
0110111011001110000011101110111001101110011011001100010000001100001011101
1101110100011000010111011001111000011101110010000001001001010011100100010
10101001101010011
That decodes to:
bui xdit mk lpr rsem bj wvqgsj-av-plawn bj Oasvpwssf awtavxw INESS
And from the look of it it looks like some kind of substitution cipher:
I tried rot-n, with no luck.
Also i tried simple Caesar without luck.
Then i tried Vigenère cipher …

CTF »

[24 Jan 2015 | No Comment | ]

OHSHIT (crypto100)
Description: Decrypt the cipher using the encryption program
And attachment is supplied: challenge.7z
It contains an encryption program and crypto.txt containing

Name: Automated Crypter
Description:
Decrypt this:
019t-0-080-3-1b-19t-25z-080-03f-8j-1b-12n-12n
Using this program.
(Note: the – is just a separator)
Hint: Not all letters chars are crypted

I didn’t have to solve this using a python script as usual.
I tried it manually:
./crypto abcdefghijklmnopqrstuvwxyz
Crypted text: 1b3f4g5i8j12n13o16q19t22u25z
./crypto ABCDEFGHIJKLMNOPQRSTUVWXYZ
Crypted text: 01b03f04g05i08j012n013o016q019t022u025z
I notice something, the character is encrypted to number+character after it
The encryption of “s” is “19t”
So just manually i know “019t” is 0+s.
And with trial and error i get:
0s-0-080-3-a-s-y-080-0c-h-a-l-l
But the 0’s don’t feel right.
So …

CTF »

[24 Jan 2015 | No Comment | ]

Weird Text (misc100)
Description: Giv m th flg plz !
Part of the supplied file was:

______
____________
_
_______
{
_______
1
______________________
3

_____________
3

____________________
________
4

______
____________
_
_______
}
And it looked like it could be flag{STUFF_HERE}
So if you guess that “______ ____________ _ _______” was flag.
It’s easy to know the obfuscation used.
6 = f
12= l
1 = a
7 = g
It’s obvious it’s using charset of abcdefghijklmnopqrstuvwxyz
So i wrote a little script to parse it and give the solution.
misc100.py
Although doing it by hand would have been feasible too, it’s not long.
flag{g1v3-m3-th4-flag}

CTF »

[24 Jan 2015 | No Comment | ]

Introduction to Keylogging (misc50)
Description: WTF ?: ^[[1;3Aload+^[[1;3Bload+^[[1;3C+here+^[[1;3D4dead
<!— Hints : MetaKey , Alt key —-!>
At first i thought it was some obscure format but i found this page: http://vim.wikia.com/wiki/Get_Alt_key_to_work_in_terminal

URxvt.keysym.M-Up : \033[1;3A
URxvt.keysym.M-Down : \033[1;3B
URxvt.keysym.M-Right : \033[1;3C
URxvt.keysym.M-Left : \033[1;3D
Turns out it’s UP|DOWN|RIGHT|LEFT keys
flag{upload+download+right+here+left4dead}