Hack.lu 2K13 Pay TV - web200

Published on Thursday, 24 October 2013 in CTF, Security ; tagged with hack.lu, ctf, write-up, web, 200, challenge, security, python, timing, attack ; text version

Hack.lu's CTF

Bonjour les gens !

The last two days, we have seen Hack.lu's CTF taking place online.
It was a lot of fun, their IRC channel was really fun, so was their challenges :)

Last results? 106 over 413 applying teams. Well done HackGyver \o/

Now it's time for the write-up. More precisely, the one on Pay TV, their 200 points web challenge.

Pay TV, the challenge

Pay TV homepage

The website is composed of a static image, a gif (the noise on the TV) and an input text box (a decoder?).

Pay TV noise

Really simplistic design and not so much to look around, except that noise and that input field.
When I saw that noise gif for the first time, I was really scared about some stegano inside.

Pay TV meme not today stega

My thought? Screw you stega, I'm not looking for you. Let's focus on the rest instead :P

Continue reading


Hack.lu 2K13 Robots Exclusion Committee - web150

Published on Thursday, 24 October 2013 in CTF, Security ; tagged with hack.lu, ctf, write-up, web, 150, challenge, security, python, sqli, attack, burp ; text version

Hack.lu's CTF

Bonjour les gens !

The last two days, we have seen Hack.lu's CTF take place online.
It was a lot of fun, their IRC channel was really fun, so was their challenges :)

Last results? 106 over 413 applying teams. Well done HackGyver \o/

Now it's time for the write-up. More precisely, the one on Robots Exclusion Committee, their 150 points web challenge.

Robots Exclusion Committee, the challenge

REC homepage

That web page only contains few fields.
They only ask for credit cards information :)

REC result of the form

If we validate the form with some random inputs, it redirects us to a nice We are sorry response.
That looks like a XSS to me, no?

Continue reading


Attempts to speed up gethostbyaddr

Published on Wednesday, 02 October 2013 in Python, Trick ; tagged with trick, python, gethostbyaddr, threading, internship, timeout, semaphore, gil, gethostbyname_ex ; text version

The workframe

Among my missions in Société Générale, a key element is to collect information about websites in order to pentest them.

The group Société Générale counts more than 150 000 employees.
It has a really complex organizations, like every big companies I guess.

Therefore it becomes really hard to have an overall point of view on all its servers, since they are spreaded across all the group's branches and their sectors.
That is to say that I have to deal with hundreds, thousands of domain names and IP addresses, and gathering information about them takes a lot of time.

What we mean by collect information about a website is to identify several main information like:

In this post, I assume that I only have IP addresses.

During some tests about getting the hostname of an IP address, I had to use gethostbyaddr.
If you ever tried to use gethostbyaddr, you must have seen that it can take long time to answer.
The problem with this function is that it takes a high amount of time before giving up on the domain name resolution.

Among the thousands of IP addresses, a bunch of them come from ranges reserved by the SG group.
Not all of them point to a running machine, therefore a lot of them don't have a host name.

When you can wait like 5 to 10 seconds for 1 or 2 addresses, it is not viable to wait hours and hours for thousands of them.

Continue reading


Maintenance from TonBNC

Published on Tuesday, 01 October 2013 in Blog ; tagged with blog ; text version

Due to maintenance from TonBNC on server9, you might have seen that the blog was down during these 2 last days.

The maintenance finished Sunday night but for some unknown reason, the configuration of the network interface disappeared...
The administrators gave me the serial access and I was able to restart it.
From now on, all the services have been successfully restarted.

Too bad that my uptime of 182 days disappeared too :'(


Internship for the next 6 months

Published on Saturday, 31 August 2013 in Blog ; tagged with blog, intership, intern, societe generale ; text version

I will spend my next 24 weeks in the company Société Générale, in their Information Systems Security service.
Therefore I will have less time for posting stuff around.

I will try to write a paper about the packer stuff though, since the project progressed substantially this summer.

See you then!



contactdepier.re About me License WTFPL2