Benutzer-Werkzeuge

Webseiten-Werkzeuge


projekte:2016:primer

Dies ist eine alte Version des Dokuments!


PRIMER: beginners hacking challenge

Config

Download the VM image and import it as an appliance.

usr: nieve pw: PRIMER

Set the connection type to bridged and connect to the ip of the VM with your browser.

Download

Motivation

A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn't find anything like I had in mind. So I wrote my own.

Concept

This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser.

Goal

Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility.

Intro

[PRIMER]

“See, the world is full of things more powerful than us. But if you know how to catch a ride, you can go places.”

Neal Stephenson, Snow Crash

This world is different.

It's constantly moving, always shifting, dynamic. Space is not a concept of this place, it is a concept applied to it. A human way of making sense of the structure and failing, ultimately, at the non Euclidian nature of this electronic expanse. Some people naturally adapt when confronted with the complexity of the n3t.

It's a way of thinking, of making sense of the world around you, not accepting an answer but striving to find meaning in the underlying structure of the problem. Out there it is hidden, the structure, under a myriad of layers, but here, in this man-machine-made world you can touch it, catch a glimpse and reach in and twist the flow.

She awoke from a tingling feeling in her spine, not a shiver but defenitely moving down her back.

Slowly she stood up and opened her eyes, still feeling a bit dizzy. She had heard about people having much harsher reactions to their first l0g1n, especially on enregistered equiptment. Right, her mind lit up, short term memory came back, frontal lobe started firing again - she had to move fast!

Eighty three hops (she had counted), thirteen of them encrypted proxys, seven border gateways. Not a trivial trace but finite none the less.

Proof-Reading and Beta-Testing

If you would like to help out and get an early look, contribute and critique then please let me know!

Soundtrack

Part 1: [PRIMER]

  • h0ffman - Heatwaves
  • Mirror's Edge OST
  • Transistor OST
Chapter 1: [__init__]
Chapter 2: [(α=β)<=>(α<=>β)]
Chapter 3: ["[^"\r\n]*"]
Chapter 4: [:(){ :|:&};:]

Part 2: [FORK]

  • Deus Ex: Human Revolution OST
  • Lake Avalon - Click Records Podcast #008
Chapter 5: [0xC00007B]
Chapter 6: [++Q++++++]
Chapter 7: [KS(x)<=l(x)+4]

Part 3: [TERM]

projekte/2016/primer.1451821833.txt.gz · Zuletzt geändert: 2016/01/03 12:50 von couchsofa

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki