#cybersecurity

Fair enough

Would also have to slightly change the protocol I think to allow for "hey you need to validate"

Ooor just have it be passed automatically per request

How can you generate new tokens and remove old tokens,then you have to send the new tokens for validation.

Hey you need to validate as in please login again

That's some serious stuff for me.
As I said earlier,good idea. Floppy

Well it is a course in security after all :p

Course in security?

Software security to be more specific

I had a lecture at the TUM about secure system design once, the prof repeated the 4 principles of security again and again
Encryption
Authenticity
liability
Aaaaand uhhh access control I think

Yeah access control

Apparently that's what makes secure software

Theres more to in depth ofc

but most of it, in a general list

Let me save it in Google keep.

@silent pier Where can I know about it?

wdym?

The course im taking at my uni

Oh, sorry.
My professors aren't that good so I have to rely on online resources that's why I asked.

@silent pier Instead of bothering with a database, it might be another good approach to do something JWT-style ("Java Web Token")

They basically contain the data you need, like user id and expiration date directly in the token, plus having that payload signed with a private key of the server, so that the client can not change the payload without being detected

That way you never have to actually remember the tokens on the server, you just create them when needed and verify their payload and signature when you receive one

Ill look into it

@silent pier in what context?

basically auth tokens

@silent pier a possibly good place to look would be OAuth implementations

I don't want to make suggestions because that knowledge is two years rusty and I'd probably tell you something very wrong

OAuth is more about how to log in/authenticate with possibly a third party. It still requires you to manage a token to remember the client.

@silent pier generally the safest way to do token based auth is to create a token based on some random secret + the client IP and store it with a created-at timestamp and an expire-at timestamp in the database, then set it as a cookie in the client browser and check if the token is valid for that IP and if it's expired or not when the client makes a request

make the expiration like 24 hours of no activity or something, and just bump it whenever an action is done with that token

depending on how much security you need you could also have a maximum use time where it forces a token change once every month or whatever

in saying this I would discourage the use of a hash for token authentication since if someone generates a token using the IP and guessing the secret they basically have login permission for that user

but i'm not sure what a good alternative is

I just know it's a good idea to lock it based on IP

probably good to store the client IP in the DB next to a UUID or something

buuut, dynamic IPs are a thing and that's annoying so you could drop it all together and just do UUID with expire times, which is generally accepted as a good enough solution

JWT stuff is also a good idea

@thorn obsidian I dont really have ips so I guess ill generate a uuid for each user. But how do I give that to the user in a safe way

Actually lemme quote the protocol im creating

ah

the tokens will most likely need to be a UUID https://en.wikipedia.org/wiki/UUID

you give them to the client via browser cookies, making sure to set the HttpOnly flag and Secure flag to ensure they're only transferred by the client over HTTPS and not accessible via javascript

if it's not on a website then just try to make sure it's transfered in a secure way and stuff

Its not browser based either, its just over sockets

Final version over TSLsockets

yea that's fair

most stuff still applies

So upon reading about how create a UUID it says I need a namespace + name (or high + low significance), in my socket protocol what would this namespace be?

@silent pier Try a different uuid function (v4, i think) that doesnt require a namespace

Are they still unique then?

There wasn't much about them in the article i read, just that they are based on random numbers

https://docs.python.org/3/library/uuid.html

Namespace determines the "format" for lack of a better word

For socket stuff, uuid1 may be handy

If all you need is a unique token, and you'll store them on the server anyway, just generate completely random 128 bit (cryptographic RNG preferably) and add an additional check to avoid the almost impossible chance of having handed out that token already

I see no need to bother with UUID standards or whatnot in your case

if you want to guarantee uniqueness you could use a 'snowflake' technique like Discord

those are only 64 bits, too

The one part that doesnt quite stick with me is how the user uses this token to authenticate

do i just pass their token to the user, and they provide it if they have one

and that's it?

Or would I store a combination of a key (that i give the client) and their username into a hash or something

the point is

they give their usual credentials (username/password, email/password, already logged in session) to site A, and get the token. site A also sends the token to site B.

the user proves to site B that they have the token, therefore proving that they were able to log in to site A

(also, i didn't realize you were doing token authentication - a discord-style snowflake id is absolutely inappropriate for that. they should be completely random)

yee, its a token based authentication for a socket client-server

no that's not the way it always works @simple orchid

that's just the way Oauth works

cookie tokens are different

@silent pier in this case they send the username and password from the user once, then get a token and store that then reuse it instead of password as authentication

it stops the program needing to store passwords or constantly ask the user for passwords

don't use a hash

just use a UUID function and make sure the output is not a duplicate of another token

tokens should expire etc etc as above

Right

Only one way to get this rolling then, actually try it

haha good luck

i thought we were talking about oauth

Hey everyone

I'm kinda stuck in web-dev atm and I want to get closer to doing information security. I'm curious on certs that get taken seriously by medium / large orgs that I could do?

Namely to do with things like pen testing.

none of the certs are worth it

everything except an OSCP and maybe the NSA information security masters is useless

orginisations require shit like CEH for jobs, but it's the most backwards stuff ever, you might come out knowing less about security than you did going in

https://twitter.com/CroCyber/status/1043146646647914499

command shell trojan

netcat

@thorn obsidian CEH is total crap.

yeah

it is

I tried online quiz of CEH and tbh a kid can pass it too without knowing anything.

@thorn obsidian that shit is why I cannot stand people that say "I got all of the certifications and stuff"

lol

yea they're dumb

most of them are useless

or people that speak in pure jargon

double fuck those people

they know what they're doing and it's fucking dumb

they need to stop

https://interc.pt/2Q14FAi

@thorn obsidian
/me immediately goes to download said information

lol

Can't say I fully agree with the jargon statement

If you're doing anything with networks and systems, which is a huge portion of cybersec, then you're going to use a lot of jargon

You can sometimes reduce the use of acronyms, but not jargon

Didn't realize CEH was such garbage though, that's good to know...

OSCP is good, and I think the SSCP (Systems Security Certified Practitioner) is also good

Personally, I found doing the CCNA (Cisco Certified Network Associate) was invaluable, since you learn a ton of networking fundamentals and architecture

Hi guys, I'm new to the server, so apologize if I'm asking this in the wrong place. I am a Python coder moving from beginner to intermediette. I am still very new to this, but I do know that I'm not going into web dev. From the different things I poked my head around in, I realized I would like to work either in OS dev (so contribute to Linux kernal or any distros in the long run) and/or work in security. What kind of questions should I be asking myself if I'm thinking of these path(s)? There are a lot of resources out there, but I need to know what to ask - so any suggestions would be helpful 😃

Check the pins

There are several good sources of information in there

Keep up with those, and maybe try your had at OverTheWire

Regularly read stuff in the field for a while. Do that for a bit and see if you're finding it to be more of a slog or if you're thinking "wow that's cool".

@rigid plinth

@safe bear haven't taken any CCNA classes, but I can setup network switches and routers just fine, although it takes me a bit longer. 😉

I didn't take any either, learned by messing around with old equipment from eBay with my father and reading, and lots of practice tests and quizzes

It was difficult for a while but eventually it clicked

thanks @safe bear , I'm looking at them right now. The Bandit game looks very interesting - do you know if it's suitable for a noob?

Some of the stuff on there is kind of a waste of time though, like token rings lmao

Yes, it is @rigid plinth

The point is to learn as you go

@safe bear my last workplace had problems with rogue DHCP servers, it was both stupid and horrific.

I learned to trace those down from CMTS

There are some clues, but the whole point is you are supposed to Google and search for answers @rigid plinth

Oh wow

that's awesome. I have no problems at all doing that - just making sure that all of a sudden, I don't have to realize that I need a CS degree to figure it out

Rogue DHCP eek

haha yeah

it may seem like that, but if you get really stuck, sleep on it, give it another try.

If you're still stuck, there's nothing wrong with looking up the answer.

sounds good. thanks for the words of advice :)
this really seems like a great place to start with security 😃

Yes, that is a good mix of stuff

I thought of taking CCNA course but now I'm not.

Why's that?

Self-study worked well for me, but structure is helpful especially if you're having to manage time around other things

Institutions offering CCNA course here don't have a good review.

@safe bear without breaking NDA, imagine an endpoint modem fucking up and DHCP serving across the entire cable/cmts network.

Hmmm

Not possible to use Rogue DHCP detection on the switches?

We had to implement that here after people kept plugging in stupid shit to the network

If the modem is the perpetrator...how do you deal with that?

Isn't the equipment pretty low level until you hit the distribution layer?

DHCP is layer 2 tech

So it's well within a switches purview

Well, i mean i was being a tad simplistic there

but you can block it through layer 2 only

How high of a prime is required for diffie hellman to be safe?

largest number to not be vulnerable to attack i guess

what was that attack vs diffie

NFS?

unsure about the terminology, im just aware of a brute force way, and man in the middle attack

Seems like NFS has been demonstrated against stuff towards 2^750ish

oof

so like 250digits

i guess

Nix is Cryptography expert here.

tbh i've just seen people using 2048

¯_(ツ)_/¯

Time to find my prime

Apparently I am cryptography expert now

Feels good

to write a script to test my way down from 2**800, or just google it

You want to find a prime?

ay

Big prime for diffie hellmans key exchange

Generate random numbers in the range of numbers you want your prime to be in and use the miller rabin test on them until you find one

For 1024 bit primes around 40 rounds of miller rabin are recommended

So I guess that should be more than reasonable for you

I'm Cryptography noob.

does it matter how big the secrets are?

if i have a big p prime

and g i suppose matter, but im unsure how big these should be

dfh uses very very large primes that have been checked for safety

Like over a hundred digits large

Minimum or 2^1024 is recommended for p although depending on the duration of your connection you can choose smaller ones as the NFS method takes hours to crack an exchange

If you really want to be safe you gotta take more into consideration though

For example the prime factors of p-1

For g choose a number smaller than p which allows g^a mod p to result in as many numbers as possible (ideally all) between 1 and p-1

@silent pier

Read g is usually 2

for most cases

Well then 2 appears to be the number which allows the most results in the range from 1 to p-1 for the above equation

what about secret a and b? should they be completely random between 1 and n?

or have a specific size as well

couldnt find much om them

Other than examples with numbers below 100 🎟

random iirc

but like

huge random

Random Key?🤔

yes

Oh,that would be kinda complicated,imo.

no

Random Key for each ciphertext,right?

no

random keys for symmetrical key exchange

so one message gets transmitted

Oh, I thought of something else.

so like 2^512 huge?

thats only a 512 bit key

Private key~

but it's not some big corp security, just proof of concept really

do you guys think taking a ethical hacker course is worth or are there better courses out there

no

better than what lol

oh why is that>?

@silent pier For PoC 512 is good.

USBKill,one who gives a high voltage of electricity when plugged in PC?

So like if someone was to try and use a ducky or something?

Wasn't aware of usbkill until now, that's neat

I'm not at that level of paranoia (yet)

Good idea extending it to other interfaces commonly tampered

My systems are Windows 10 bare-metal with WSL + various Linux distros in VMs

Yeah, it's only going to work on the typical modern Linux distros

Yeah

I was playing around with those a month or two ago for a random project

They're pretty easy to do

https://github.com/GhostofGoes/Astolfo/blob/master/service.py

Would be neat if could run as a Daemon in WSL

Can't recall if it's possible yet to get them to come up on boot yet though

I might take a look tomorrow at adding Windows functionality to this

Might simply be a matter of calling the right APIs through ctypes or whatever

Quick question though, why AGPL?

It's not going to be used over a network

Ah

Just more complexity than what you already have with GPL...I just put everything I do under MIT nowadays 😛

@thorn obsidian Oh,sorry for that.
But great job dude.

Massachusetts Institute of Technology🤔

Yes, google "MIT License"

Oh.

It reduces complication and encourages sharing

So, stopped GPL'ing my stuff a few years back

So the MIT license is used for making programs open source?

KeePass and LastPass

Because I'm lazy and my setup works efficiently while still having adequate security

You encrypted your database with AES-256,iirc.

KeePass

👍

KeePassXC because it‘s pretty good

openssh is bad, they don't fit in with normal key procedures, don't allow x509 and implement their own garbage standards.

oookay

I've been working on a universal standard for people/companies to implement hardware security keys.

right now the biggest stick in my craw is that openssh doesn't seriously support x509 and I'm trying to figure how how to get it to work.

I'm probably going to be forced to make another CA with some weird implementation

but that's more hot garbage

thanks to openssh folks

Certificate Authorization?🤔

@thorn obsidian so get this, they wanted to avoid x509 for "unacceptable risk" basically, then go implement their own CA and ssh key mechanisms

@upbeat palm Certificate Authority

Oh yeah,now I remember.
Thanks @valid furnace

basically it's unrealistic to be expected to keep a constant up to date list of every allowed/banned user on each of your 1000s of servers.
You simply put a company public key on each server that never changes.
Then any user who's "signed" by the company key will be allowed in.

A type of constant key.

https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html

pretty sure this belongs in "anti-security"

or "assholes that don't know what security is"

Plenty of people don't know what security is.

A Taiwanese guy challenged Mark Zuckerberg to hack his account and said he'll do it live.

lol

yeah

The fact is "Facebook" is total insecure.

aw shit

hopefully that breach comes through into the HIBP db

if it's a serious one

Which one?

the 50m breach for facebook

I deactivated my Facebook beginning of May, but I don't think I deleted it fully... Need to do that now.

Not that it would matter, they still keep the data around for at least a year.

I don't think Facebook is really insecure

I'm pretty sure the website that handles my taxes in my country is full of critical security holes. It's just that noone cares to exploit them because it would be pointless

yet, people still use this website to pay their taxes

Ignorance is bliss : )

why would it be pointless?

because I come a country that noone cares about : )

My point is that Facebook is surely more secured than most website people use.

everyone cares about something

if it's got a security problem someone will hack it and sell the information

https://curl.haxx.se/docs/CVE-2018-14618.html
libcurl contains a buffer overrun in the NTLM authentication code.

http://phrack.org/papers/escaping_the_java_sandbox.html

Damn, I missed the Taiwanese guy challenge.
Any news on it? @thorn obsidian

nope, haven't heard anything

Oh,okay.

@thorn obsidian If I may ask where do you live?

In a beautiful country 😃

https://www.google.co.in/amp/s/nypost.com/2018/09/29/zuckerbergs-own-facebook-account-got-hacked-in-breach/amp/

50M data included his too.

Is there a technical details on the vulnerability?

Not yet

fingers crossed that ends up in Troy Hunt's db

If he can track it down

yeah

Why fingers crossed for that

i think the responsible thing for FB to do would actually be to disclose it

I doubt Facebook is sharing enough to provide an anonymized list he can use

to him specifically

Since iirc he uses hashed emails

HIBP is getting some serious grunt behind it

yeah

everything's hashed

They might not be at the point yet in the investigation to know the full and precise scope of the breach

at least they shouldn't have to an equifax

I never mock companies when they have security flaws, because if I was the developper, there would be 10 times more 😃

:D

🤔

Yp.

😃

IT wasn't a password hack.

It had to do with session cookies that were static.

How such a feature could be implemented without a timeout is beyond comprehension.

okay but i'm more curious about what data was taken

https://www.troyhunt.com/pwned-passwords-now-as-ntlm-hashes/

github using pwned passwords now too, nice

people should use this ^

build it into stuff

Yup.

https://www.troyhunt.com/the-effectiveness-of-publicly-shaming-bad-security/

Probably doesn’t even get passed down to the tech team

Lol

lol

oh @thorn obsidian

i saw someone was doing the NTLM hashes as a side project of their own

nice that it's integrated

you build in API calls or lookups to stop users from choosing dumb passwords

and regular dev is security related

fuck me i don't have time for this

thats their problem then

you can say "Not our fault you picked a dumb password, we told you"

/shrug i dont do user support

disallow a list of the most common passwords

if it's a fixed salt it wouldn't be a problem

@thorn obsidian I want the raw database leaks so I can correlate metadata to deanonymize accounts.

but that's just me.

he doesn't release that on purpose lol

@thorn obsidian ok so i'm less busy and the stuff you were saying was dumb, so here

as a company it's your responsibility to protect users from security risks, both legally and ethically, so making sure your users don't use a password that is known to have been used before is something that they should be doing. It provides a very large security gain to users and stops credential stuffing, which is one of the most common attacks on people's accounts these days. Checking tens of millions of passwords is very fast, especially if you use the API he provides. The password database contains unsalted passwords so you just compare the plain password hash, and hash+salt when you store it in your own backend.

As for rate limiting, it's mostly ineffective since chances are very high that the user uses the same password on every site, so it will succeed on the first login anyway. IP based rate limits are almost useless, people can use any number of IPs and machines to brute force things, especially with IoT these days.

also lots of companies prevent password reuse, including github, EVE Online, and 1password

they all use the system built by troy hunt

@thorn obsidian I guess that way we/you can prevent "bots" from trying hundred millions of password,but what if they use proxies?

Oh.

yes

Either way,it won't last forever.

it's in the NIST standards

people should be doing this

yes

Recpatcha is a good way to avoid bots.

What is preventing password reuse?

Oh.

When I was on telegram people use that old hit and try method to from their so called combos(combination of email and password like this afhzbhshh@gmail.com: password123),they use it with proxies and configuration file of a tool and test it on website like Spotify, Netflix etc. That way they earned a shitload of money.
Google password creator is good.

That's like comparing Krillin to Goku SSJ

hey i was scrolled up

but seriously

preventing users from using passwords already exposed in breaches

is a fucking brilliant idea

Indeed it is.

Sometime paranoia is good.

Everything Xair has said is literally the best practice we could be doing right now

Just because you as a user are technically aware of the threats you face doesn't mean developers or even the company your work for shouldn't actively try to mitigate risk

and that's pretty much what this is

mitigating risk.

tbh now there's NTLM hashes i might see if i can convince work to let me deploy something to our client's environments

it would prevent some really dumb shit from happening

+1

Even though there are so many ways to make secure things no one implement it.

i feel like there are bigger problems

people ignoring NIST and NCSC standards for no good reason

Biggest bitch of mine is not allowing pasting into password fields

Biggest bitch of mine?

oh, biggest bitch = biggest complaint

:)

bitch being used to mean something that annoys me etc

Oh, I'm not good at understanding puns.

it's more like a western turn of phrase

like if someone's complaining about something they're "bitching"

but also if something is actually really cool it's also "bitching"

like "Terry wouldn't stop bitching about how i burned his eggs."

but also "Terry said my eggs were really bitching!"

English is logically broken

Oh, I'm gonna try it.

english is pretty memed

also yea not allowing pasting into a password field is the worst, anyone who won't allow that i just refuse to interact with tbh

my bank is the most insecure system that i currently use, which says a lot about security in companies

No one thinks that the security will be going to be first priority of digital world in upcoming years.

Hi I just released my first big project which is a new penetration testing and exploitation framework. If you are interested in helping add some utilities and plugins feel free to make a PR or get in contact with me. I would really like this to be a community driven project and hope to make it much more usable and updated often! Need all the help I can get. Heres a link to the framework for now 😃 https://github.com/DarkSpiritz/DarkSpiritz

Even if I want to I just can't.

@upbeat palm why not?

I don't have any way to pull request, I can't use Git to pull request i.e. no PC.
But your project seems good.

Pull requests are done on the website

I asked Nix and he said after pulling request I have to use Git.

And he said it'll be overcomplicated for me.

You can also just send them to me

any plugins you make

or just email and ill upload them myself 😃

Really?
Thanks. @chilly elk

I'm gonna work then.

sweet 😃

appreciate it

youll be credited on the README and in the framework

Oh.

what?

something wrong w that? what else would u like? @upbeat palm

Nope,that's enough for me.
Thank you, I'll contribute to this project with all my potential.

thank you

@chilly elk what plugins are you looking for

@thorn obsidian anything you think would help with penetration testing

Not anything I can make haha

But good luck!

thanks

@upbeat palm its the other way round, in order to get to the point where you can create a PR you have to use git, the PR creation itself is done on the website

@chilly elk is there any particular reason you allow python only plugins? For example I wouldve already contributed to metasploit or at least tried to if it wasn't written in ruby, why not use a stdout stdin based plugin system like for example neovim so everyone can contribute in the language he is best at?

If there is nothing against it I would be willing to try and implement it together with a few plugins

@orchid notch That's the reason I dropped the contributing idea.
You're right, I should work on my bot now.

I never said that

The last onr

Yup, I said it.

@orchid notch well because its a python framework you can use the run() command from plugin_support to run shell code so if you wanted i dont see why you couldnt add your own scripts in whatever language to storage and just have the plugin run that

i see

thanks

in that case I'll add a plugin i have in mind soon ™

sweet appreciate the support 😃

https://www.wired.com/story/facebook-hack-single-sign-on-data-exposed/

alrighty

next PR is out for now so lets do dis

your installer is somewhat interesting

@chilly elk

oof

@orchid notch where to you get the cool terminal layout?

just a arch feature?

powerline9k + config files

im on fedora atm

anyways

lets manually install dis

fun

this installer was sure written for some outdated fedora

this installer just destroyed my softlinks to python2

fkin hell

"fixing python2"

@orchid notch does that work over ssh?

I'm guessing not

ofc not

its a prompt

Yes cool

Well fuck you to then

;^)

i mean you could install it on the machine and configure it there.......

then it would work

Its a virtual host

why is it installing telnetlib

that thing is in stdlib

this code is really damn old

lots of the packages its installing atm arent on pypi anymore

@orchid notch what Distro are you on?

fedora 28

is that dsf package manager?

dnf

yes

dny badf yeah m

i meant dnf

but all the packages its installing are outdated/not in the repos anymore /already fixed it btw

and the pip packages

ok

lots of them are either not their or in stdlib already

it works fine on ubuntu and arch

and debian

maybe its just the fedora

weir

thank you btw

did u look at the installer script

and figure out what was broken

i mean

im assuming i have to run this under python3?

oh nice internet lag

wooop

its python2

so idk why you would do that

wait no

i wanted to write 2

i executed it under 2

misstyped

all good

im touch typing from a 60 degree side angle

hard to hit numbers correctly 😐

oh boy

why the angle of attack lmao

60 degree

uh

fedora on laptop

next to me windows pc because im doing word stuff

so laptop goes left to the screen

ah i see

fun

so once i chose an exploit for example, how am i supposed to configure it

ill try installing a fedora VM to see if i can fix

well you configure it as you would with metasploit

use the 'retarget' command

which will allow you to go through the config and change each value

"Unknown syntax: retarget"

atm im working on a way to add values without manually changing config.xml

you sure?

im guessing you already used use

yes

if so type back

and then retarget

you have to retarget from within the main framework not inside of an exploit

wait so

every exploit gets all the variables etc passed

only if they call for the

them*

but they can use any value from config.xml

so say they want the target

it would be

ask.target

say they want LHOST

it would be ask.LHOST

using plugin_support

ok

https://github.com/DarkSpiritz/DarkSpiritz/wiki/Plugins

theres an example plugin there

you can see how the ask feature works

oooh

a wiki

didnt see that one

yeah i still have to work on it but ill add as ds grows

alright

so as i used it recently in a theoretical attack on a web page ill port this drupalgeddon2 ruby script to python now i guess

yay ruby

i suck with ruby lol

which is why this is python

never even wrote ruby

gwyn is good with ruby, ill just ask her if i have questions i guess

you can do anything in python that u can w ruby

just using diff methods

yeah i know

also try to refrain from using raw input

but the ruby syntax

just because we would like to be able to just pull from config settings

diamond operator for example

<>

==

!=

¯_(ツ)_/¯

try not to use print as well

if you can use text(), success(), fail(), and warning()

yeah seen it

luckily enough this is well documented ruby so it should be easy to port

i hope

i was going to try and port over somethings from PTF but its all weird

it basically just downloads the tool and runs it as command line

and for the python2 dependencies you might want to move them to a requirements.txt file?

yeah i just cant be bothered to pip freeze

and pipreqs is py3 only for somereason

pipfile?

whats that

@orchid notch going to work on a new installer

pipfile is this new standard used by pipenv

not sure if it likes python 2.7 though

oh

well i fixed the install script

go ahead and type reload it should fix @orchid notch

im running on a forked version

wouldnt it be better to update from remote and stuff?

well its assuming you followed the getting started instructions and cloned from the repo

i dont have a server to be able to host

https://whynohttps.com/

to be fair

lots of those pages are in china

yea, and china is dumb

but lots of them aren't china too

china is very far from dumb, naive to say

Hey guys. I've just started to learn source control and I've written a basic program.

I need to use API keys in this code, so I've put the keys in a dotenv file and added that to my gitignore.

And I'm using python-dotenv to pull in the variables.

Is that prudent or should I be doing something better.

When I move this onto AWS serverless infrastructure I'll be using AWs Secrets Manager and a API private key stored in s3.

that's fine

https://github.com/DarkSpiritz/DarkSpiritz3
Dark Spiritz Base Framework in Python3. Everything in the original wiki still works 😉

here's a CTF challenge

Tip - There's a reason it's a .txt and not .asm file.

You made it on your own​?

https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-6

lmao

I never realized there were Wi-Fi numbers

I just always knew them as 802.11x

ax is new to me tho

and apparently they're skipping over ad

which is 60ghz

Article says ax going to be the fastest, skipping over ad?

802.11ad

Oh.

@upbeat palm yes

@lean skiff Looks good.

so many wifi letters

it's hard to keep track

a, b, g, n, ac, ad, af, ah, ai, aj, aq, ax, ay

plus the 2007, 2012 and 2016's

lol, they're calling ax "WiFi 6"

and yeah @safe beari think they're skipping over ad because other technological improvements happened

that were more significant i guess

802.11ay will be 60ghz again though

peak transmission of 20gbps apparently :o

Can't do anything.

Peak transmission is 20gbps,damn.

What’s this ?

WiFi standards

802.11ay supposed has 20gbps peak transmission

ayy

@lean skiff Is it a reverse engineering challenge?

@thorn obsidian Read above article.
Or this one
https://thehackernews.com/2018/10/wifi-version-6.html?m=1

so its about hacking

lol

i wanna become a pro hacker

They're called security researchers

Kind of,it's related to wireless security.
I want to become security engineer.
Checkout the above CTF.

and it's more boring than you think

Yup.

pen testing is a subset of security researcher and it comes with a hell of a lot of paperwork

Yup,yup and yup.
Sometimes it can be boring and sometimes it can be challenging.

You know,I know a guy who did this hacking competion thing where he had to hack into some computer or something and he won,now he's in the MI5 or MI6 whatever it is.

You mean CTFs at DEFCON?

MI5/6 don't employ people off of competitions alone o_O

He was probably a solid researcher already

MI?🤔

Well idk lol

The UK intelligence services Robin

OMG.

But he did get into mI something from knowing how to "hack"

India doesn't have a intelligence service, afaik.

Yeah you do

All countries do

pretty much

your indian? @upbeat palm

The Indian international intelligence agency is called "R&AW"

But I guess it's confidential.
Someone hacked(a government website) and posted Doraemon photo.
Yup.

Yup, Research and Analysis Wing.

Anyways could some of you guys like hack discord n stuff??

Hack discord and stuff?

Errr, probably not.

Yes like are you pro hackers?

Security really isn't as exciting as you think

Should i watch out whaty i say or will a bullet will go through my window in next 30mins?

I don't specifically work in security but I do secure networks / systems for a company

And just yesterday i had to prove to a bank that a client wasn't hacked

BUT HE WAS

HEHE

Erm, no.

It was a fraud investigation and the write up was boring

If were one, I should've been hacking something right now.But I need to learn a lot i.e. Cryptography(learning now) after that networking then reverse engineering etc.

Like 2-3 pages of A4 explaining why the specific fraud couldn't have occured resulting from a data breach

After i did meticulous evidence gathering

omfg

i cant write 1 page at school

Good luck working in IT.

:P

@upbeat palm crypto

im doing ITC so like html etc

Security involves lot of writing and communication.

@lean skiff Looks good.

Pretty sure the C stands for communication in that

¬_¬

Hacking software like discord is really not something this channel is for. Keep it clean please

^

Sorry b

Also it's a super dumb thing to even try to do.

How come?

It's illegal and what do you even expect to gain out of it even if you succeed?

A crap load of login credentials that you then have to get rid of somehow?

yes

A bunch of hackers just go caught in my country

where u from

netherlands

do you smoke weed?

They were a group of russians trying to steal toxic gass

No

Weed is illegal here

IS IT?

Sorry off topic

Recently Korea Hacking team came into the show.
They tried to hack world bank.

APT8 or whatever

North Korea have apparently been breaking into a lot of national banks recently

for smaller nations

https://thehackernews.com/2018/09/linux-kernel-exploit.html?m=1

Google security engineers are awesome.
Extraordinary minds.

@lusty flare Yup,in your country?

Hell no.

The UK has a fairly robust banking sector for now. ;)

I always want to visit UK for vacation, will visit after getting job.

Robin it's pretty boring unless you go to london but that is wayy too busy for my liking.

Cardiff is a nice place. Plus there's lots of historic stuff to see all over the country.

It's not all down in London ;)

Well if you like historic things go to Nottingham(home town BIG UP) see like robin hood,castle,museum,some caves(more like museum)

Let's move to #ot2-the-original-pubsta

@thorn obsidian

ermm

Tip - There's a reason it's a .txt and not .asm file.

i'd rather not download it

😕

i dont get it

It's not a virus/worm/trojan dude,it's a CTF.

i downloaded it

but idk what it is

00000001 27 DAA
00000002 60 PUSHA
00000003 5F POP EDI
00000004 4D DEC EBP
00000005 2338 AND EDI,DWORD PTR [EAX]
00000007 6E OUTS DX,BYTE PTR [ESI]
00000008 3C7D CMP AL,7D
0000000A 7C46 JL 00000052
0000000C 45 INC EBP
0000000D 56 PUSH ESI
0000000E 305353 XOR BYTE PTR [EBX+53],DL
00000011 64743E JE 00000052
00000014 722F JB 00000045
00000016 6F OUTS DX,DWORD PTR [ESI]
00000017 4B DEC EBX
00000018 4B DEC EBX
00000019 256C472234 AND EAX,3422476C
0000001E 7E67 JLE 00000087
00000020 317B63 XOR DWORD PTR [EBX+63],EDI
00000023 636161 ARPL WORD PTR [ECX+61],SP
00000026 762A JBE 00000052
00000028 294C7877 SUB DWORD PTR [EAX+EDI*2+77],ECX
00

wtf is that

How are you going to be a pro hacker then?🤔

that's assembly

idk

its just numbers and letters

Yup.

I got a great book on ASM

It's from like the 90's

boss gave it to me

Oh,man
I want to learn assembly but it's freaking complicated.

that's why i haven't read the book

¬_¬

it's easy asf

tears of blood
Wonder if it was.

0000004A 58 POP EAX this means that is a assembly of POP EAX and POP EAX is 1512

Easy

👏

Solve it and do a write-up.

ok

00000001 27                              DAA
00000002 60                              PUSHA
00000003 5F                              POP EDI
00000004 4D                              DEC EBP
00000005 2338                            AND EDI,DWORD PTR [EAX]
00000007 6E                              OUTS DX,BYTE PTR [ESI]
00000008 3C7D                            CMP AL,7D
0000000A 7C46                            JL 00000052
0000000C 45                              INC EBP
0000000D 56                              PUSH ESI
0000000E 305353                          XOR BYTE PTR [EBX+53],DL
00000011 64743E                          JE 00000052
00000014 722F                            JB 00000045
00000016 6F                              OUTS DX,DWORD PTR [ESI]
00000017 4B                              DEC EBX
00000018 4B                              DEC EBX
00000019 256C472234                      AND EAX,3422476C
``` These mean bob is going bankrupt becuse he lost 159313£ and he only has 50003$

dun

What the 😕

yh ikr i was confused at the start

Tag the creator of this CTF.

me?

LappySheep.

@lean skiff

ok

done

am i getting hacked now?

Where is flag?🤔

upstairs right room

Taking the piss is a great way to not get taken seriously

Sorry?

I'm out now.
I can't take this anymore.

Same.

Same.

what is going on here???

just teaching some CTF

@orchid notch Dude,there is a crypto CTF,see if you can solve it or not.

where when what

What should I explain first?
Where?
When? or
What?

See above chats.

scrolling

roles eyes

is it that asm file

yes

and whats the challenge?

its pretty easy tbh

if there is no challenge its not easy

Well I think the guy was being cryptic in saying it's a .txt file not an ASM for a reason

idk what that reason is

Same.

@thorn obsidian Solve it then.

i alreeady did

Oh,yeah.

If none of us will be able to solve this, I'll ask for a write up from that guy.

@thorn obsidian hi yes

i was pinged

I got told too ping u by @upbeat palm

not sure why

i can give another hint

That's a good thing.

tip - the offsets are very important

O_o

@lean skiff One thing,the reason it is not .asm file is because it can't compiled?🤔

no

Gotta say,you did a good work on it. @lean skiff

thank

this was a mean challenge tbh

i wont be surprised if no one does it

😂

I'm a beginner (most of us here), don't expect much.

oh thats fine

no me a pro

i solved

https://gyazo.com/1f64b343b651fc88bfe2ac64f92e9234

You know the topical channels are used for topical chat and not just dicking about, right?

I'm done with this challenge, should I ask for a write up or you guys are solving?

https://www.reddit.com/r/news/comments/9lac9k/china_used_a_tiny_chip_in_a_hack_that_infiltrated/

That's a good info, thanks @valid furnace

The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.

BMC modification

fucking evil

oh

DRAC type stuff

as I understand it, forging microchips in a way that they wind up on computer motherboards and allow remote attacks

You're aware of what DRACs do?

nope

There's a similar flaw posted here earlier i think about flaws in Dell's iDRAC

Well BMC's have their dirty little fingers in almost every part of a server

Meaning that you can completely control stuff through the management port

Including full OS re-installs etc etc

OH, yeah, of course

So being able to get into the BMC allows you to have total control of the server

through any OS reinstall

management ports on servers. I tend to leave them disconnected

but I don't typically deal with that scale.

Well, you can't really do that if you've got a lot of shit to manage

Or if you've got a server in someone elses building

sure.

Usually the management networks are completely closed

but if a sys admin gets popped they might be connected to the management network also

it allows you to remotely access the monitor, start it, shutit down, access other control features

well, less so access the monitor

direct access to the machine basically.

it's more like a router's web panel

you're thinking of Network KVMs

sure, my servers have a remote console that allows me to access the video

through the BMC

i dunno how advanced they've got now, but last time i messed with Dell's iDRAC it was all shells and web panels

oh yeah, it's full on video rendering in browser.

Nifty

Anyway

If you can exploit a BMC you've pretty much got persistence

and you can't really audit the BMC

except by monitoring traffic on the management network itself

yeah. :/

It's a similar issue to most firmware type persistence

There's not really AV for firmware

Closest we have iirc is stuff like TPM to check integrity

but in many cases that's poorly implemented and allows for some dirty tricks with BIOS exploits

That sort of attack is going to be hella rare though

super targeted super nation-state

In a nutshell,it'll give full access to it,man security indeed requires a lot of brainf*cking.

For making BIOS exploits , I need to borrow your assembly book ,Bisk.

;D

@upbeat palm I cannot provide you with the writeup yet

as the challenge is still open on a different server

once the challenge is completed on the main server either the completer or I will publish the writeup

whats a writeup? @lean skiff

It's where you write things up about what you did to do the thing.

A.k.a. a report.

Which is.... as I've said before... A shit load of what security research (HACKING) is.

Holy shit that’s insane

And also wow they must be smart af

Like literal geniuses

@lusty flare oh, also, I figured I should tell you the full major features of current BMCs
You can fully remotely:

• Attach USB/CD Drives or load ISOs
• view the vga/screen console and access keyboard/mouse
• control the server power functions, monitor some things

That's the jest. You don't need to sit in front of a server to set it up or wipe it. You can manage them all remotely entirely.

automatic boot, automatic deployment, automatic setup, automatic power management

I'm aware of what they do

It's my job

The VGA thing is new to me, to be fair.

ah sorry. 😉

@lean skiff Oh,no problem but ping me when you'll provide write up.

Lord Bisk is indeed the Lord of networking here.

eh, don't say that

people will raise their expectations of me

that's a tricky position to hold

;D

Don't know about other, but I'm the one.
:P

https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-labs-threats-report-highlights-cryptojacking-blockchain-mobile-security-issues/

@tepid tundra Yup.

There are two Scott?
Ransomware is most common cyber attacks these days.

https://www.redhat.com/en/blog/what-you-need-know-about-first-ever-dnssec-root-key-rollover-october-11-2018

Wi-Fi Alliance may have skipped over ad, but IEEE didn't

Hence the existence of 802.11ad

The whole SuperMicro thing smells fishy since all three parties, including the two impacted, actively denied it

Which as was mentioned on Ars Technica, is not what you'd normally see if they were simply under a gag order

iDRACs are handy

Obviously, you put them on a separate network with a different set of security controls (read: much stronger)

802.11ad is the fastest as of now.

Yes

Also the lowest range since 60ghz

Yup,and kinda expensive too.
I guess you did some research on it,right?

No

lol

i mean, that seems crazy

they'd have trouble going through people, like it would distort the signal when you walk past someone LOL

stop breathing, my video is buffering!

literally yes

It's intended for small spaces, like a living room, conference room, office, FBI surveillance van, etc.

Which is not a whole lot, and it rather reduces mobility

I'm quite experienced with this

i would have ethernet to my phone and tablet if i could tbh. fuck wi-fi :D

I've definitely had 3 ethernet connections to the same laptop on multiple occasions, and possibly 4 once sometime

One

And two USB-Ethernet adapters

And I think they were either directly mapped or bridged into VMs

All told I probably have close to a dozen USB-ethernet adapters at this point

They're so handy

Nope Windows

VMs are usually Kali or a Ubuntu devbox or whatever

So much VMs he can't even remember the names.

Yes actually

Which is annoying when I forget what computer a VM is on

Wish I could just magically sync everything

USB ethernet is 😙 👌

hardest part is keeping track of all the networks

my work PC is on 3 different networks

Damn.

@lean skiff Is that challenge over?🤔

By track you mean network traffic?

yeah, making sure you don't flow stuff in the wrong place

Oh, gotcha.

BTW have you ever used Vega or Burpsuite?

nope

@upbeat palm no

its open until its completed

😖
There's no time limit or something?

Those are web app exploit tools, know of but haven't used

@upbeat palm no

my most recent "long and difficult challenge" lasted a few weeks i think

reposting CTF challenge

https://www.virustotal.com/#/file/0d03ab589d01ba2f172defcda613552a13c05b2f7058a04d1f535c2c825c58a6/detection

would anyone be able to explain how encrypting and decrypting using integers works in further detail? my teacher has not explained it to where i can understand it.

@inland oyster using integers as in

the integer is to be encrypted/decrypted

yes

or the integer is used in the encryption

oh

that makes more sense

using modulo

I'm assuming you're talking about the RSA encryption/decryption process?

i don't know what RSA is

or a variation/derivative of it

RSA is an asymmetric-key/password method of encrypting data

def encrypt(data):
newStr=""
for i in data:
i=data(i)
newStr+=i%10+7
return data

by using the fact that large primes are hard to decompose

i don't understand why it would be modulo before adding

thats what i did

not the teacher

if the list is 10 long and you add 7 to 5, you get 12 which is still over the 10 limit

it needs to be adding first

i'm assuming from the code that there's a list of 10 items

oh right because its a digit

lmao

okay

so

you need to add 7 before modulo-10-ing it

or actually

all you have to do

is instead of using modulo

just

1 sec

35%10 = 5.

is basically what the teacher wants us to use

yes

a modulo b = ((a/b)-(a//b))*b

35 % 10 = 35 / 10 - 35//10 * 10 = (3.5 - 3)*10 = 5

you are getting the remainder from a division

yeah i understand that process but putting it together in the code is where i struggle

'

and you dont need to use modulo if you have the digits

because all you have to do is read the least significant digit

aka the units value

if the number is 14

adding 7 gives 21

and reading the last digit is 1

so using this method you can skip a cycle

are we discussing encryptions?

not even encryption tbh

i wouldn't call this an encryption

im seeing RSA there

Do you just have a script subscribed to the word "RSA" in this server Nix?

def encrypt(data):
    final_string = ""
    for character in data:
        integer = int(character)
        new_integer = ( integer + 7 ) % 10
        new_string = str(new_integer)
        final_string += new_string
    return final_string

no

i just came back from dinner

you want the addition before the modulus operator

and saw oh people are writing in security

Umm hmm

and then i saw modulo

since the modulus operator is what is required to make sure it doesn't go out of bounds

and then i thought well modulo is quite intersting when it comes to encryption lets read up on history

if you modulo first before addition, out-of-bounds is still possible

also if you really wanted a good method of encryption

you should look up on modular exponentiation

used in prime-decomposition related encryption methods like RSA and PGP (iirc?)

yes

well

cool i'm not stupid then

PGP isnt an encrypt method

well

thats deep 😛

its a collection of ciphers (including RSA)

PGP uses 2048bit RSA though methought

or OpenPGP anyway

but there are more ways than prime stuff to do good encryption

@inland oyster if you really want to you can add a cryptographically pseudorandom key generator

for example Substitution Permutation Networks

like AES

which runs through the string and encrypts each with a different digit

which is better imo

that would result in a really long key though

not really

you could define an encryption standard and set a salt for a key before running it through

all they're asking for is a 4 digit number to convert to another 4 digit number using modulo and print it to you

if it comes to modern symmetrical encryption the majority relies on some block cipher nowdays

oh we're not really talking encryption then

mhm

sad

that's what i said earlier smh

lol

@orchid notch also just curious

did you have a go at my CTF challenge

i looked at it and had some thoughts but i eventually decided that the war with word over the colorisation of my encryption paper thingy for school and now my latex table war for the same thing because i gave word up because of the color problems might be more importnat