Over The Wire | Write-Up News

In previous posts, I had mentioned that I intended to do a write up for “Over The Wire : Bandit” challenge. It was mainly due to showing how the processes of finding the solution has been for me. Currently I’m at Level 14, and I’ve had quite an adventure getting this far, and I’m planning to continue with the challenge. But, alas, I will not be able to do the write-up I wanted.

I came a cross a post on a sub-reddit for CTFs, where it was posted that the team of OTW have requested that people do not do write-ups, due to it spoiling the experience for users who are interested in the challenge. I can respect that. In all honesty, I feel proud that I’ve made it this far without having to read a write-up on which ever level I’m working on. I had to go do research, talk with fellow Bandits, figure things out, fail, make note of my mistakes (which is what I wanted to post), and slowly learn new things as I progress to each level.

I have to say, I am a bit torn about it though, because I feel there aren’t too many authentic write-ups out there. Yes the write-ups are supposed to be a tutorial on how to solve the challenge, but at the same time its a bit disheartening, because they don’t show the failed attempts, so then you come out with the impression that they are super hackers and just look at the screen and can automatically figure out how to solve it. So I wanted to change that, and place all my failed attempts to show the whole process. But in doing so, I would have spoilers, because luckily I am able to figure out the correct way to solve the level, and I post that as well. I don’t post the actual passwords, but I do post HOW I got to it.

So with a sad heart, I will have to say that I will not be posting my OTW:Bandit write-up. Out of respect for the team that created this amazing challenge. But I do encourage anyone who is interested in hacking / pen testing to go DO IT, its 36 levels for you to hack the freakin planet. I love it, and I’m sure you will to. Just make sure you have a good playlist going in the background.

Thanks OTW. Go Level Up everyone.

SUKANDA

Its no secret that I have love for Sudan. How can I not.  The people are kind, the streets are wide, and the Sun can probably power the whole country. It has SO much potential.

The current regime is a murderous one, Hemedti (Mohammed Hamdan Dagalo) was the leader of the Darfur genocide, and was the protege of Omar Al-Bashir, the last dictator of Sudan (who is wanted for war crimes by the ICC). And seeing this really breaks my heart.

The people of Sudan are known for being intelligent, due to the fact that reading is a big part of the culture, due to the fact that back in the day they didn’t have long television hours, so you spent your time studying, reading, or with family and friends, most likely discussing the books that you have read.  When I saw “Black Panther” and the city of Wakanda, it really blew my mind, and it got me thinking of Sudan.

There aren’t many seasons in Sudan, due to the country being SO CLOSE to the Equator, there for you get a nice, hot Sun year round, and with the large desert landscapes there, it is uninterrupted, yet you don’t see Solar being used there, due to the fact that the people are too busy protesting and dying as they ask for their freedom. 

Many countries are pouring money to fuel all this rage in Sudan, if it stays in turmoil, then it will remain dependent on all those around them, and there for not move forward. These are all due to external forces, and it angers me very much.

The country has a large majority of young, intelligent women and men. They embrace technology, they use it well, it is because of their social media journalism that we hear about all that is going on there. I believe Sudan can EASILY be self sufficient, and be a Green country, and lead the way to a bright future for Africa in general. Similar work is being done in other parts of Africa, actually with the help of artist Akon with his Akon Lighting Africa project, but I think in Sudan it can go even farther than just providing light, but there is a whole generation of technologist who are eager and ready to take on this challenge, and many others.

I need #Anonymous to revive #OpSudan because we have a chance of having an ACTUAL Wakanda in real life, and I strongly believe the Sudan can be it. Sudan + Wakanda = SUKANDA. Lets take down these corrupt leaders, and give Sudan an actual CHANCE of blossoming into the amazing country it can actually be.

Over The Wire : Intro

I love Over The Wire (OTW), oh man it is GREAT. You actually learn and are able to progress quickly, a fantastic learning tool. I started it yesterday and with in a couple of hours I made it to Level 6, and that’s where I’m stuck now. I will be posting the notes I’ve been taking during my process. If you don’t know what I’m talking about: OTW is set up to help people learn about hacking, its a great and fun tool. They call them “wargames”, but you are actually working at your own pace, which I believe is helpful. They have different flavors, and each flavor has different levels, and they all tend to gradually get harder as you go. I’m doing the beginner level one, its called “Bandit”, this has 36 levels. The goal in each level is to find the password that would allow you to log into the next level. At each level they give you hints, so you will be using a search-engine quite often if your new like me.

Here is what you need (other then a computer & internet access). -Your favorite hacking OS (I personally like Parrot OS). -A text editor (this will come in very handy with all these passwords). -A multi-tab browser (because you will need the OTW site & search the hints).

One thing that always helps me is music, so I like to have music playing in the background, that seems to help the time go smoother.

I will be posting some my experience as I’m going through it soon. Happy Hacking Bandits.

CTFs: Video Game vs Simulation

I have a question. Are Cyber CTFs a Video Game or a Simulation?

I was having this conversation with a couple of friends the other day, but no one is able to give one answer or another.

What do you think?

Polly Wants a Hacker

When it comes to learn about hacking / Pen Testing, you hear a lot about Kali Linux. It is awesome, and it very much got me started into the field, and is used a lot in courses and classes that you would take about Cyber Security. 

Another OS out there that is just as awesome is Parrot OS, I love Parrot OS. It has all the tools that Kali does, and they even have a “light” distro which comes without the hacking tools in case you are just looking for Linux Distro to run your everyday machine, and even then, your only a couple of commands away from downloading the tools to that distro.

The thing I like about Parrot over Kali, is that it can actually be used as your main Desktop OS. The Kali community has always discouraged users from using Kali as their main OS, to instead have it as part of a dual boot, in a VM, or via a live USB. You can still do all of that with Parrot, but that way it was put together, makes it a pretty good desktop OS. It actually comes with Libre Office installed and everything you would need to use it as your main machine. That’s what won me over.

Before Parrot, I had an Ubuntu machine, so when I needed to do a CTF, I  would have to run VirtualBox, then run Kali as well as the CTF VM. So basically using a VM to attack a VM. That does have its advantages, it allowed me to create a closed out network lab for the 2 VMs, but it was a hassle, because every time I need to research something, I would have either open up browser on the host machine, or go into the VirtualBox setting and change the Network configurations to get to the internet. It doesn’t sound like a big deal, but keep in mind I’m using a small to mid-sized laptop, with not a lot of screen space so moving back and forth is...time wasted, in a way. Another issue I ran into is that the VMs sometimes wouldn’t behave nicely, so half of the time I would have be fixing and altering things just to get things to work. And after an incident with the VMs just flat out not accepting the proper command, I was done with it and needed a better solution.

Enter Parrot OS. The advantage of this being Desktop friendly is HUGE. I completely formatted the machine installed the full version of Parrot and I was off to the races. I installed VirtualBox of course, because I would need that to run the CTF VMs, but now, I only have to run a single VM on VirtualBox and use Parrot to attack it. HUGE difference, things went A LOT smoother, and that has been the set up that I’ve been using, and I’m loving it.

That is my take on why I’m on Team Parrot. What is your set up like? Have you tried Parrot? Let me know your thoughts.

#HackThePlanet

CTF for n00bz, do they exist?

Cyber CTFs are a great way to learn about hacking, I actually did learn a few things, due to me having to do research on specific things, and reading write-ups, and then having to research somethings IN those write ups. Its very time consuming, but for the cause of learning.

I was on twitter the other day and replied to TinkerSec, who is a professional Pen Tester/Hacker, and I did ask if there were any n00b friendly CTFs out there, and he recommended Over The Wire : Bandit. I will have to try it out and report back.

Up until this point, I have been going to Vuln Hub and downloading VMs that have a note about the VM being “beginner” friendly. But, honestly, they all seem very much intermediate, and that can be a bit soul crushing. I would take excessive notes on what worked, and what didn’t work, I would look up Walk through videos, and read write ups. After a while, I started finding patterns, and started developing my own way of going about the CTF, which is cool. BUT I still have not been able to capture a single flag on my own, I still need the write ups.

The other frustrating thing is, I thought that by taking these notes, I would be able to use the steps that I have learned to solve different CTFs, not so much. My beginner steps work, I am able to find out some of the basic things, but then I almost always hit a wall.

I know that the Walk Through videos and the Write-Ups came out of hours of work and trial and error on any particular CTF, but that part of it is not shown or talked about. Even the reason for them to do one thing over the other is not always explained. So to the un-trained eye, it just seems that this person is a Super Hacker, which they very much can be, they are better than I am, but it can be...disheartening for those of us who are trying to learn this skill.

I want to start doing write-ups, but I want to do it in a more...realistic manner. I fail, a lot, and run into road-blocks, a lot, and I from those fails learned, a lot. Like I said, I have a whole notebook of failed attempts. I will gladly take TinkerSec’s advice and try the OTW:Bandit CTF, but I will also document my steps, and if I can remember, how long it took me to get to which part, and when I do hit a block, I will say that I’ve hit a block, and that I’ll point to which write-up I’m checking to help me get past that particular area.

Hopefully this would be helpful to myself and my fellow n00bs out there. Lets do this.

#N00bsUnite #HackThePlanet

Sudan: TMC for 2 years, only.

I hear that there has been secret talks between the TMC and someone representing the people of Sudan. And that the talks are leaning towards a deal in which The Military Counsel (TMC) would run the country for 21 months (almost 2 years) then hand the country over to a civilian government. Some of the envoys on this talk were representatives from Saudi Arabia & the United Arab of Emirates, both of which are against democracy, due to their own fears of that kind of thought to be carried over to their region. Not to mention the publicly known support of Saudi to the TMC by aiding them financially. Hmm.

A few weeks ago I came across an article that spoke about the Junta (part of the TMC) making a deal and paying upfront 6 million dollars with Ari Ben-Menashe, who happens to be an Israeli arms dealer, who currently lives in Canada. Yet no one is speaking about this any more.

So, to re-cap:

-The TMC say “We’ll rule for only 2 years”.

-They get funding and support from non-democratic countries such as Saudi Arabia & the UAE.

-They have already paid a globally known arms dealer up front. Hmm.

Forgive me if I don’t take their word for it. It sounds to me they are pacifying the people until they organize with better equipment. Also lets not forget that Saudi just bought top-notch weaponry from the U.S.A. Some of these dots, when connected, create a very scary picture for the future of Sudan.

The uprising is not over my friends. Stay vigilant.