Author: Dad

This problem is currently unsolved.  I consists simply of the web site contained in the following zip file with no further instructions! 99Bottles.zip

  For this challenge we were presented with a short python programme (below) which was designed to produce a one-time passcode based on an account number and the current time.  We were asked what the passcode would be for a given account and a time a few weeks in the past. Firstly, we had to add the required date and time rather than real time by modifying either line 20 or 24 to generate the correct value of BigNumber.  The

Continue reading

For the third “extract hidden data from an image” challenge we have the grass hopper below: Again, as with the Scottish flag, strings was the solution.  This produced a lot of output with the last few lines as follows: <?php eval(str_rot13(gzinflate(str_rot13(base64_decode(‘LUnHDrTIEX6a1f6+MXHkEznnzMUiDjkO8enda42Q6K6m ZdVKvTbj/ec3HOlpj9/1zzRJK47+dEzneUz/lHBbl/f/N3+ruoRHFXg4nMIG+MW1vrsLhW+YjFBM4V+wmaEsb8EUW2lLDv1+99pg xCGw+V+wm0r3KFJgAV7skmCsksCqgEofFvdRILwaeYkN52Ri3lcgK3elfnaoPGgTO sJjKpTHWM0zfKezABzjyhZaqb5UpsYmeOm315dqUpKyb25R800Ykye5a+Vgt02vfNqz pTXSbTo/JOdtWReIY5Wi9oKo23/M7LCufRkFruAH1o0j3RHBBNMOxSKS/RgUKn1Sw IAwJcIoSs8IF7DAPPHrbkQODuBV5907u7ucXC/X5jmc9RdDGpj9V02tu3TErOisJ2213S9 V8rhcI7tGWAwSg7ywcWNN4ZOm586G06MSFqIyeQtyA7EjChxwurGOEhzdIKtF8lPD5h KBUd09H5AC9swxs6pLXbXO0L1KV7sSzHDulbdj1a5hIIkOBmYsoG9BHPQHkqUl2TUkC zRO6x448uE0sxkLWTcZ4y/wLLy6Hx55bGgEBM6oUCWbPvkwYbpg5RB6ixi+wzeeFp EKnRSZteTWRebVbBmp/7QW2IRw5/GaPAzbP6z/LbW0tdZO/EPvvf4Hn3/8F’))))); Actually, the real output is rather longer, but you get the idea. As we can see, this is a bit of PHP software.  The long sequence of random looking bytes

Continue reading

The second hidden data challenge again related to an image, in this case the Scottish flag below: In addition to adding data to a file via known metadata, it is also possible to hide information (particularly text) inside a file in a none-obvious way.  This is often done by lying about details of file size.  So, for example, a file format may start with a number which means “The actual image starts at X bytes in and all the stuff

Continue reading

In this challenge we were presented with the photograph below: The question was “Where did the cat go on holiday?” In this simple challenge all that was needed was to know that digital photographs contain meta-data in a format called EXIF (Exchangeable image file format).  Metadata is “data about data” and in this case is additional information about the image.  Exactly what information is included depends on the camera used, but things like exposure and whether the flash was fired

Continue reading

On Thursday evening we experimented with using SQL injection to attack the deliberately vulnerable Damn Vulnerable Web App running on a Raspberry Pi. The web app can be found here: http://www.dvwa.co.uk/ The instructions we followed can be found here: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson6/index.html Unfortunately, the final stage of brute forcing the recovered password hashes failed because of problems with the John the Ripper application installed on the Pi.  Subsequently running it on the server resulted in the following successful output after less than

Continue reading

Ladies, I recommend watching these Youtube videos: Topic 1:  SQL Injection How SQL injections basically work – https://www.youtube.com/watch?v=_jKylhJtPmI Running an SQL injection – https://www.youtube.com/watch?v=ciNHn38EyRc Topic 2: Cross Site Scripting Introduction to Cross Site Scripting – https://www.youtube.com/watch?v=L5l9lSnNMxg Topic 3: Passwords: Hashing – https://www.youtube.com/watch?v=7U-RbOKanYs How to crack them – https://www.youtube.com/watch?v=7U-RbOKanYs How to choose good ones – https://www.youtube.com/watch?v=3NjQ9b3pgIg Basically, nearly all Computerphile videos are excellent.