Thursday, December 11, 2014

ShmooCon Ticket Contest Extension and Hint

Extension:

The challenge has yet to be achieved completely by anyone yet, and I have only received questions from 2 individuals so far, so the contest will extend until someone either gets to the end, or it's the day ShmooCon starts and I simply auction it off for Hackers for Charity funds.

Hint:

As a possible way to spur things along, I will say that the exe contains two things that you _must_ have to continue on, an IP address and some sort of password in hashed form, and the password should be very simple to break so if you are wasting hours on it, try another format.

Monday, December 8, 2014

2014-12-08 The Shmoo Ticket Contest

And... GO!

https://mega.co.nz/#!wso0AIJL!si9Q9PsaBrImsQPd6fpOyAl2ykaefMS1AK01Ysg4p9M

Remember, most complete answer wins the free ShmooCon ticket. Good luck!

Also, in the spirit of Project Mentor, this is an OPEN contest in the sense that you should feel free to send in questions and expect non-misleading responses (not necessarily answers, but won't just say "Try Harder" either)


Saturday, December 6, 2014

FREE ShmooCon 2015 Ticket

Thank you all so much for participating with Project Mentor over the time (intermittent that it's been) we've been running it.

If you don't know what ShmooCon, it's an amazing Infosec / Hacking conference held in Washington DC every year (usually Jan/Feb). You can find out more here: https://www.shmoocon.org/

They have a wonderful program called "Shmooze a Student" where a potential attendee pays $400 for the usually $150 ticket. This program takes the extra money and puts it towards getting a student that normally couldn't afford to go, the opportunity, and side cast to make it out to the con. You can find out more about the program here: https://www.shmoocon.org/shmooze_a_student

That brings us the the purpose of this blog post. Tomorrow is the last day to get a ticket to ShmooCon the regular F5 assaulting way. On Monday (December 8th 2014) I will post another Project Mentor challenge. This challenge will involve a few different Infosec topics. The person who submits the _most complete_ answer by Friday, December 12th 2014, will win the ticket and also be invited to present their walk through during the lunch time block at ShmooCon Epilogue.

If you are unaware of how Project Mentor works you can find out more here: http://www.projectmentor.net/p/what-is-this.html

Thursday, December 4, 2014

2014-12-04 Beginner Reverse Engineering

Reverse Engineering is done for a number of reasons and on a number of different types of programs and products. Below is a link to an executable called "passwords_suck.exe". Your job is to tell me what the right password is, and anything else you can find inside that binary. There are many tools to do this so don't just get fed up with the complexity of IDA or other professional grade tools.

Good luck!

https://mega.co.nz/#!slZSCTiS!q6NICuggW5AH534uZxhsf7ohuQbozMv4uiMwt4l_l0U

Monday, August 18, 2014

2014-08-02 Challenge: Web enumeration - Target

One of the readers suggested that I set up a place where readers can test out and try their hands at enumerating on a "authorized" site. Well, I have stood up a web server, and there are roughly 22 pages that are enumerable using one method or another.

 Good luck!

http://192.241.210.246/

UPDATE: Each discovered page contains a hash, it's simply a way to verify you have found something that was intended to be found. You can submit them as well or just shoot over the URL of the pages you found.

Please send in your answers or ask questions, this isn't a secret or CTF, this is here for you to learn.


Saturday, August 2, 2014

2014-08-02 Challenge: Web enumeration

Many times during application assessments the discovery of pages or objects that were meant to have been removed or "disabled" are the ways in. Hidden functionality or "admin only" functions that don't require auth to name a couple others. The question usually comes down to finding them. So, name 6 ways / methods of discovering content on web applications.

Sunday, July 6, 2014

2014-07-04 Challenge: RFID

With RFID you have low and high frequency "tags" or cards and they aren't all the same. List 2 types for each frequency level and what they are generally used for. Then see if you can find out what types of attacks are viable against the 4 you picked and what specific hardware you might need to attempt those attacks. Provide scenarios.