Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: bsidesvienna

#BSidesVienna | Ninjacon 11: Schedule and Logo Released

So after a few false starts, sneak peaks and other misc things… we have both a logo and a final schedule for the BSidesVienna | Ninjacon 11 conference taking place on 18th june in Vienna.

I’d like to thank everybody who entered the logo competition, in particular Florian Stocker (great entries and so many at that!) and our eventual winner @PxlPhile. The descision wasn’t an easy one… as you can see by the logos that were put forward.

If you want to checkout the schedule and wonder at the excellent presentations we have planned, you can find the schedule here.

Hope to see you in Vienna!

 

 

Links:

#BSidesVienna: Ticket Challenge Solution

So after a manic few weeks I’ve finally had a chance to throw together a quick solution post of the BSides Challenge.

The challenge started off with a simple link to http://www.untrustedsite.net which contained the following image.

For those who aren’t Star Wars fans, a quick search should have led you in the right direction… No droids. Well, as there’s no droids.txt on your average website, you’d be wise to check out the robots.txt page. This page however is more than a simple pointer to robots.txt, it also provides hints and information in the form of HTML comments and Server header responses…

Depending on the User-Agent string you connect with, the X-Hint value and the hidden HTML comment at the start of the page will change. There are a variety of possible values, and I’ll leave them up to you to find if you want… some are funny, some are helpful, some are cryptic! For example, accessing the site with Internet Explorer (or a user-agent string containing ‘IE’) you’ll get ‘X-Hint: Colder than cold’ and the HTML comment ‘Internet Explorer? Really!’. Yeah, I’m a funny man… it’s a curse.

The next hint you can get from this page is in the image itself… Metadata! By pulling down the image and viewing the metadata values with exiftool, you can see a few helpful hints.This is also where the answer can be found.. if you know what value the answer really is! We’ll come back to this later on.

Taking a look at the robots.txt page will give you a few very obvious hints… If you don’t get these, well, there’s no hope.

Looking at the information in robots.txt should lead you to a few places. Obviously solution.php is one of the possible places to get the solution… yes, even though it says it’s not. Sorry, I lied ;) The User-Agent lines should also give you the information you need to find the required hints.

This is where there are two paths you can follow. By using the BSidesViennaChallenge User-Agent string on iknowtheanswer.php and solution.php you get the details on how to email the answer, and the 2 halves of the hash value to use (in solution.php the div id is the first half of the hash, and the second half appears when you make a request using the correct User-Agent string.

iknowtheanswer.php

solution.php

Putting these 2 parts together you get the entire hash, as well as the email address…. 427e5301cc0f2c204c37f37f63976de3 [AT] bsidesvienna [dot] com. However the iknowtheanswer.php also provides you with the path for solution number two by pointing you at the Metadata.

Requests to the start page using the BSidesVienna and BSidesViennaChallenge User-Agent strings will also point you at which of the many Metadata tags you need to use…. ‘Current IPTC Digest’. As we mentioned earlier, running the saved jpg through exiftool we get a range of information… and a few hints if you needed them. The value for IPTC is the same hash we found using solution one… and therefore the correct email address to win a ticket.

You’ll also see a few hints in their like the Make,  Camera Model, Maker Notes, and especially the keywords. These all point you to look at the robots.txt, and the ua-tester tool (for testing specific user-agent strings).

No matter which way you looked at the contest there was always a hint to drive things forward if you were looking hard enough that is! Looking at server headers, HTML comments and the differences in data returned from a site are all important aspects of web application penetration testing, and are widely know. That said, i understand not everybody got the answer… I just hope that people had fun in the process, and maybe even learnt something useful.

Congratulations to the winners who got the correct answer, and for those wanting to play around with the challenge, I’ll be leaving the site up to play with for a while yet.

Hope to see you all in Vienna for BSidesVienna!

Links:

#BSidesVienna: Ticket Challenge

After the amazing success of the Phase 1 and Phase 2 tickets, we’ve decided that the 3rd and final phase of ticket assignment for BSidesVienna needed to be something a bit special. After all, it’s easy to click a button and get a ticket… It’s also free, and we all know people love free things. So, for this phase, we’re going to make you work, just a little bit!

The challenge is a simple one…. Now head over to http://untrustedsite.net and get to it!

Entries are to be in the form of email to the correct challenge address (finding the right email address is the challenge). You don’t need to attack, brute-force, or otherwise hammer the system to get the answer. People found doing so will be banned from the contest and laughed at accordingly. Oh, and yes, I do check the logs ;) Entries will be taken on a first come first serve basis and must be in by midnight (Austrian time) on May 6th. That’s Friday, for those without calendars! So what are you waiting for… you wanted more tickets, so get to it!

Now, this is either going to be very very easy… or very very hard? It’s always hard to judge when putting together a challenge. So, I’ll be throwing out some hints through the @BSidesVienna twitter feed over the next few days. For those that need it ;)

#BSidesVienna Call For Papers (or how do I get in without a ticket?)

Remember back on April 3rd when I said “#BSidesVienna Tickets! Get em while they’re H0T“, well, I really meant it!

We released the first phase of tickets on April 3rd, and all 4o0 tickets went in under 48 hours.

Just to keep people happy we released the second phase of tickets on April 11th… which unsurprisingly went in under 24 hours!

It’s amazing that a first time event in Vienna can assign so many tickets in such a short time, and I’m really looking forward to seeing who’s going to attend. From the stats, there’s a great deal of local interest, with a nice amount of international thrown in for good measure. This is exactly what we wanted when we first started talking about the possibility of a BSides Vienna many months ago.

So, the question I keep getting now is… “How do I get in if I’ve not already got a ticket?”. Well that’s simple to answer, you can get in through the Call For Papers of course!. We’re still looking for people to give presentations, demos, lively discussion panels, workshops and lightning talks. If you’ve got something to say, then we can provide the forum to do it. Everybody attending is part of the greater security community, so there’s no better place to start an idea, try something new, or just break out of the mold and do something you’ve never done before!

If you’re interested in attending BSides Vienna and don’t have a ticket… please consider sending something in for the CFP, you never know what might happen!

See you in Vienna I hope!

CALL FOR PAPERS

About BSidesVienna

BSidesVienna is a community driven security conference taking place in Vienna, Austria on June 18th 2011 (directly after the 23rd annual FIRST conference). As with all BSides conferences, the content and discussions are up to you, the attendees, to decide, and EVERYTHING is free.

More information can be found on the BSidesVienna website at http://www.bsidesvienna.com or by following the BSidesVienna twitter feed (@BSidesVienna)

Links:

Follow

Get every new post delivered to your Inbox.

Join 129 other followers