Skip to main content

Posts

100 Reps

Recent posts

PicoCTF: The Debugger

GDB baby step 1  Can you figure out what is in the eax register at the end of the main function?  For Mac, gdb can be installed via homebrew: brew install gdbGDB baby step 2 Learn how to disassemble a program from binary file. Here we can see that in line 15, 0x86342 is copied into eax. The output here seems to reverse the arguments.

PicoCTF: Intro to Assembly Code

Intro to Assembly Code Bit-O-Asm-1 Task: Can you figure out what is in the eax register? This is the assembly code. I had no idea how to read it. <+0>: endbr64 <+4>: push rbp <+5>: mov rbp,rsp <+8>: mov DWORD PTR [rbp-0x4],edi <+11>: mov QWORD PTR [rbp-0x10],rsi <+15>: mov eax,0x30 <+20>: pop rbp <+21>: ret Lots of things are happening there is the <+0> structure on the left which I now learned is the line number The push, mov, pop and ret are called operands. These run an action. The stuff on the right are the arguments. In line 15 we see that we are moving 0x30 into the eax register. The number is in hexadecimal so 3x16 = 48 Flag is picoCTF{48} This exercise taught me how to read the assembly code and know how numbers are moved into different registers Bit-O-Asm-2 Task: Can you figure out what is in the eax register? <+0>: endbr64 <+4>: push rbp <+5>...

PicoCTF: Low Level Binary Intro Playlist

Mochi's Tale Mochi's Tale is a really cool little game that teaches you how to "find things out" through experimentation. I found it a really helpful way to get you into the rhythm of learning rules without being told what they are in the first place.

Learning goals - Git Gud

 In 3 months there will be a CTF event that I want to attend. I know absolutely nothing useful for CTF to even compete. I am not going to be so deluded that I can catch up to their standard and mastery before then to win a placement there. However, I want to see how I fare with the challenges. I had a look at HackTheBox, OverTheWire and picoCTF. picoCTF seems the most friendly so I will start there. 10 years of experience in software development will be an advantage and I can fast track through a lot of basics. But I will go through the material at 3-4x speed to make sure I cover all bases. There may be key points in the basics that I miss/forgotten. Step 1. General Skills https://youtu.be/3OawXnTELqA Key Points: Binary numbers Encodings Mappings of a number to a meaning Practice: 2Warm Warmed Up Lets Warm Up 2Warm Can you convert the number 42 (base 10) to binary (base 2)? Doing it manually. 32 16 8 4 2 1 1    0  1 0 1 0 Explanation: Write the powers of 2 until it h...

Learn and do: deHydration hinders performance

I would like to stay at peak performance. I am really bad at looking after my body. Setting up hourly water input into my body. According to the video, the first 10 hours.

Linux Admin: Process Management

fg − Brings the process to the foreground bg − Moves the process to the background jobs − List of the current processes attached to the shell ctrl+z − Control + z key combination to sleep the current process & − Starts the process in the background

Linux Admin: SystemD

systemd loads up Linux faster than its the older sysvinit. It manages Linux services Use this to see the boot services systemd-analyze You can even put it into a graphic systemd-analyze plot > SystemBoot.svg Check the state of a service: systemctl --state bluetooth List the services: systemctl -t service Start and stop a service systemctl start ssh systemctl stop ssh N.B. don't need the ".service" suffix Check the status of a service systemctl status ssh.service  Control groups set limits on the system resources of services An attacker trying to run crypto-mining software on your server might check and modify these limits

Linux Admin: Managing Users

I read through Chapter 2 of Linux Admin for Absolute Beginners by Martin Stevenson Key Learnings: Add Users Passwords User groups How to add users The flags of adduser varies across different version of Linux, so consult the man pages for more info. I am practising on Kali Linux, the simplest command is: sudo adduser --comment "Gym Owner Terry Crews" tcrews You will need root access for this. So using the root user or adding sudo will work. Sometimes you'll see another command useradd instead. The recommendation is to always use adduser. adduser is a wrapper for useradd.  adduser is more user friendly and interactive than its back-end useradd . There's no difference in features provided. Why is this important? This is how we can create an account for users to access Linux servers. If you have a new employee at your company or student who enters the university, they'll need access to the shared drive, a private drive for themselves etc. Groups Groups keep users i...