Hack Challenge Redo (part3)

We had a small break with our hacking challenges Redo. The format of the Meetup required a change, to accommodate for less experienced visitors. And as much as I love the SANS Institute Challenges, they tend to be quite a puzzle, especially later one. So for now, we are going to focus on couple other Hacking Challenges that are available online. And hopefully in December, when new 2022 SANS Hack Challenge starts, we will have a group ready to battle it together πŸ™‚

Let’s start from Over the Wire. There are plenty games there, we will start with the Bandit, as most suitable to get used to the platform. Bandit offers 33 levels to play, it teaches Linux commands and tools. In each level your goal is identical, find a password to the next level, but let’s start from the beginning.

Over the Wire artwork

To play Bandit you will need to establish SSH connection to the Over the Wire lab server, all details of connection are given in Level 0.

So, what is SSH?

Secure Shell, sometimes referred to as Secure Socket Shell, is a protocol which allows you to connect securely to a remote computer or a server by using a text-based interface. When a secure SSH connection is established, a shell session will be started, and you will be able to manipulate the server by typing commands within the client on your local computer. System and network administrators use this protocol the most, as well as anyone who needs to manage a computer remotely in a highly secure manner.

How to use SSH on Windows?

Most common ways of using SSH on Windows is by using one of the clients. Most popular clients are: PuTTY, BitwiseSSH and OpenSSH. Windows 10 users have now the option to use build-in OpenSSH client. Just follow the installation details of your choose client.

How to use SSH on Mac?

Mac’s have build-in Terminal feature, that provides SSH client.

How do we do it on Linux?

That shouldn’t be a problem for any regular Linux users, but in case you are just starting with Linux. Go to your terminal and type:

ssh

This should list all ssh details and commands. If that’s not the case, just use the following command to install OpenSSH:

sudo apt-get install openssh-client

Full list of common SSH flags can be found here.

This should get everyone started and ready for this week challenge πŸ™‚

One more thing, you may need to use Vim and couple Linux commands.

See you @ 5-7pm today @ our dedicated Discord channel.

Holiday Hack Challenge Redo (part 2)

Hello Everyone, we are about to join in ranks to battle the SANS Holiday Hack Challenge tasks again, today on dedicated Discord server. Please use the Meetup page for more details, ongoing announcements.

This post will summaries last Meetup progress and provides clues for further steps.

Let’s start we the recap. We started with:

Followed shortly by:

On the 23rd of January Meetup we have completed following tasks:

  • Objective 1 – Uncover Santa’s Gift List – clues in blog post video above
  • Objective 2a – Kringle Kiosk – clues in blog post video above
  • Objective 2b – S3 bucket – clues give at a Discord were: update the wordlist and add the searched bucket name, use ‘cat’ command to inspect the bucket. Copy and inspect in CyberChef the file. Start unpacking and remember to pipe the output whenever needed.
  • Objective 3a – Linux Primer – no clues were needed πŸ™‚
  • Objective 3b – Point-of-Sale Password Recovery – clues give at a Discord were: download the package, no need to install the shop. Unpack the exe file, and poke around until you find app.asar and use 7zip to open Asar file.

Later today, 5-7pm GMT we will be focusing on following tasks:

  • all unfinished past tasks
  • Objective 4a – Unescape Tmux – no help needed
  • Objective 4b – Santavator operations – no help needed
  • Objective 5a – Speaker UNPrep – first clue: ‘strings door’ with some filters, more clues @Discord
  • Objective 5b – 5b: 33 Gkbps – no help needed
  • Objective 5c – Open the HID lock in the Workshop – no help needed
  • Objective 6a – Regex Toy Sorting – we will battle it together @Discord
  • Objective 6b – Splunk Challenge – clue: look for Bro.

See you later at Discord.

12 years of TOG – Holiday Hack Challenge Redo (part 1)

So, as promised we are going to start SANS Holiday Hack Challenge Redo run by Counter Hack Team. We will start with the latest 2020 challenge . You will need a valid email to create user account, which is instant. You can start straight away on your own or watch a couple helpful videos.

The first video that I would like talk about, it’s Ed Skoudis 2020 Hack Challenge Intro. Video is a great overview of this year challenge.

Second video is aimed at Hack Challenge first timers, it’s walk through the login page and the starting interface.

And don’t forget to join discussion later today at a dedicated Discord Channel https://discord.gg/MqCQkSzG. We start at 5pm today πŸ™‚

This month we are going to focus on 2 objectives.

To help with starting the first objective you can watch this video:

Or read this article with helpful techniques. The online photo editor can be found here.

Watch the video below for the start of the second objective overview:

See you at Discord after 5pm GMT today, we will try to finish Objectives 1 &2 together.

12 years of TOG – a perfect time to do some hacking :-)

For the last five years I was getting more and more anxious the closer it was till the end of the year. Why so? The answer is very simple – the SANS Hack Challenge (https://holidayhackchallenge.com/2020/index.html) run online by Counter Hack Team (https://www.counterhack.com/expert-pen-testers). I have learnt plenty and had an immeasurable amount of fun while solving hacking challenges. This winter I found myself helping others with their tasks by giving hints and I discovered that I have learnt even more. The best part was seeing others to grow and to learn how to beat the tasks.

Unfortunately, SANS hack challenge is only once a year and I didn’t always managed to find enough spare time to solve all the puzzles. Luckily, there is a way to fix that.

So, this year to celebrate 12th birthday of Tog, there will be a pleasant surprise. A walk through a past SANS Holiday Challenges. We will start on the 23rd of January, all info will be posted online. So, keep an eye on our website and reserve time between 5 pm and 7 pm on the day to join the discussion on a dedicated Discord channel https://discord.gg/322Kw4bkQK.

October 2018 Social Battery swap in electric vehicle talk

This October Social on Saturday 20th October 2018, along with the usual chat, craic and fun, we will also have an Electric vehicle theme. See this link for more details

There will also be a quick talk from Jonathan Fitzpatrick, who removed the electric vehicle battery from his 2011 car and upgraded to a 2015 pack.

He will talk about the problems he was hoping to solve, the problems he encountered (the new pack would not fit) and his eventual work arounds and success. The talk will start at 7:30pm sharp and there will be time for questions afterwards. Then you can stay and tour the TOG hackerspace and hang around for the evening. The event is free, open to all, no need to book, just drop on by.

 

Everything TOG in August, craft, code, lock picking, CAD, book club, free events in Dublin!

Hello all,

Craft Night: Runs on Wednesdays, the 8th and the 22nd August at 7pm. Knitting? Crochet? Embroidery? Laser cutting? 3D printing? Join us and work on something you know, or learn something you don’t.

We are supporting the great Dublin Raspberry Pi Jam crew to put on their first jam. It will be hosted in the Science Gallery on Saturday August 11th from 12:30. You can join the waiting list on the main event page ->Β https://ti.to/dublin-raspberry-pi-jam/first-pi-jam

Electronics and Micro Controller Night: Runs on Mondays, the 13th and 27th of August at 7pm. Arduinos, Raspberry Pis and Intel Galileos are just some of the things you can work on down here, or try our introductions to electronics worksheet. Recommended you bring your own laptop.

The Science Fiction Book Club gets ambitious this month, we’ve chosen two Philip K. Dick novels: A Scanner Darkly from 1977, and Do Androids Dream of Electric Sheep?, the inspiration for the 1982 classic filmBladerunner. The meeting to talk about them is the last Wednesday of the month, 29th August.

Lock-Picking: Runs on Monday 20th of August at 7pm. Come down and try your hand at cracking open tumbler, tubular or warded locks.

Open Social: Runs on Saturday the 18th of August at 7pm. Join us for an evening of conversations, games and our glorious hand made wood fired pizza.

Coding: Runs on Monday 20th of August at 7pm. Come down and work on a project or help others with theirs. Laptop and project of your own recommended.

Wikipedia Editing: Runs on Wednesday the 29th of August at 7pm. Ever wondered how to get started editing Wikipedia? Come along and will get you adding to the world’s largest open collaborative knowledge project. All are welcome, no editing experience is necessary and the event is free, just turn up with a laptop to start editing.

If you happen to visitΒ EMF CampΒ from the 31st of August, be sure to drop by the Irish Embassy.

Remember, TOG is run by members, if you want to get involved and help run events + get full access to the workshop and facilities, talk to any member about joining.