Archives For November 2014

Last month I attended Maker Faire Atlanta with other Atlanta Hams where I helped teach kids how to build a very basic circuit with an attention-getting LED.  I blogged about that here.

I wanted to salvage that mini breadboard and I had some Adafruit Perma-Proto PCBs that were looking lonely, so I moved all everything over and soldered it into place.  It turned out pretty well, but I wasn’t so sure by the time I had arrived to the end.

I started by placing the 555 timer directly in the center of the board instead of counting out my spacing to ensure I’d h ave enough room the way everything was laid out.  As it turns out, I did, but I was right on the edge of the board when I soldered the capacitor on.  Had I started one space closer to the edge of the board, I wouldn’t have had enough room.

You can see the finished product posted on Vine:

Continue Reading…

DerbyConCTF: In Summary

November 21, 2014 — Leave a comment

In closing, I wanted to say a few things about my experience with DerbyCon CTF 2014.

This year was much different than years past simply because I had my family with me this year.  Although I had my wife’s blessing to experience the con as I always had, it just felt different because my family was present and therefore I acted different.

When I was in the CTF room my attention was divided between trying to discover the next flag and taking a break to spend time with my family.  When I was with my family, my mind was secretly trying to solve a problem I hadn’t yet answered.  In other words, it wasn’t much fun for me or the family.  Well, it wasn’t awful — it just couldn’t be both.

Continue Reading…

PurpleMooCow was the final flag (I found) of the competition, worth 500 points.

Following up on the exploit from the previous flag I found, I thought there might be more here to exploit in the way of SQL injection:

Screenshot from 2014-09-27 17_46_13 Continue Reading…

SourceCodeTheft was the next-to-last flag I found.  It was worth 100 points.  Here’s how I found it:

Still working on the 10.10.146.187 host, which had yielded previous flags, I had discovered this additional page on the website: http://10.10.146.187/pmc.aspx

I honestly don’t recall how I had found this page but I suspect an earlier wget to mirror the entire website pulled the file down and I saw it on my local folder and decided to visit it.  It’s a simple website with a single text box for input:

Screenshot from 2014-09-27 17_47_04 Continue Reading…

This is my second time posting this… so please excuse my brevity.

Screenshot from 2014-09-27 17_45_28

At this point in the competition (I use that term loosely), I was hitting the wall on discovering flags.  As I previously disclosed, I had been all over the place and not very methodical in identifying targets and attacking them in some sort of order.  What with all the chasing squirrels and all, I was starting to get weary of finding flags in small spurts.

As a result, I started throwing a few terms into the scoreboard to see what stuck.  While ironic that I didn’t get the obvious flag in the title of this page, I made something up based on the content of the page and it worked.  TheFappening was worth 100 points.

Hey, when you’re behind you’ll take ’em any way you can…

I have two more flags to disclose and I’ll publish those next week.  Have a great weekend!

I apologize for disappearing right in the middle of my posts for the DerbyCon CTF Flags.  I’m leading two large projects at work that have deadlines this month (one tomorrow and the other next Friday) — so I haven’t had a lot of time to sit down and type out the remaining posts to finish this series.

Honestly, there are other things I should be diligently working on at the moment, but I’ve been feeling guilty and wanted to finish this one out so I can put a check in the box.  Well, that and I needed to take a break.  Standby for the remainder (?) of my DerbyCon posts…