The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game. I highly recommend using a virtual machine or, even better, a Docker container running Linux when doing these challenges, and really any other CTFs like this. This helps to avoid messing anything up on your host machine. Though this is just a recommendation, not a requirement. If you’re interested in using Docker for this, I created a gist with a Dockerfile and instructions on running it. For all of the levels in Bandit, you’ll need to know how to connect to a host through ssh. Here’s the connection information for all the levels in Bandit: Host: bandit.labs.overthewire.org Port: 2220 Connecting to this host with ssh is very simple: ssh bandit.labs.overthewire.org -p 2220 -l bandit0 We use -p to set the port number and -l to set the username. For this level, the username is bandit0. The username will always be in this format, with the 0 changing to 1, 2, 3,...

Recently, I was tasked with helping a family member deal with having their email hacked. The worst part about this was that getting into their email allowed this individual to then gain access to their Amazon account and completely take it over. This could have easily escalated out of control, but I was thankfully able to stop it from going further than that. For a more widescale example, with the recent release of hundreds of millions of leaked usernames and passwords, there’s a good chance you could have been affected by some sort of data breach that contains your emails and passwords. With that said, I’d like to share some ways to help you secure your digital lives, so you can prevent this from happening to you and better prevent your passwords from being leaked in these data breaches. Some of what I’ll be talking about will require some setup and commitment, but it’s well worth it considering the alternative. Password Managers This is the most important one. If you were to adopt any of the things I write about in this article, this should be it. Considering the number of websites that require a username and password, it’s almost...

I’ve recently needed a more stylish and better functioning alternative to a dropdown list for my Flutter project and found that a GridView works perfectly for this. We can use the GridView to allow us to create a list of selectable items that we can then use wherever we need it. It’s super simple to do and works flawlessly. For this, we’re going to be making a selectable GridView that allows us to select multiple icons. To make this easier and more organized, we’ll create a widget for the GridView items: Our GridViewItem widget is fairly straightforward. We have two private fields, _iconData and _isSelected. The widget itself is just a RawMaterialButton which allows us to easily set the shape of it to a circle and it’s fill color depending on if it’s selected or not. We have no use for the onPressed property, so we just set that to null. Back to our main file, we need to create a couple of variables: one for the list of all the icons in our GridView, and another list for the selected icons. Within our build function, we can make a Widget variable for the GridView. I’ve gone ahead and added...

Using the domain found on the hardened aluminum key, you make your way on to the OffHub router. A revolutionary device that simplifies your life. You’re at the UI page, but attempting to brute force the password failed miserably. If we could find an XSS on the page then we could use it to steal the root user session token. In case you find something, try to send an email to wintermuted@googlegroups.com. If you claim your link includes cat pictures, I’m sure Wintermuted will click it. I hope Chrome’s XSS filter will not block the exploit though. https://router-ui.web.ctfcompetition.com/ In this challenge, we are shown a login form and need to find a way to steal the session token from the root user. We’re given a hint about finding XSS somewhere on the page, but Chrome’s XSS filter makes this a bit more difficult. Once we find a way to bypass this filter, we can send off an email to the root user containing a link and hope that they’ll click it. From the challenge description, if we say the link has cat pictures, there’s a good chance they’ll do exactly that. You can see the XSS filter in action by...

Well it’s definitely the 90s. Using what was found in the mysterious .ico file, you extract the driver for the Aluminum-Key Hardware password storage device. Let’s see what it has in store. For this CTF, we are given an HTML file that displays a text field. After taking a quick peek at the code, we can see that the text we put into this field goes through a client-side authentication process. As well as that, the hash algorithm being used is SHA-256. This must mean that whatever we input into the field gets hashed and then compared to the hash of the actual password. This also means that there must be a way to retrieve the actual password hash. When the value in the keyhole input is changed, the open_safe() function is called. This is where we want to start our work. The first line we care about in this function is password = /^CTF{([0-9a-zA-Z_@!?-]+)}$/.exec(keyhole.value); This tells us that the password we put in must match this regex. In other words, the password must contain CTF{} and between the opening and closing curly braces we must have, at the very least, a digit, character, or symbol (_, @, !, ?,...

I’ve worked a bit with Flutter over the past few months primarily on a budgeting app that I’m currently in the process of completely redesigning and remaking using Flutter 1.0. Before working with Flutter, I’ve done some Android development (Java) and iOS development (Objective-C). Between Java, Objective-C, and Flutter, I do believe that Flutter is becoming, and will end up, the go-to tool for mobile app development. Powered by Dart Flutter uses Dart, which I’m sure a lot of people have never heard of, or have heard very little about. If you’re coming from a Java background, you should feel right at home with Dart. Even if your not, I think you’ll be pleasantly surprised with the simplicity and power of it. After using it for a few months, I have only a few complaints that I’ll discuss near the end of this post. UI Development UI development isn’t my favorite thing, I’m more of a backend developer, so when it comes to working on something that is very dependent on it, I want something simple yet very powerful. This is what makes Flutter shine in my eyes. One thing I absolutely love that makes UI development simple is that...

I’ve been really into penetration testing recently, and for fun, I’ve been working my way through all of the missions on Hack This Site. I thought it would be helpful to write up in-depth walkthroughs for each of the basic and realistic missions for those that are stuck and looking for an explanation, rather than just the solution. In this walkthrough, we’re going to go over the second realistic mission. Prerequisites Basic HTML Basic SQL SQL Injection Walkthrough This time, our goal is to access the administration page of this website. As stated in previous posts, it’s always a good idea to do a scan of the HTML in order to see if you can find anything that’s hidden or was accidentally left over during development. After scanning the HTML, you should notice at the bottom of the body tag there’s a link that’s been “hidden”. After navigating to that URL, you should be presented with a login form. This looks like our path into the administration page. Now for the more difficult part, trying to gain access to the administration page. You could try throwing in common username/password combos, but our way in is to simply use some SQL...

I’ve been really into penetration testing recently, and for fun, I’ve been working my way through all of the missions on Hack This Site. I thought it would be helpful to write up in-depth walkthroughs for each of the basic and realistic missions for those that are stuck and looking for an explanation, rather than just the solution. In this walkthrough, we’re going to go over the first realistic mission. Prerequisites Basic HTML Walkthrough For this mission, our goal is to get the band Raging Inferno to the top of the list by somehow giving them a higher rating. From the front end, we can tell that voting is done by choosing a value, 1 through 5, from a dropdown and submitting that vote by simply pressing the vote button. Something to consider is that maybe the person who created this website hasn’t done any sort of validation for the value being submitted in the dropdown. With that in mind, what can be done to submit a value that will push Raging Inferno to the top of the list? There’s no validation to ensure that the values being submitted are 1 through 5. Therefore, the values in the select options...

I’ve been really into penetration testing recently, and for fun, I’ve been working my way through all of the missions on Hack This Site. I thought it would be helpful to write up in-depth walkthroughs for each of the basic and realistic missions for those that are stuck and looking for an explanation, rather than just the solution. In this first walkthrough, we’re going to go over each of the basic missions in a single post as they’re fairly straightforward. Basic 1 This mission doesn’t require too much explanation. Looking through the source code should always be a priority when working your way through these missions, and hacking in general. The reasoning behind this is that sometimes a developer may leave a comment containing important information somewhere in the code by accident. For this one in particular, the developer seemed to do exactly that by leaving a comment containing the password. Basic 2 For this one, Network Security Sam removed the password from the source code and stored it in an unencrypted text file instead. The key thing to notice with this one is that “he neglected to upload the password file”. Since he neglected to do this, what is...

I created and continue to maintain an open source project over on GitHub. With a few thousand people using the project, the backlog of issues naturally increases over time in the form of feature requests and, of course, bugs. Now, a problem that I’ve always had with this backlog of issues was trying to figure out where to start to make the process of navigating through it as simple and efficient as possible. I thought I’d share the process I took, and am currently taking, in order to work towards the elusive issue count of 0. Issue Housekeeping Before working on the issues, I find it beneficial to do some housekeeping to get them all organized. There are a few simple things you can do to accomplish this. Labels I’ve neglected to use labels in a lot of my projects, even though they’re such a simple thing to use. Despite their simplicity, they do such a great job at organizing the issues and giving you some insight into them. Without even opening one, you can tell if it’s a bug, feature request, high priority, etc. So the first thing to do is add the appropriate labels to every single issue....