===== PRIMER: beginners hacking challenge ===== {{ :projekte:primer.png |}} ==== Config ==== Download the VM image and [[https://www.virtualbox.org/manual/ch01.html#ovf|import it as an appliance]]. **usr:** nieve **pw:** PRIMER Set the connection type to bridged and [[http://askubuntu.com/questions/52147/how-can-i-access-apache-on-virtualbox-guest-from-host|connect to the ip of the VM with your browser]]. ==== Download ==== [[http://morbi-happens.de/dump/PRIMER.tar|morbi-happens.de/dump/PRIMER.tar]] [[http://filehorst.de/d/bcGoHiHh|http://filehorst.de/d/bcGoHiHh]] ==== Motivation ==== A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn't find anything like I had in mind. So I wrote my own. ==== Concept ==== This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser. ==== Goal ==== Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility. ==== Intro ==== **[PRIMER]** “See, the world is full of things more powerful than us. But if you know how to catch a ride, you can go places.” ― //Neal Stephenson, Snow Crash// This world is different. It's constantly moving, always shifting, dynamic. Space is not a concept of this place, it is a concept applied to it. A human way of making sense of the structure and failing, ultimately, at the non Euclidian nature of this electronic expanse. Some people naturally adapt when confronted with the complexity of the n3t. It's a way of thinking, of making sense of the world around you, not accepting an answer but striving to find meaning in the underlying structure of the problem. Out there it is hidden, the structure, under a myriad of layers, but here, in this man-machine-made world you can touch it, catch a glimpse and reach in and twist the flow. She awoke from a tingling feeling in her spine, not a shiver but defenitely moving down her back. Slowly she stood up and opened her eyes, still feeling a bit dizzy. She had heard about people having much harsher reactions to their first l0g1n, especially on enregistered equiptment. Right, her mind lit up, short term memory came back, frontal lobe started firing again - she had to move fast! Eighty three hops (she had counted), thirteen of them encrypted proxys, seven border gateways. Not a trivial trace but finite none the less. ==== Proof-Reading and Beta-Testing==== If you would like to help out and get an early look, contribute and critique then please let [[mitglieder:couchsofa|me]] know! ==== Soundtrack ==== === Part 1: [PRIMER] === *h0ffman - Heatwaves *Mirror's Edge OST *Transistor OST == Chapter 1: [__init__] == == Chapter 2: [(α=β)<=>(α<=>β)] == == Chapter 3: ["[^"\r\n]*"] == == Chapter 4: [:(){ :|:&};:] == === Part 2: [FORK] === * Deus Ex: Human Revolution OST * Lake Avalon - Click Records Podcast #008 == Chapter 5: [0xC00007B] == == Chapter 6: [++Q++++++] == == Chapter 7: [KS(x)<=l(x)+4] == === Part 3: [TERM] === ==== Links ==== [[https://www.vulnhub.com/entry/primer-1,136/|https://www.vulnhub.com/entry/primer-1,136/]]