 Okay. Well, as most of you probably know, CTF-1 had about five difficult challenges that few people solved. We covered one of those solutions in the last recitation, and I thought it might be useful since so much is focused upon the CTFs, that we might as well go over some more of the CTF solutions. To find that past, again, was covered, I'm basically going to try to knock out or show you how to solve some of the other ones, or a few of the more difficult ones. So, again, if you have any questions, please post, and I'll hopefully be able to answer them as we go. If anything's not clear, again, just let me know as well. First of all, here is a check password. Basically, you're given this little hint. What's the correct password? Whatever the password is, that's the flag. Just checking if all of you guys see my screen. Is it working from that side? Okay. As you can tell, the hint's not terribly useful. It doesn't really tell you too much. You can run a couple quick checks. Basically, Linux has a nice file command. It tells you exactly what the file type is, of course. Basically, you run a file of check password. It says, yes, this is an L file, which means it isn't executable. If you execute it, you don't really get too much. You can also run strings, which is somewhat useful as well. But again, not terribly useful. Here's all the strings in the password file. Again, you see it has something to do with accepting and rejecting passwords, valid password, correct password, but nothing really useful here either. There's two different approaches you can take for examining Elf executables. Let me show you object dump first. I'm going to run object dump, and again, I'm going to choose the Intel coding, not AT&T encoding, for assembly language. Object dump with disassembly is a slash D. And I run this through the less, so it will let it scroll up and down. And you see basically disassembly of all the different sections of this Elf executable. Normally your main goal would be to look up the main function. You've got knit, text, and one problem you run into scrolling up down here is there's no main function. You really can't see exactly what's going on here, where it's going, what it's doing. The assembly code here is not terribly useful. You're seeing more or less just, again, you can sit and trace the assembly code. That's one approach, but there's also a much better approach. What a few people did to solve this basically attacked this by running Ghidra. Ghidra has some tools, again, it does not have, it can do some more, some better disassembly. And for speed, I already opened up the check password. Okay, yes, I'd like to analyze it now. It's useful to put this little check box in to compile a parameter ID. So I'm going to go ahead and do that. Okay, Ghidra, the main thing again is to pull up functions. And as mentioned before, here are all the functions in this file. There's no main function. You've got a bunch of generically labeled functions. You've got, looks like entry and exit. And you've got some library functions up above. I'm going to jump down to look at entry. If there's no main entries, usually what gets called. Here is the assembly code for entry. And here's a bit easier to read, compile code. Basically, entry calls libc start main and gives you an address. 8048516, just happened to be a library called, what's that address? So let me pull that one up. Here's 516. And this actually looks like some useful code. Scanning over this doesn't tell you too much. But again, you notice this is a password checking code. It's taking input. And it seems to run function. This thing and dumping the correct password into I variable three. So it looks like the password checking code itself. Here is in a different function. So I pull this one up. This code is short enough where you can simply page through this course. Find anything useful as well. This function has a nice complicated convoluted if statement. And this is exactly the password check we're looking for. That surface results. This looks horrible. Looks like it's a very complicated function. Really doesn't tell you too much. But this is a password check. Let me cut and paste this in the notepad or something to show it up here. And basically, you see the password check is looking at each of the characters individually. You split this up and make it a little bit more readable. You're checking again for speed. Let me just do this quickly. So again, a lot of convoluted code here. First one's pretty obvious as if parameter one is not equal to C. So we know that the first parameter is C. Unfortunately, this is all of you should be computer scientists. Parameter one, the very first parameter is actually position zero. So we know that position zero is a capital C. Parameter two, or parameter seven, the second item on the list. The seventh item should be dollar sign. Skipping the more difficult ones, let's go through if you got the rest first. Now we know what parameter zero is. Parameter one is hex seven, 73. If you pull up an ASCII table, look up what 73 represents. That's lowercase s. So one is lowercase s, which is again 0x73. Other easy ones you can find. Parameter three, basically dollar sign. Parameter four is a character, just a number four by itself. And the rest are a little bit more difficult to figure out. We've got parameter two, and we've got parameter five and parameter six. Let me tackle five and six first. It's a little bit easier. Parameter six is this particular line here. It says short, parameter plus five. Look at the code here. If you use just parameter by itself, this represents parameter zero. Since this is all inside the cast, we're not adding five to the value of parameter. We're actually shifting over whatever the address or parameter one is by five. So again, if you have a string, you're shifting over parameters zero, five over. You're basically doing the equivalent of looking at parameter five. Nothing more complicated than that. Next thing we're doing is we're putting in a short. This is not a byte like up here. A short is, if you don't know this or Google this is two bytes in size, not one byte, which is very useful since we need to know what five and six are. So you also see the value here is two bytes in size. Final trick here is to make sure you know that this is stored in little Indian mode. So it's reversed. Parameter five is basically stored as parameter five itself is the zero x73. And we also saw that earlier, which is s parameter six is the zero x5 e, which you looked that up on the ASCII table is the at character giving us only parameter two. Parameter two is a little bit more tricky. Basically says take parameter two. And you have this interesting function here and parameter one. Make sure it's not equal to 40. Looking up this function, you see that this is basically an XOR procedure. Benefit of XOR is obviously you know what parameter one is already. You know what this value is already. If you're missing parameter two, just XOR these two. And then you'll get the first value. So again, you can Google online XOR calculator for you. Basically XOR zero x40. And we already know one is zero x73. And that gives us a parameter of zero x33, which just happens to be the number three on the ASCII table. So read this down from top to bottom. That is the key of the password for first check password function. Any questions about this one? I'll try to go a little faster for these other ones, Rolf. Basically the other ones I want to cover are encrypted pick. Let me just start there. Encrypted picture basically give you this hint. This one says I got to hold the picture that should have a flag in it. I have no idea what to do with it. Can you find a flag? The only hint you have is that the key is six bytes in length. And you're also given, given besides the picture itself is this encrypt function. So let's look at the encrypt function first. See what that tells us. Basically you have a lot of generic statements. You want to pass parameters. The next thing useful here is to know what the encryption algorithm is. Again, since you remember from the last problem we went over. Notice it goes byte by byte has a for loop running on B. Reads one pixel, one character, one symbol. And it encodes it by this particular statement, which again is XOR. And it's modding the key. So as you've seen earlier in the semester, what this means is if you have a key of something simple like ABC, the key is repeated again and again, and you're encoding it with this key repeated again and again. So it's ABC, ABC, ABC, ABC. We know the key is length six. Since the problem tells us it's length six. So if you want to find what that six characters are of the key, then you can decrypt the entire picture. I'm not going to go through all the steps for this one. But the trick for this is same as the one for last time. If you have a copy of the photograph, which is encoded, which provided. And you have a decrypted copy of the photograph. You can XOR both those together. In other words, you've got the key. You got encrypted photograph, and you can get the decrypted photograph. Or if you have the key, you can use the key on the decrypted photograph and get the encrypted photograph. Or in our case, what if we have an encrypted photograph and a decrypted photograph and run XOR on it? We're given that the flag has this file extension, H-E-I-C. So the first thing you can do is, you know, this is encoded. Try to create or try to find a unencrypted picture or photograph. You can do this with various picture editing tools. GIMP works well, for example. And basically what I did here is just create a blank file. I won't try to pull it up in this, but you have a blank file which has basically nothing in it whatsoever, but has a decoded H-E-I-C file. This doesn't really seem to do much for you because, of course, you have the picture which you don't know anything about the picture. How does a blank file help you? What happens is there's usually a encoding header that's standardized in different file formats. Like zip files, if you pull up a zip file, you'll see the first initials pk in every single zip file. It stands for Phil Katz, the original author of pkzip or zip files. Same thing happens with H-E-I-C. If you do some googling, looking up H-E-I-C headers or H-E-I-C encoding, you'll see that it has an interesting signature, roughly six offsets in, that is a standardized header magic number that's standard on every single H-E-I-C files. So if you've got two things you know are identical for any decoded files, you basically can XOR and look for those six positions since they're going to be the same in this flag file and the same in the blank file. Again, I'm not going to show you the exact steps, but you'll need to find some sort of XOR function, a Python script. You can Google some Python scripts to do this. You can Google some C functions to do this. There's no good clean way to do XORing of files from the command prompt. But again, you can find a command prompt tool to run XOR of these two files. XOR them together and look for a key or part of a key at a certain offset. Final step is to simply take that key and then XOR your encoded file with that key. That key might, again, if you keep in mind this is a sequence, other it's A, B, C, A, B, C, A, B, C. You might have to shift the key a number of times. You might have to look at symbols 2, 3, 4, 5, 6 and 1 or maybe 3, 4, 5, 6, 7, 1, 2, maybe 6, 1, 2, 3, 4, 5. Some shifting values of that key should give you the correct key. Basically, decrypt the entire file with the correct key. And you know you have a solution when your file actually works, actually it's visible as an actual real picture. Again, I don't have the viewer set up in this version of Linux Mint, so I can't show you any more steps of this on this side. When you get the final picture, when it's visible, and again we apologize that this last step was not functional with CTF1. The final key was available with any hex viewer at the very end of the file. You can view it and it was fairly obvious. Any questions about encrypted picture? Let me hit knock knock real fast. Knock is a networking challenge. Think criminal hacked into my computer. Exfiltrated my secret password. Luckily I ran a packet capture and found exfiltration software. So, you know from this description that the information your password was secretly extracted. It was secretly removed or secretly encoded in a very non-obvious way. Somehow someone sent this password over the network and you have a nice good packet capture containing that information. So your job of course is to try to dig through the packet capture and figure out exactly how this information was transmitted. Same thing like before. You've got a packet capture file and you've also got source code. Source code exists entirely just to give you hints what to look for. You do have to do most of the work in the packet capture using Wireshark. So first of all here is the source code. The main point again is the source code is to understand exactly what's going on here. What the source code is actually doing. You don't need to actually run the source code, you don't need to modify the source code, do anything with it. That's how most of these challenges will work. First thing you see is that this function is very simple. Basically it passes three parameters. The person running this, the criminal stealing your password, gave an IP address, gave it a message and gave it a max delay. This tells you that again you're not going to get this revealed by the source code. This was sent to a single IP address. You've sent the message somewhere and that destination I guess is the criminal, whoever is trying to receive or capture your, this hidden message. The message itself is probably the key or the password for this challenge. That's what you're trying to encode. And max delay and also this comment about random sleep means that the packets are going to be randomly distributed through the packet capture file. So you basically say for M in message, meaning for every single character of the message, you're sending one packet with one letter of the key encoded. So if the key is 100 characters long, you're going to have to look for 100 messages. If it's 50 characters long, you'll have to look for 50 messages and so forth. Flag doesn't seem to be doing much. The message itself is in M. So where is M encoded? M is being sent, it's sent to an IP address, which is what the user entered. It's saying source port is random. The thing there, destination port is M. This is the critical part of this code saying that the destination port is the actual location where the message is going to be encoded. Let me pull the packet capture. Pulling this up in Wireshark, you get 44,000 packets. Every packet you look at, you notice there is a destination port. Most of these you might recognize from networking theory, either very high numbers, or maybe 443, port 80, and so forth. The first thing you can tell is that you're encoding, again, looking at the source code, a message in the port numbers. So the first thing you can do is say, what are valid messages? You're encoding it, say, something which I'm assuming is text. So pulling up an ASCII, okay, well, avoiding Googling it for now, pulling up an ASCII table tells you that possible characters are probably between hex value 20 and hex value 7F. So you know that extremely high port numbers, most normal port numbers are not really that useful. So what if you exclude all port numbers that are outside the ASCII range? Can you can Google this? Look it up under Wireshark filters. I'm just going to cut and paste the solution here. Look up TCP destination port, anything greater than hex value 20 TCP destination port, anything less than 07F. That cuts to 44,000 packets down to 97. And from here, you can basically do some browsing. You know that the packets are all going to one single destination. So what ones do you have? You have maybe this 1352, maybe it's 888, maybe it's a 123. You know, one destination probably has all of these encoded packets being sent to it. If you check a couple of these, like all these messages sent to this address are in destination port 80. So this is probably a web server. There's nothing encoded with all these 80 addresses. If you pull up same thing here, this looks a little bit more suspicious. 1.1.8 destination port 90, 0.80, 0.80, 0.80, 0.80. Also just a lot of 80s. If you look up the destination 8.8.8.8, which is actually the Google DNS server, suddenly you start seeing some interesting, more interesting patterns. And I'm just going to sort by destination port here to see those exclusively. Destination port 51, destination port 54, 53, 67, 84, 70, 123. You notice the destination ports jumping all over the place and it's staying right in that range. You take all of these values for destination port, convert them into hex values, look up your ASCII table, 0x51 is the letter 3. This is 6. This is 5. This is C. This is T. This is F. You notice a certain pattern comes through. You'll go through and find, again, looking up all these ones under 8.8.8.8. It'll spell out the 33 character password. And that password is the solution to this CTF challenge. Okay, any questions on this one? Yeah, let me stop here, actually, for CTF material. The last difficult one, broken fence, was a cryptographic challenge. And I don't have as much prepared for that one. It does take more to go into and I don't want to use up the entire time with CTF solutions. Does anyone have any questions either about CTF or homework six? The homework six, I'm assuming most of you know, is having a 10% or 10 point extra credit. If you get, I believe, five of them done by tonight. So I'm assuming more of you are interested in that particular challenge. Okay, let me close this down first. Actually, let me just jump out of here entirely. Okay, search. Search is a very interesting one. Let me see if I can share my screen one more time. Let me give you a couple hints just to get you started. Okay, here's a nice terminal window. Search has, let's just go into the directory first. Search has source code and an executable. If you run search, I'm assuming most of you have. You notice it says find and starts looking in everyone's directories, all the users on the server and searching for something gives a permission denied message. And not much else. Here's what you can do. Try to get some hints for this program is look at the source code. If you scavenge through this, you notice it has some exclusions saying do not allow any of these symbols to go through. If there's any prohibited characters, if there's no prohibited characters, what it does is take a variable known as buff. And puts this command at the buff. Basically copies find slash home. I name and s and anything else. You put an RV gets put into this command line. Then it runs system above. So the trick here is search has SU ID flag set, which means search can break run elite can give you the points for this level. Search is calling system, which is running this command. So your hints are to try to find. Pardon upon some way for find to run something for you. You want for all these challenges, of course, to run the elite command. Since you're excluded from using and or an easy pipe symbols, you have to find some executable way to run this. My hint for this one is look at find search runs SU ID principles. Find will also run with elevated principle. Elevated privileges, dig through the fine pages. See if you can find some way for fine to run a command for you. There's a couple steps beyond this you'll need to do. Find is very, very lengthy has tons of help pages, tons of parameters. You'll have to do something so find can run something. You have to have something for it to find and you have to have something for it to execute. Again, most of you know what exactly you want to execute again, meaning this command and so forth. Any other questions or any of the questions on this one and pull up read secret real quick. Read secret. I can't give too many hints without really giving it away. It's not a tremendously difficult one. Basically, can't hint for here, of course, is if you're successful, it's going to run read secret, which is elevated privileges, and it's going to run a bin SH or run a shell command. And what is it comparing is comparing two files, the secret file, which you have no access to the dot secret, and it's also going to compare to a file in your home directory. Basically, tilde slash dot secret, and these two files must be identical for this to run. So I'll give you a hint, you're not doing a directory traversal attack, you do need to find some other attack some other technique to make these two files equal. Again, I can't really tell you too much more than that without giving it away. One other hint is that you're not going to actually be able to read the dots you could file this file is set as not available to you as read as basically no permissions for your account on purpose. You have to find some alternative way to make these two files equal. Okay, advanced overflow. Basic one for advanced overflow and basic overflow is to know your GDP code very well and do lots of experimentation with with GDP. I want to show one interesting thing was at first. If you run check sec on advanced overflow, I guess I'll type it in manually. And if you also run check sec on basic overflow, you can see the again pardon upon the basic difference between two source code for advanced overflow and basic overflow are identical. So it's identical source code means you should be able to use of very similar attack keyword being you should be able to the most important thing to see here is PIE PIE is disabled for basic overflow PIE is enabled for advanced overflow. If you do some googling. This means that your addresses that run your code is loaded into a randomized every single salt or time you execute your program. This makes it a little bit difficult to trace because I'm assuming most of you who did be basic overflow beat it by looking at GDP, looking at addresses figuring out the addresses and then running it outside of GDP so you have the permissions. If it changes address every single time. Then you could be running it GDP running outside of GDP all the addresses become invalid again. So, again, the only hint I can give you for advanced overflow is you have to find some attack some method of determining address when you don't know the address. This is actually easier than it actually sounds advanced overflow is one of the more advanced challenges. I'll just suggest that you try to figure out techniques to hit random addresses what would you do if you have an unknown or random address that you can't predict. How could you possibly hit it. The other questions. Okay, and again, as always, if you have beaten quite a few stages of one of these challenges, and you're just absolutely stuck cannot get any further. The best way to maybe get some hints of course is to send the private message to the TAs on Piazza. Just explain how far you've gotten what you've tried and will try to give you some sort of hint to get you one additional step in the challenge. Stephen, I'm here too. I've also posted. And if you look at the GDP information session I kind of go over how to understand an overflow and should help you with that challenge. Okay, yes, again, that's highly recommended the undergraduate TA session is very valuable. We're trying to collaborate and not discuss the exact same things in both sessions so you'll find both sessions useful. So you'll definitely attend and look up for more information on the tools, a lot of phone tools, information, etc. things that you'll definitely find useful, as well as GDP. And also, if you have any private questions, you are welcome to text message me privately here as well. Okay, one other general hint for all of the challenges for assignment six. Keep in mind that the main program, the one SU ID code is the only thing that has elevated privileges. If you execute the elite command for you, you can sometimes get things to do something such as give you an elevator privilege shell, which can run the code for you. But don't look for two stage attacks. You're looking for something that you can run or modify or trick the program to actually run that code directly for you.