Lawful Evil

Well, I've been doing CNO dev for a while but I've never really gotten into CTF stuff.

So.. hacker one has a CTF.

Level : Trivial
Some mostly blank page. view source in chrome. I hope these aren't browser dependent. Anyway.. it loads a boring background image and has some dire warning about getting stuck. I try to navigate to other resources. I try to view the image separately incase its so huge it has stuff off the edge or has text imbedded in the jpeg. That is where the flag is. Ok. Pretty easy.

Level : Easy
A series of pages. There is a main page with a listing of sub page titles. There is the option to view a page or create a new page. When on a page you can edit the title and body.

I create a couple pages and notice the page number is discontinuous. I manually load a couple of the missing pages and eventually stumble upon one that is different and A flag is there. This challenge has 4 flags. Problem is sorting out where each might be.

Moving on, I edit a page a bit and notice script tags get removed/scrubbed. It also supports some sort of markdown. I eventually manage some image tag XSS and get the second flag.

The third flag is XSS in the title that then gets executed on the main page in the page listing. Ok, 3/4 down.

The last flag takes quite a bit of bumbling around in the wrong area. Even with the hints, I glossed over the area with the flag but totally missed it for hours. But, I was so close, I'm sort of angry it took that long. Its a type mismatch error thing in the URL.

I started poking at cross site scripting, XSS, and found this benign one. The idea is to make it run code that you pick. You can basically craft a url that it uses and runs code, so you could take over page formatting and make it force a log-in and send the creds to another URL.

http://www.coyotecode.net

You can roll dice, like for play-by-post games.

You can name each roll and provide notes. Then you can lookup the roll by number and your data is saved in the database. There may be SQL injections here... but I'm simply poking at the XSS part. User input data isn't scrubbed enough on name input and on the landing page, name because a link.

So, if we make the name of the roll :
f"onmouseover="alert(1)

When you lookup the roll and mouse over the link, it runs our script to display an alert of "1". Here is a saved roll showing it working. http://www.coyotecode.net/roll/lookup.php?rollid=219494

I basically looked at the generated source and figure out what I had to type to alter the HTML/DOM to have my code in there.

I had to change this :
<a href="http://roll.coyotecode.net/lookup.php?rollname=NAME">NAME</a>

Into this :
<a href="http://roll.coyotecode.net/lookup.php?rollname=f">f"onmouseover="alert(1)</a>

The idea was provide a short name, f, in this case, then a quote and then set a new attribute on the link, the mouse over scripting. It inserts a "> at the end of the name, so I leave the final end quote off of "alert(1)". I thought I needed the space between " and onmouseover but it turns out you don't and the browser inserts it for you, thanks Chrome.

My son, Micah, decided to join the run club at school. They are going to train for a 5K. Well, he can't go alone, so I got volunteered. Now I'm getting off my ass to run too. Ran to work this morning using some free C25K app. Hilarious grammar and pronunciation errors as you would expect from a chinese app. One of the reviewers said they had trouble understanding the thick british accent. LOL. Someone thought it was british. Very obviously chinese or maybe japanese.

I walked home too as I could stand the thought of running in my work clothes. Tomorrow is International Bike/Walk to school day. So I'm walking the kids to school and then I'll walk/bike to work. Assuming I can even walk after today's effort.

A day and a half until the kids get here. I can't wait. I'm loading up the MP3 player that my mom bought Aiyre so she'll have her favorite songs already loaded and ready.

The cat moved with me to my new home. I've missed him so much. Its nice to have a bit of the old home here with me even if my kids can't be here with me. Kitty is so friendly and tolerant of Lynne's 3 and 6 year old kids. The only problem is that their old Kitty was mean and pee'd a lot so they expect Kitty to misbehave too. We keep telling them that Kitty is a nice cat and doesn't do those mean things, but they don't seem to believe us.

I was reading facebook last night and saw a post by my brother where, amongst other things, he indicated that his mother, my stepmother, had past. This wasn't too much of a shock for me as my father had called the day before and had been very sad. He said that she wasn't doing well and doctors gave her 2-3 days to live. I was a bit shocked, but I guessed she had cancer. She'd been a smoker for as long as I knew her and had lived with my father who also smoked. Still, she was gone and I hadn't really prepared myself.

Now, I don't remember my parents ever being married. Dad and Denise, as I called her, were married when I was little. I don't remember, though they claim I was to be a ring bearer, at least until I chickened out. She spent 30+ years with my father, far more time that my mother ever had yet I feel I resented her for most of the time. I don't actively remember resentful thoughts, but I know acted like everything she did for me was wrong

I recall fabricating excuses to try and get my mother and father together at the same place so they might realize they were supposed to get back together. Having now been through my own divorce, I realize that just wasn't going to happen and my 10 year old mind was perfectly normal. I hadn't accepted it, the divorce that is, even though I couldn't remember them ever being together.

Every summer, I spent a month or so with Dad and Denise and their son, Moose, and Denise's kids from a previous marriage, Scott and Michelle. Several times I had to be sent home early because I was homesick. Really, it was probably just mostly stress from being on my own as an only child of a working, socially active, mother being forced into a home with two parents and three other kids.

I know now that Denise really tried to make things work and that she went out of her way while I was there to please me. Instead of taking advantage of it, I fought back at every opportunity. No I can't possibly eat a PB&J cut into triangles instead of rectangles. I didn't know it until last summer, but she and Dad were fighting for custody of me. I've since wondered how my life would have been different if they'd succeeded. Even as an adult, it never occurred to me that they wanted me to be there more than that one month a year. I managed to mess that up too as I got older. Once I was 16 I got a job over the summer and stopped going to Dad's house. I didn't even realize what I'd done until last year. I didn't realize the pain I caused him by taking away his one chance a year to see his son. I'm sorry Dad.

Around that time, as a teenager, I finally noticed that all the birthday and Christmas checks that Dad sent me were in Denise's handwriting. Those checks and cards and such continued through my adult life, always written by her hand. This is especially meaningful to me now, when my own kids have been taken from me. I know dad struggled to provide for the family and that the child support he was forced to pay Mom far exceeded what he paid each month for his other three kids. And still Denise sent some of the little money they had in the lean times.

For years I had referred to her as my wicked step-mother. I always dreaded visiting because she would be there. She would take an interest in my life and ask me questions and show genuine concern for me and I didn't like it. I wanted to see Dad and be left alone, or so I thought. I admit that her smoking also bothered me, particularly after I became an adult and no longer used to smoke. Still, she didn't deserve the title. She loved me and loved her own kids. I remember her picking through Moose's poop to find the little pink Barbie hairdryer that he'd swallowed and then washing it off and giving it back to Michelle. I'm not sure I'd do that for my own daughter.

Last summer, after settling the terms of my own divorce I went to Florida with my fiance. We took a day away from her kids and her parents and drove across the state to visit Dad and Denise and Moose and his kids and Uncle Eddie and Chris. Denise and I had quite a talk that day and I came to realize what I jerk I'd been to her for all those years. How I'd hated her and resented her for no reason. Sure, I was only a kid for part of it, but I never really gave her much of a chance. Here I was finally making friends with the woman. Making peace with her. Finally realizing that she was more of a partner to my father than my mother had been. Realizing that she had been the centerpiece of the home, decorating, clean, maintaining, sure, but welcoming, greeting, and caring for her guests as well. Apologizing for being the little shit she knew I'd been but loved anyway.

I didn't know that would be our last conversation. I know now you weren't wicked in the sense of the wicked witch, but wicked in the Boston sense. Wicked Good. Goodbye Denise, I'm sorry your journey ended just as I was finally starting to learn who you really were. I'll miss you.

Energized Bunny Arrested: Charged with Battery

Posted via LiveJournal app for iPhone.

Well, quick turnaround... but, I'm getting married. April 17th.

Well, the divorce went final back at the end of December. C'est fini.

Single again... er, well divorced anyway. Working at ObjectVideo in Reston VA now. Left Raytheon back in August... er, well, July. End of July.

Off to the lawyers to sign away this morning. However before that it is Aiyre's first day of summer school and the start of the second week of Evan's camp.

Posted via LiveJournal app for iPhone.