Below are a few concepts which will prepare you for our competition next week.
Dependencies
Even if you are testing unreleased programs written in unfamiliar languages, there are publicly known vulnerabilities about the application’s dependencies. This documentation can be found easily with a search engine.
Hacker’s Toolkit
Bugs appear when users interact with the system in unexpected or unconventional ways. Modern web browsers such as Chrome have safeguards to prevent it from being used to hack. Security researchers often resort to using other kinds of software that’s more basic in funcitonality yet more advanced in usage.
wget can be used to download and save a file. curl retrieves remote files and dumps the response to standard output.
It is standard for UNIX systems to create archieves and compress files using tar and gunzip (instead of creating .zip files like they do on Windows).
This command is used to inflate “tarballs”:
tar xvf archive.tar
Computer Ports (Networking)
https://en.wikipedia.org/wiki/Port_(computer_networking)
A port is a virtual interface used by the operating system as an endpoint of communication. Specific services/applications listen to defined port numbers. For example, the default port for HTTP is port 80. So, when requesting a webpage, the browser connects with the server on TCP port 80.
Port scans can be used against servers to detect entry points.
https://github.com/twlinux/club/wiki/nmap#port-scan
Password Storage
[YouTube] How NOT to Store Passwords! - Computerphile
UNIX File Descriptors
https://en.wikipedia.org/wiki/File_descriptor
There are three basic handles that an executed program can recieve input and output (I/O) from.
| Integer Value | Name | Default |
|---|---|---|
| 0 | Standard input | keystrokes from terminal |
| 1 | Standard output | terminal output |
| 2 | Standard error | terminal output |
Using pipes, you can chain program execuation by redirecting output to the input of a second program.
https://github.com/twlinux/club/wiki/Shell-scripting#pipes-io-redirection-and-basic-logic
For example:
curl https://itiswednesdaymydudes.com | lolcat
wget retrieves remote content and dumps it to standard output. Standard output is piped to the input of lolcat. lolcat accepts input and then prints it back out in a rainbow gradient.
If anyone’s interested, here’s the lecture I referenced during my “say no to drugs” story:
[Youtube] AppSecUSA 2016 - Keynote - Sammy Kamkar - The Less Hacked Path