Git Commit Message Hook for JIRA Issue Keys
Overview Credits to this StackOverflow answer: https://stackoverflow.com/a/53669975/1800854 ❤ Follow these steps to set up a global commit message hook that will extract the issue key from your branch id and prepend it to your commit messages automatically. This allows other team members to easily track down who wrote what code. Steps Make sure you have…read more.
How to delete a Ghost/Empty SignalFx Dashboard Group
The Problem I ran across into issue when working with SignalFx where I was unable to delete a dashboard group that contained no dashboards. The only way to delete a dashboard group is to first visit a dashboard belonging to the dashboard group itself then using the meatball menu next to the dashboard group name…read more.
BlankMediaGames/Town Of Salem Data Breach (2020 Update)
Overview Town of Salem, a video game produced by BlankMediaGames was breached around 1 year ago on the 3rd of January 2019. It is reported that the total row count of that database that was breached is 8,388,894 which included some 7,633,234 unique email addresses. Shortly after this breach in early 2019, hackers attacked and successfully…read more.
BlankMediaGames/Town Of Salem XSS
While looking on the BlankMediaGames.com website (creators of Town Of Salem) I came across an api.php file which one inside one of the folders listed in the sites robots.txt file. The file in question is:
|
1 |
https://blankmediagames.com/TownOfSalem/api/api.php |
Upon visiting the page we get the following output with a 200 response code: At first I thought this was…read more.
IOLI Crackme Write-up
Overview The goal of this crackme is to find out what password(s) make the program print out Password OK :). We ended up looking at the Windows binaries only. Write-up crackme0x00 Takes input through scanf and performs quick strcmp with string 250382 from strings table. Password: 250382 crackme0x01 As above but strcmp with integer 5274 read by scanf instead. Password: 5274…read more.
Hackvent 2019: Day 23
Challenge HV19.23 Internet Data Archive
|
1 2 3 4 5 |
Introduction Today's flag is available in the Internet Data Archive (IDA). Resources http://whale.hacking-lab.com:23023/ |
Solution We are presented with the following website: We are allowed to enter a username and select some data to download except the flag which is classified. Upon doing this a unique zip file is generated for us containing our files and we are also provided with…read more.
Hackvent 2019: Day 22
Challenge HV19.22 The command … is lost
|
1 2 3 4 |
Introduction Santa bought this gadget when it was released in 2010. He did his own DYI project to control his sledge by serial communication over IR. Unfortunately Santa lost the source code for it and doesn't remember the command needed to send to the sledge. The only thing left is this file: thecommand7.data Santa likes to start a new DYI project with more commands in January, but first he needs to know the old command. So, now it's on you to help out Santa. |
Resource mirror: thecommand7.data Solution We inspect our data file and Google some of the hex sequences inside like :100000000C9435000C945D000C945D000C945D0024 and :00000001FF . We soon realise its the hex dump (or machine code) for a program for an AVR micro controller. Based on our search it seems like the dump…read more.
Hackvent 2019: Day 21
Challenge HV19.21 Happy Christmas 256
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
Introduction Santa has improved since the last Cryptmas and now he uses harder algorithms to secure the flag. This is his public key: X: 0xc58966d17da18c7f019c881e187c608fcb5010ef36fba4a199e7b382a088072f Y: 0xd91b949eaf992c464d3e0d09c45b173b121d53097a9d47c25220c0b4beb943c To make sure this is safe, he used the NIST P-256 standard. But we are lucky and an Elve is our friend. We were able to gather some details from our whistleblower: - Santa used a password and SHA256 for the private key (d) - His password was leaked 10 years ago - The password is length is the square root of 256 - The flag is encrypted with AES256 - The key for AES is derived with pbkdf2_hmac, salt: "TwoHundredFiftySix", iterations: 256*256*256 Phew - Santa seems to know his business - or can you still recover this flag? Hy97Xwv97vpwGn21finVvZj5pK/BvBjscf6vffm1po0= |
Solution We review the clues the elves gave us and first start by trying to find Santa password that was leaked 10 years ago. We are looking for data breaches in 2009 so we look at a list of data breaches. We find that the rockyou breach was the biggest…read more.
Hackvent 2019: Day 20
Challenge HV19.20 i want to play a game
|
1 2 3 4 5 6 7 |
Introduction Santa was spying you on Discord and saw that you want something weird and obscure to reverse? your wish is my command. Resources HV19-game.zip |
Resource mirror: HV19-game.zip Solution We are given a binary and told it is something obscure we have to reverse. We download the binary and open it in IDA. After some digging around we realise the file has something to do with the PS4 and this is consistent…read more.
