Monday, December 16, 2013

Removing the black box in Ustream's chat

This page contains a bookmarklet that is used to remove the black box that shows up on Ustream's chat, as well as an explanation of what's going on.

To "install" it, simply drag the following link over to your bookmarks toolbar.
Then, to use it, simply click it when you're on the stream's page.

Remove Box

For Internet Explorer users, you may need to right-click, add to favorites, and make sure you create it in the Favorites Bar.

Enabling the bookmarks toolbar

A bookmarklet is a special kind of bookmark that is used to manipulate the page you're on. As such, having the bookmarks toolbar enabled is necessary to use them. Here are some instruction for enabling the toolbar on Windows-based browsers, if it hasn't been enabled already.

Firefox

  1. Press the Alt key
  2.  Click View at the top menu bar
  3. Click Toolbars
  4. Click Bookmarks Toolbar

Chrome and Internet Explorer

  1.  Use the keyboard shortcut Ctrl-Shift-B
    • Or, in more descriptive terms, hold Ctrl, hold Shift, press B, and release the keys

Explanation

Remember that it's generally unsafe to run scripts from some random person on the internet. They can be used for nefarious purposes, after all. If you are curious about the safety of the bookmarklet, here's an explanation of what it does.

The bookmarklet above contains the following code:
$("#SocialStream").contents().find("div").remove(".popOut")

Even if you're not used to reading code, I'd like to think this is pretty simple. The black button is identified by .popOut. The code is simply removing it from the chat, which is identified by #SocialStream.

Wednesday, October 30, 2013

Torties of FFRC

 Update 2013/10/31 22:40 GMT: Added screen shot of Karena, though I didn't think fast enough to get one of head :<

I've been lurking over at the FFRC livestream for the past six months. Thanks to this great live stream, torties are now some of my favorite cats. One thing I've noticed through chat lurking is that most people can't tell the difference between FFRC's torties (or at least Weeja :>). There are plenty of cats I can't identify either (I'm talking about you, Arden, Jemison, Remison, and Dennis). Luckily, the torties are some of the cats I have no problem identifying! This random post will cover the main differences between the four main (oldest) torties: Preakness, Weeja, Karena, and Keesha.

Disclaimer: my descriptions could be off, especially with the relatively low picture quality of the stream. Everything I type is simply how I've noticed things :>

Also, there are plenty of less-obvious differences between the torties you'll come to notice, subconsciously or otherwise, as you watch these gorgeous cats on cam. The coming information should get you started, just in case you need it! :D

Preakness

More here

Monday, September 16, 2013

ForbiddenBITS 2013 - X95 Full

Since I've been too busy (and a little bit lazy :D) to post all of the parts, here's the full document:

Friday, April 19, 2013

ForbiddenBITS 2013 - X95 Part 1

I've been holding off on posting a write-up for this challenge because it's 11 pages long in a Word document, including code and screenshots. Since Blogger doesn't have a pager and I'm sorta busy atm, I think I'll post everything in parts over time. I might also do a tl;dr post depending on how things look.


Overview

First, you can find the code here: http://pastebin.com/Yhj7DvSh

This challenge is a more programming-centric challenge. It features a little bit of crypto and some regex and Perl, but the main difficulty for this challenge is following along the many complex text transformations and being able to understand how everything ties together.

First, on the challenge page, you are given the address to where the above application is running. Upon connecting using socat (:D) or netcat, you are able to input something, though it doesn’t tell you what it wants. Luckily, I actually guessed right on my second attempt and input a number. Looking at the code, it’s a random number you have to match, so how nice of the application to show me the next prompt! It then prompted me for a password, but unfortunately beetus was incorrect.

Sunday, March 17, 2013

ForbiddenBITS 2013 - ment0rpwn

Note: the challenge is down and I don't have screenshots :<. Also, for this challenge had multiple parts, but I only got the part for the ELF binary.

For this challenge, you are given a link to a web application, which contains the hacker manifesto, an empty, white div above it, and a background as the image below. For this challenge, I had the help of the rest of the KnightSec team.

This is not the actual one but a screenshot I got from a page I have kept open for the past couple of days

ForbiddenBITS 2013 - invisible

For this challenge, you are simply given a link to an html page. When you open the page, there is nothing; there is nothing to even select on it. Looking at the source, you find a series of whitespace characters.

You can get the code here.

Luckily, I am familiar with the esoteric programming language known as Whitespace, where programs are written as a series of spaces, tabs, and newlines. Using the power of Google, I found an interpreter on the official page here, as well as a decompiler here.


Sunday, January 6, 2013

29c3 CTF - Exploitation 100 - minesweeper

I've just finished this challenge after not eating all day and working on it for 6 hours straight, but I'll go ahead and struggle to make a write-up because I have all of my notes/code up. It probably would've taken a lot less longer if I did eat/take break. Also, I'm now to tired to keep my tenses nice and neat.

This is yet another Python challenge I have now completed. This time around, however, the solution was a lot less straightforward. It involved doing some crypto (no experience until now), as well as some python kung-fu I haven't done before.

Soooooo you're given the location where the script is running, as well as the source, as usual. It is a minesweeper game that allows you to load and save games. Here's the sauce: