Learn _ Play _

Written simple program to find the class for an ip address of 32bit version #!/usr/bin/python import sys, getopt def __help(): sys.stderr.write('\n Usage: \n ip_classifier.py -h \n ip_classifier.py --help \n ip_classifier.py -i 128.12.14.23 \n ip_classifier.py --ipv4=128.12.14.23 \n ') sys.exit() def __input_validator(check): if len(check) <> 0: check = list(check) c = 0; n = 0 for v in check: if v in ['.','1','2','3','4','5','6','7','8','9','0']: n += 1 test = True if v is '.': c += 1 else: test = False break if test and c < 4 and n > 6: return check else: sys.stderr.write('**** Enter correct ip address **** \n') __help() def __validator(ip): if ip in range(0,256): return True else: sys.stderr.write('**** Enter correct ip address **** \n') __help() def __class_finder(ip, class_ip, bin_

To understand IP address resolution, you need to understand how to decode the IP address and extract the two main identifiers: A network ID (the network bits) A host ID (the bits the system administrator controls locally when assigning IP addresses) Network ID is used to identify the number of  networks and Host ID is used to identify the number of hosts on the local-area network. For now, just keep in mind a few subnetting basics: A  subnet  mask — or  subnet  address — is used by routers to assist in determining the network portion of an IP address from the host portion. The  subnet  mask is a 32-bit value just like the IP address. The binary 1 bits correspond to the network and  subnet  portions of the address. The 0 bits are host representatives. Three standard masks exist for Class A, B, and C networks: Standard Class A   subnet  mask: 255.0.0.0 Standard Class B   subnet  mask: 255.255.0.0 Standard Class C   subnet  mask: 255.255.255.0

Network Addressing: Each device on a TCP/IP (IPv4) network uses a unique 4-byte, or 32-bit, decimal IP address for communication and is composed of two distinct parts: a  network address  and a  host address. Each 8 byte is called octet. Example: 172.168.16.100 172 -> belongs class B 172.168. is the network address 16.100 is the host address Routing is done based on the network address. Each octet can have the value between 0-255. Classes of IP Addresses Two of the main ones are designated for the  default route  and  loopback address. The default route address is represented as 0.0.0.0 and is used to simplify the routing information that IP uses. Any route lookup failure defaults back to this route. The loopback address space is 127.0.0.0 and is used for testing and treating a local host as if it were remote to the network.  Class A (0–127): '0'  Class B (128–191):   '10' Class C (192–223):'110' Cl

A common connection point for the devices  like computer, smartphones in the network  are due to the hubs, switches, repeaters and routers. Networking Components: Hub has multiple ports. When the frame arrives at one port, it broadcast the same message to all other ports. Hub does not check the destination address, it simply broadcast to all available ports. Hubs are less intelligent as it works on physical layer (L1) of OSI model it does not know the MAC address of the ports connected to the network. It lacks in security, so the attacker can sniff the neighbor packets. (Hubs are outdated) Hub can create lot of network traffic and lead to poor response times. Repeater is also similar to hub, but it is used to amplifies the input the signal. When input signal has both desired signal and noise along with it. Repeater regenerates the desired signal and noise signal will be eliminated. Repeater can be used in the situation where there is a long distance in transmissio

Given a partition needed to mount and get the flag. root@Vijay:~/Desktop/inctf 14/forensics# file Forensics-8 Forensics-8: x86 boot sector; partition 1: ID=0xc, starthead 0, startsector 1, 97656 sectors, code offset 0xb8 root@Vijay:~/Desktop/inctf 14/forensics# root@Vijay:~/Desktop/inctf 14/forensics# root@Vijay:~/Desktop/inctf 14/forensics# root@Vijay:~/Desktop/inctf 14/forensics# gparted Forensics-8 ====================== libparted : 2.3 ====================== root@Vijay:~/Desktop/inctf 14/forensics# parted Forensics-8 GNU Parted 2.3 Using /root/Desktop/inctf 14/forensics/Forensics-8 Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) unit                                                             Unit?  [compact]? B                                                       (parted)                                                                 (parted) print                                                           Model:  (file) Disk

1. First Challenge was given python compiled File Used Python decompiler to get the original code. root@Vijay:~/Desktop/inctf 14/reverse# file one one: python 2.7 byte-compiled I got the printable sequence array values. eflag = [131, ... 138, ... 219, ... 198, ... 201, ... 158, ... 151, ... 154, ... 134, ... 129, ... 128, ... 177, ... 135, ... 157, ... 177, ... 157, ... 154, ... 135, ... 130, ... 130, ... 177, ... 141, ... 129, ... 129, ... 130, ... 201, ... 199] >>> eflag [131, 138, 219, 198, 201, 158, 151, 154, 134, 129, 128, 177, 135, 157, 177, 157, 154, 135, 130, 130, 177, 141, 129, 129, 130, 201, 199] >>> >>> flag = ''.join(map(chr, map(lambda x: x ^ 238, eflag))) >>> >>> print flag md5('python_is_still_cool') Next is the compiled java class file, I used jad decompiler to get the original class file root@Vijay:~/Desktop/inctf 14/reverse# file two.class two.class: compiled Java

Hi this is my first reverse engineering with GDB. Challenge was to get the flag from the display_function. First we should disassemble the executable file with objdump to see how the program control works. root@Vijay:~/Desktop/inctf 14/reverse# objdump -d four four: file format elf32-i386 Disassembly of section .init: 080482f4 <_init>: 80482f4: 53 push %ebx 80482f5: 83 ec 08 sub $0x8,%esp 80482f8: e8 b3 00 00 00 call 80483b0 <__x86.get_pc_thunk.bx> 80482fd: 81 c3 03 1d 00 00 add $0x1d03,%ebx 8048303: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax 8048309: 85 c0 test %eax,%eax 804830b: 74 05 je 8048312 <_init+0x1e> 804830d: e8 3e 00 00 00 call 8048350 <__gmon_start__@plt> 8048312: 83 c4 08 add $0x8,%esp 8048315: 5b pop %ebx 8048316: c3 ret Disassembly of section .plt: 08048320 : 8

Give an image, the flag is hidden in the Blue plane. import os,sys import Image modi_bin = Image.open("modi.png").convert('RGB') bin = '' R = open('r.txt','w') G = open('g.txt','w') B = open('b.txt','w') # By Analysing the text docs I found blue Plane First column is embedded with data flag = '' flag1 = '' for h in range(modi_bin.size[1]): # Fetches Height count = 0 binR = '' binG = '' binB = '' for w in range(modi_bin.size[0]): # Fetches Width count += 1 binR += str(modi_bin.getpixel((w,h))[0] & 1) binG += str(modi_bin.getpixel((w,h))[1] & 1) binB += str(modi_bin.getpixel((w,h))[2] & 1) if w == 0: # blue plane first bit flag += str(modi_bin.getpixel((w,h))[2] & 1) if count == 8: R.write(binR) G.write(binG) B.write(binB) binR=' ';binG=' ';binB=' ' count = 0 R.write(binR+'\n') G.

This is also a RSA challenge which is more interesting, given a RSA-704 bit. Factors are found in the wiki. I used openssl to finish, this challenge. root@Vijay:# openssl rsa -inform PEM -text -pubin -in publickey.pem -modulus Public-Key: (704 bit) Modulus: 00:e1:34:18:93:fe:6e:68:16:ce:c8:a9:70:a3:9c: 00:fa:54:7c:7d:a2:cd:ed:ab:0a:62:b9:1c:46:51: a8:3f:96:38:0b:cf:ae:e2:6f:7e:86:61:07:90:63: 89:42:1b:1e:68:d0:a1:7a:ad:c9:87:0b:98:58:e9: 56:28:6e:39:99:e9:8c:ec:98:81:53:4a:c7:72:ae: 78:f5:e8:ab:a1:e2:f8:d3:03:95:77:02:9d:87 Exponent: 65537 (0x10001) Modulus=E1341893FE6E6816CEC8A970A39C00FA547C7DA2CDEDAB0A62B91C4651A83F96380BCFAEE26F7E866107906389421B1E68D0A17AADC9870B9858E956286E3999E98CEC9881534AC772AE78F5E8ABA1E2F8D3039577029D87 writing RSA key -----BEGIN PUBLIC KEY----- MHQwDQYJKoZIhvcNAQEBBQADYwAwYAJZAOE0GJP+bmgWzsipcKOcAPpUfH2ize2r CmK5HEZRqD+WOAvPruJvfoZhB5BjiUIbHmjQoXqtyYcLmFjpVihuOZnpjOyYgVNK x3KuePXoq6Hi+NMDlXcCnYcCAwEAAQ== -----END PUBLIC KEY-

This challenge had made me mad, Some how I finally I managed to solve the challenge. This is a RSA Crypto, given a cipher and public key. This is RSA low public exponent attack, e=3. root@Vijay:# openssl rsa -pubin -in pub.pem -text -noout -modulus Public-Key: (4096 bit) Modulus: 00:d1:0b:a0:e9:cd:6d:d6:c3:89:5f:cd:f4:17:db: 21:e5:81:22:60:89:c6:c7:58:7f:c4:1b:3d:78:df: f5:2c:0f:8c:29:dc:6b:e9:fc:cf:31:68:32:e6:ff: 6f:f0:49:6e:9e:56:6e:cb:c1:31:06:4e:b8:47:5d: 6c:1b:c8:28:be:4a:f4:54:ad:62:cb:f0:d1:d2:cd: 5a:59:8a:24:1c:52:b1:6d:8e:e1:da:0c:a9:cc:56: 30:3c:d0:70:71:0e:6c:18:1f:2a:31:c6:88:7e:52: cf:14:bd:76:f6:25:80:a8:46:92:f8:81:98:a9:38: 49:0f:b2:de:19:41:b1:10:85:83:3d:ed:ca:16:67: 3f:4a:e5:4b:e6:0f:e0:da:66:24:a5:3d:b2:32:dc: a6:c5:88:7d:72:3c:77:39:c4:76:ef:30:60:19:a0: 57:f1:c6:be:37:a5:b8:20:d0:91:9a:cf:fd:18:63: d2:2c:6f:a7:30:fe:12:e8:15:35:9d:68:a4:ec:e1: c0:1e:f7:b0:ec:d9:59:91:b3:d9:71:d0:09:27:99: 5e:d6:6e:d