Friday, July 6, 2012

MISTI JOhor 2012 CTF Writeoff when in ROme do in ROme

So once again, the awesome SCAN Associates Berhad with collaboration of MISTI Johor had organized quick/mini CTF Competition in the southern land of Malaysia. Pan Pac JB few weeks ago.  While I was not able to conduct the competition on the scene directly since I`m busied with my marriage  (oh yeah marriage is life way more important and rewardable if u know what i meant :p) .

So I managed to rip-off /rewrite back the Score Servers in Ruby and hardened it thanks to the power of Apache... in Malaysia CTF how do u predict a winner? Simple.. u only have three choice by   either

1. UTP *   - That means if geng alak/kage
2. UTM *  - That means geng kuehtiow
3. MMU * - Well what do u expect? it's MMU there should be plenty of nerds and geeks.
4. UITM * - Urm, yeah, well u know .... they win sometimes right?


Final Score.





Owh my BFF hacker/trainer friends ask me to write out one of the question. Since I`m in a good mood (dah jadi husband) So let`s go to one question.... Question 7



SO what happen when someone actually connect to the port?

You will actually get something sounds gibberish



Since we know it's something gibberish. Let's analyze the traffic with Wireshsark. with and Follow the TCP Stream.




Hurm,... Since it`s not ASCII readable let`s try EBCDIC?


















Hurm,... Since it`s not ASCII readable let`s try EBCDIC?

Hohoho. to answer the servers require us to write a simple client that we encode our data  into EBCDIC to send and Decode back in ASCII when recv from the server.

A quick dirty unelegent but works anyway.. in python



Now Test it !!



So answer is c6bf8061e6ece9aff707ddaf666db3b50983fd32
Since I`m in a good mood , I release the source code i used for the server..


http://pastebin.com/dcuTjjtd

Owh congrats to MMU Biyatch..




Check for DEBUG Verb in IIS

PCI  Compliance is an asshole misleading compliance created by some capitalist junkies to say u r secure!!! ... In my opinion it`s a full of shit but yeah everyone gotta comply with it  to ensure our shareholders or investors that we are secured for digital business althought http://www.technewsworld.com/story/64926.html says otherwise.

Having said that one of PCI -C is to disbaled Debug mode on the webserver. IIS/ASP by default didn`t turn on DEBUG mode. But you know developers :)
To test for DEBUG verb in IIS/ASP  u can run command like this with curl.

curl  -H "Command: stop-debug" -X DEBUG http://index/foo.asp   # can be foo.asp or foo.aspx

If it returns.

OK

So DEBUG is enabled and need to be turned off.

A screenshot example


How to disable DEBUG: http://support.microsoft.com/kb/815157

Monday, July 2, 2012

I`m married.


Married.

Geek stuff that I do during our marriage?