Hack Challenge Redo (part3)

We had a small break with our hacking challenges Redo. The format of the Meetup required a change, to accommodate for less experienced visitors. And as much as I love the SANS Institute Challenges, they tend to be quite a puzzle, especially later one. So for now, we are going to focus on couple other Hacking Challenges that are available online. And hopefully in December, when new 2022 SANS Hack Challenge starts, we will have a group ready to battle it together ๐Ÿ™‚

Let’s start from Over the Wire. There are plenty games there, we will start with the Bandit, as most suitable to get used to the platform. Bandit offers 33 levels to play, it teaches Linux commands and tools. In each level your goal is identical, find a password to the next level, but let’s start from the beginning.

Over the Wire artwork

To play Bandit you will need to establish SSH connection to the Over the Wire lab server, all details of connection are given in Level 0.

So, what is SSH?

Secure Shell, sometimes referred to as Secure Socket Shell, is a protocol which allows you to connect securely to a remote computer or a server by using a text-based interface. When a secure SSH connection is established, a shell session will be started, and you will be able to manipulate the server by typing commands within the client on your local computer. System and network administrators use this protocol the most, as well as anyone who needs to manage a computer remotely in a highly secure manner.

How to use SSH on Windows?

Most common ways of using SSH on Windows is by using one of the clients. Most popular clients are: PuTTY, BitwiseSSH and OpenSSH. Windows 10 users have now the option to use build-in OpenSSH client. Just follow the installation details of your choose client.

How to use SSH on Mac?

Mac’s have build-in Terminal feature, that provides SSH client.

How do we do it on Linux?

That shouldn’t be a problem for any regular Linux users, but in case you are just starting with Linux. Go to your terminal and type:

ssh

This should list all ssh details and commands. If that’s not the case, just use the following command to install OpenSSH:

sudo apt-get install openssh-client

Full list of common SSH flags can be found here.

This should get everyone started and ready for this week challenge ๐Ÿ™‚

One more thing, you may need to use Vim and couple Linux commands.

See you @ 5-7pm today @ our dedicated Discord channel.

Holiday Hack Challenge Redo (part 2)

Hello Everyone, we are about to join in ranks to battle the SANS Holiday Hack Challenge tasks again, today on dedicated Discord server. Please use the Meetup page for more details, ongoing announcements.

This post will summaries last Meetup progress and provides clues for further steps.

Let’s start we the recap. We started with:

Followed shortly by:

On the 23rd of January Meetup we have completed following tasks:

  • Objective 1 – Uncover Santa’s Gift List – clues in blog post video above
  • Objective 2a – Kringle Kiosk – clues in blog post video above
  • Objective 2b – S3 bucket – clues give at a Discord were: update the wordlist and add the searched bucket name, use ‘cat’ command to inspect the bucket. Copy and inspect in CyberChef the file. Start unpacking and remember to pipe the output whenever needed.
  • Objective 3a – Linux Primer – no clues were needed ๐Ÿ™‚
  • Objective 3b – Point-of-Sale Password Recovery – clues give at a Discord were: download the package, no need to install the shop. Unpack the exe file, and poke around until you find app.asar and use 7zip to open Asar file.

Later today, 5-7pm GMT we will be focusing on following tasks:

  • all unfinished past tasks
  • Objective 4a – Unescape Tmux – no help needed
  • Objective 4b – Santavator operations – no help needed
  • Objective 5a – Speaker UNPrep – first clue: ‘strings door’ with some filters, more clues @Discord
  • Objective 5b – 5b: 33 Gkbps – no help needed
  • Objective 5c – Open the HID lock in the Workshop – no help needed
  • Objective 6a – Regex Toy Sorting – we will battle it together @Discord
  • Objective 6b – Splunk Challenge – clue: look for Bro.

See you later at Discord.

12 years of TOG โ€“ Holiday Hack Challenge Redo (part 1)

So, as promised we are going to start SANS Holiday Hack Challenge Redo run by Counter Hack Team. We will start with the latest 2020 challenge . You will need a valid email to create user account, which is instant. You can start straight away on your own or watch a couple helpful videos.

The first video that I would like talk about, it’s Ed Skoudis 2020 Hack Challenge Intro. Video is a great overview of this year challenge.

Second video is aimed at Hack Challenge first timers, it’s walk through the login page and the starting interface.

And don’t forget to join discussion later today at a dedicated Discord Channel https://discord.gg/MqCQkSzG. We start at 5pm today ๐Ÿ™‚

This month we are going to focus on 2 objectives.

To help with starting the first objective you can watch this video:

Or read this article with helpful techniques. The online photo editor can be found here.

Watch the video below for the start of the second objective overview:

See you at Discord after 5pm GMT today, we will try to finish Objectives 1 &2 together.

12 years of TOG – a perfect time to do some hacking :-)

For the last five years I was getting more and more anxious the closer it was till the end of the year. Why so? The answer is very simple – the SANS Hack Challenge (https://holidayhackchallenge.com/2020/index.html) run online by Counter Hack Team (https://www.counterhack.com/expert-pen-testers). I have learnt plenty and had an immeasurable amount of fun while solving hacking challenges. This winter I found myself helping others with their tasks by giving hints and I discovered that I have learnt even more. The best part was seeing others to grow and to learn how to beat the tasks.

Unfortunately, SANS hack challenge is only once a year and I didn’t always managed to find enough spare time to solve all the puzzles. Luckily, there is a way to fix that.

So, this year to celebrate 12th birthday of Tog, there will be a pleasant surprise. A walk through a past SANS Holiday Challenges. We will start on the 23rd of January, all info will be posted online. So, keep an eye on our website and reserve time between 5 pm and 7 pm on the day to join the discussion on a dedicated Discord channel https://discord.gg/322Kw4bkQK.

What’s happening in Tog in May

Wave Hackers experimental music group.
Seb’s amazing experimental audio research and performance group, a place for artists, dreamers, geeks, hackers, nerds, outcasts, weirdos, rebels and scientists to experiment and create. Circuit bending, instrument design and creation. Everyone welcome, no experience necessary – learn and share but most importantly enjoy yourself. Hosted by Seb every first and third Friday of the month, 3rd and 17th May, from 7 to 10 pm. Let us know you’re coming on meetup.

Electronics and Micro Controller Night: If you hanker to harness the awesome power of electricity and light up a few LEDs or crank a dynamo, Electronics and Micro Controller night is for you. Every second Monday, Gary will guide you into the electronics room where there is a dizzying variety of electronic components to help out beginners and the more experienced alike. You can buy basic kits and we’ll show you what to do with them. Runs Monday 6th and 20th May, starting at 7 pm and finishing at 9 pm. Vital that you bring your own laptop, we don’t have a supply.

CAD Night: Krzysztof and Louise are your guides for 3D printing and laser cutting night, every second Wednesday, in May the 1st, 15th and 29th, from 7 pm to 9 pm. We have a working Prusa Mk 3 3D printer, and a Lasersaur for laser cutting. Please bring your own laptop.

Ray got a little carried away last Open Social night…

Open Social: If you want to see where all these mind-bogglingly fascinating projects take place, come along to our Open Social night on Saturday 18th May from 7 pm until late or later. No need to be a member, just turn up. Food and drink contributions welcome. We will probably roll out the near-legendary pizza oven, weather permitting.

Craft Night: Lots of tools and materials here for dedicated and beginner crafters: this includes, but is not limited to, embroidery, sewing, knitting, screen printing, crochet, drawing, painting, woodwork. Bring your own project along or start one from scratch, there is a wealth of talent and experience on hand to help you get started or navigate the tricky bits. Every other Wednesday, the 1st, 15th and 29th May, starting at 7 pm.

Lock Picking: Ever-popular lock-picking night happens on Mondays, in May on the 13th and 27th, from 7 pm until 9 pm. We have a large selection of padlocks, practice locks, handcuffs and other parts, tools are supplied (and can be bought). Conor hosts and oozes enthusiasm and expertise.

Coding: Same night as Lock Picking, bring your laptop and work on your side project or ask for help with a programming problem. Alternate Mondays, the 1st, 15th and 29th May. Please bring your own laptop, we don’t provide the hardware.

The Science Fiction Book Club: This month we’re reading Fifth Head of Cerberus, by Gene Wolfe. It’s a book club, you know how they work; come along, argue, eat cake. Highly recommended that you read the book first, though. Wednesday 29th May, from 7 pm onwards.

Wikipedia Editing: Want to be part of the world’s biggest collaborative venture? Bring along a laptop, and Rebecca will show you how to become a Wikipedia editor. This all happens on the last Wednesdayof the month, May 29th starting at 7 pm.

Team Bodge Wednesday afternoons you will find Team Bodge in the space, taking broken stuff apart, shaking heads sadly and making those noises you hear from emergency plumbers before expertly restoring everything to a better-than-new working state. That’s the advertising blurb anyway. From 3.30 pm onwards, bring along your non-working components and faulty parts, and James and Brendan will be happy to help and offer advice, tools, expertise and the occasional spare part. Members only, check the mailing list for time and date confirmation.

Tog Events in April

Wave Hackers experimental music group.
An experimental audio research & performance group, a place for artists, dreamers, geeks, hackers, nerds, outcasts, weirdos, rebels and scientists to experiment and create. Everything from circuit bending to instrument design and creation. Everyone welcome no matter experience. Come learn and share but most importantly have fun. Hosted by Seb, Friday 19th April, from 7 to 10 pm. Let us know you’re coming on meetup.

The return of the singer/songwriter

Open Social: We open the doors to all-comers once a month for our Open Social event. This month it’s on Saturday 20th April, from 7 pm until the last one leaves. Come and see what happens in Dublin’s only hackerspace. Contributions of food and drink are always welcome. Club Bodge are threatening cheese and wine (bought, not made).

Lock Picking: Conor runs lock picking nights every other Monday, you never know when you may have put your skills into practice… We open padlocks, mostly taken from the Halfpenny Bridge, handcuffs, and various other locks, all without the original keys. Intrigued? Come along to lock-picking on Monday 1st, Monday 15th, and Monday 29th April, starting at 7 pm. Tools provided, and there are some for sale.

Craft Night: The Crafters are an eclectic bunch, engaging in embroidery, sewing, knitting, screen printing, crochet, drawing, painting, and other craft skills. You can bring a project along, start one from scratch, we have materials, tools and supplies to help you out. Every other Wednesday, this month on the 3rd and 17th April. 7 pm start.

Electronics and Micro Controller Night: Gary runs Electronics and Micro Controller night, every Monday that isn’t a Lock-Picking night. We have an electronics room with a dizzying variety of equipment and bits and pieces to get you started if you’re a beginner. Basic kits for sale and lots of expertise on offer. This month’s evenings will be on Monday 8th and the 22nd April, starting at 7 pm and finishing at 9 pm. We don’t supply laptops, so bring your own.

CAD Night: Krzysztof and Louise host the 3D printing and laser cutting night, every second Wednesday (coincides with Craft Night), in April the 3rd, 17th, from 7 pm to 9 pm. We have a working Prusa Mk 3 3D printer, and a Lasersaur for laser cutting. Recommended that you bring your own laptop.

Coding: If you’re looking for a space to work on your own side project, or if you need help with some programming problem, come along to coding nights on alternate Mondays, the 1st, 15th and 29th April. Please bring your own laptop, we don’t provide the hardware.

The Science Fiction Book Club: While you are waiting for the future to arrive, why not be amazed at what others have imagined it will be like? This month we are reading a (non-Culture) novel by Iain M. Banks, Against A Dark Background. We’ll be eating cake and discussing it on Wednesday April 24th, at 7.30 pm.

Wikipedia Editing: Rebecca will instruct on how to become a Wikipedia editor, this happens every last Wednesday of the month, April 24th starting at 7 pm. You can’t edit without a computer, though, so please bring a laptop.

Team Bodge are in the space most Wednesday afternoons, from 3.30 pm until they run out of steam. Bring along your broken or faulty gadgets or computers – or anything else you’d like fixed – and James and Brendan will help you out, with advice, tools, expertise and the occasional spare part. Members only, check the mailing list for time and date confirmation.