-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtips.html
More file actions
179 lines (168 loc) · 13.4 KB
/
tips.html
File metadata and controls
179 lines (168 loc) · 13.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Cyber Hunt</title>
<link href="main.css" rel="stylesheet">
<style>
.tall-row {
margin-top: 40px;
}
</style>
</head>
<body>
<nav class="navbar navbar-default navbar-static-top">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" href="index.html">Cyber Treasure Hunt</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">PLAY THE HUNT<span class="caret"></span> </a>
<ul class="dropdown-menu" role="menu">
<li><a href="challenges.html">Challenges</a></li>
<li class="divider"></li>
<li class="dropdown-header">Help</li>
<li><a href="tips.html">Tips</a></li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
<div class="container">
<div class="row tall-row">
<div class="col-lg-12">
<h1>Tips</h1>
<hr>
</div>
</div>
<div class="row">
<div class="col-md-12">
<p class="text-info">Here are some explanations of concepts that relate to challenges if you'd like some help.</p>
<hr>
<ul class="nav nav-tabs">
<li class="active"><a aria-expanded="true" href="#general" data-toggle="tab">General</a></li>
<li class=""><a aria-expanded="false" href="#steg" data-toggle="tab">Steganography</a></li>
<li class=""><a aria-expanded="false" href="#webexp" data-toggle="tab">Web exploitation</a></li>
<li class="dropdown">
<a aria-expanded="false" class="dropdown-toggle" data-toggle="dropdown">Crypto <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#cryptoclassic" data-toggle="tab">Classic</a></li>
<li class="divider"></li>
<li><a href="#cryptomodern" data-toggle="tab">Modern</a></li>
</ul>
</li>
</ul>
<div class="tab-content">
<div class="tab-pane fade active in" id="general">
<br>
<div class="panel panel-default">
<div class="panel-body">
<p>I wouldnt be mentioning anything if it didn't appear in the challenges at some point! Everything here is therefore useful.</p>
<p>Many challenges require logical skills, for example reversing some python or finding vulnerabilities in source code.</p>
<p>Googling skills are a must.</p>
<p>tineye and google images are good tools for reverse image searching.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="steg">
<br>
<div class="panel panel-default">
<div class="panel-body">
<h3>General tips</h3>
<p>Steganography is the practice of hiding secret data inside non-secret media that the recipient can then uncover.</p>
<p>For images, to start, finding plaintext strings in the image (e.g. by running the strings command or opening in notepad) is basic practice.</p>
<hr>
<h3>Images</h3>
<p> <a href="https://www.boiteaklou.fr/Steganography-Least-Significant-Bit.html">>>LSB<<</a> - The idea behind this method of steganography is you hide data in the least significant bit of each pixel. James Stanley has a <a href="https://incoherency.co.uk/image-steganography/">>>great tool<<</a> for it.</p>
<p> Appending - a great way to hide data in images is simply to append it to the end of the image file in a zip. Opening the image in the normal way doesn't reveal anything, but a file archiver like 7zip will treat it like an archive and open inside the zip file.</p>
<p>Steghide - a program that hides data for you with its own method so can usually bypass some forms of detection - there is a good web version of it <a href="https://futureboy.us/stegano/decinput.html" target="_blank">>>here<<</a></p>
<hr>
<h3>Audio</h3>
<p>If you hear high pitched random noises, checking the spectogram might be a good idea. Sonic visualizer is a great tool for this.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="webexp">
<br>
<div class="panel panel-default">
<div class="panel-body">
<h3>General tips</h3>
<p>Always check things like the source code and cookies, network tab etc.</p>
<p>Unfortunately since I'm using github pages I'm forced to only use static pages so I can't host PHP exploit challenges (which are my favourite type of web challenges) or any port services :(</p>
<hr>
<h3>PHP</h3>
<p>A language used for web development that can be embedded into HTML. Has many vulnerabilities if you're not careful, including type juggling and insecure mt_rand which are fun (and surprisingly easy) to try and exploit.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="cryptoclassic">
<br>
<div class="panel panel-default">
<div class="panel-body">
<h3>General tips</h3>
<p>To start, checking letter frequencies is always a good idea (assuming your plaintext is in english) since this can give you an idea as to what sort of cipher it is.</p>
<p><a href="https://guballa.de/" target="_blank">>>This site<<</a> is a great one for cracking both substitution and vigenere ciphers.</p>
<p><a href="https://tholman.com/other/transposition/" target="_blank">>>This site<<</a> is a great one for visualising columnar transposition ciphers.</p>
<p>And <a href="http://quipqiup.com/" target="_blank">>>This site<<</a> is just a great one.</p>
<hr>
<h3>Substitution</h3>
<p>Simple cipher, an example of a specific kind is the caesar cipher. Essentially the idea behind this cipher is running find and replace 26 times.</p>
<hr>
<h3>Transposition</h3>
<p>Letter frequencies stay the same, so if it matches that expected of english it's probably some form of transposition.</p>
<hr>
<h3>Vigenere</h3>
<p>Read about how vigenere works <a href="https://www.google.com/search?q=vigenere+cipher" target="_blank">>>here<<</a>. Letter frequencies are changed, so if you perform frequency analysis and it matches that expected of normal english then it likely isn't vigenere.</p>
<p>Because of the way vigenere works, if you know some of the plaintext then it is easy to decrypt the rest of the message (see <a href="https://crypto.stackexchange.com/questions/12195/find-the-key-to-a-vigen%C3%A8re-cipher-given-known-ciphertext-and-plaintext" target="_blank">>>here<<</a>).</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="cryptomodern">
<br>
<div class="panel panel-default">
<div class="panel-body">
<h3>Cyberchef</h3>
<p><a href="https://gchq.github.io/CyberChef" target="_blank"> >>Cyberchef<< </a> is a great tool for many of the techniques mentioned in this tips page. You can load "recipes", aka operations, to perform on the input.</p>
<hr>
<h3>Base64</h3>
<p>Base64 is an encoding scheme that you can find more information about by googling. It is useful for transferring data as the encoded message only consists of common characters, so non-printable bytes can be preserved.</p>
<p>As soon as you see a sequence of a mixture of alphanumeric characters followed by up to two equals signs (used for padding to make the message length a multiple of 3) your brain should instantly think base64 or similar, for example base32 or base85. You can play around in cyberchef to get a feel for what these messages look like.</p>
<hr>
<h3>Hashing</h3>
<p>How are passwords stored in databases? Answer: they are hashed, otherwise if an outsider got hold of the database they would know everyone's passwords.</p>
<p>Think of hashing as a one way function that you can pass any input to and that gives a unique output, but the input cannot be determined from the output - so obviously this is ideal for storing passwords.</p>
<p>However implementing password hashing / storage by yourself is a horrible idea since you will almost certainly get it wrong somehow (sorry!) and your passwords will inevitably end up being leaked to the internet in a horror story that you never thought was possible.</p>
<p>If we can pass any input to a hashing function and it gives a unique output, why don't we just try hashing loads of plaintext values until we get a hash that matches, then we would have found the plaintext? People do this (the process is called hash cracking) and the hashes of many common plaintext values e.g. "password123" are readily available in things called rainbow tables. A good site for this is <a href="https://crackstation.net/" target="_blank">>>crackstation<<</a>, although often just googling the hash works as well.</p>
<p>Obviously rainbow tables are less of a problem the more secure/long plaintext we have. However rainbow tables can be protected against easily by <a href="https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/" target="_blank">>>salting<<</a> your input.</p>
<p>Here is an insecure example hash for you to practice decrypting:</p>
<div class="well well-sm">
<p class="text-warning">5d41402abc4b2a76b9719d911017c592</p>
</div>
<hr>
<h3>RSA</h3>
<p>A classic asymmetric encryption method used by modern computers. Based on primes and the fact that multiplying two primes is easy but factorizing the result (if sufficiently large) is hard.</p>
<p>Has many potential weaknesses for example if n is too small then it can easily be factorized with something like <a href="https://www.alpertron.com.ar/ECM.HTM" target="_blank">>>this<<</a> .</p>
<p>A good step by step walkthrough is <a href="https://www.cryptool.org/en/cto/highlights/rsa-step-by-step" target="_blank">>>here<<</a> .</p>
<p>RSA is easily implemented in python or any programming language for example <a href="https://crypto.stackexchange.com/questions/19444/rsa-given-q-p-and-e" target="_blank">>>here<<</a> .</p>
<p>There are many other cryptosystems such as AES which cyberchef has a good recipe for.</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="row tall-row">
<div class="col-md-12">
<hr>
<p><small>Created by <a href="https://github.com/dnzc/" target="_blank">dnzc</a> | <a href="https://github.com/Bachittarjeet" target="_blank">Bootstrap Template</a></small></p>
</div>
</div>
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
</body>
</html>