You are currently browsing the category archive for the 'Security' category.
This past weekend I attended to fiberparty the days 27, 28, 29 an event held at Poliesportiu Campus Nord where about two hundred people meet to enjoy almost every field of computing from gaming and moding to coding and security. It had a pretty interesting activities schedule, games tournaments, talks, a coding challenges and the one I was most interested in, the security challenge.
The challenge consisted in 8+1 levels, level0 a very basic one and the 8 remaining levels. The challenge was a mix of web hacking, crypto, coding and stegano. First I started leading doing solo till level 4, at level 5 someone passed me it was Sec0 a group around 5 guys which came to be our main opponent, and when I say our it’s cause I merged with graz and SaLeM in order to compete against them since they together were faster than us doing solo. It was a healthy competition in which since level 5 Sec0 was leading until they reached level 7 where they got stuck and we could draw them. Here starts the real competition one level left, the hardest one, and we both at the same point, the game developer laughing, you can imagine the tension in the air, we progress a bit, they also do, we still progress a bit more, the also do, damn it they’re breathing in our necks…
Finally we won just by seconds! It was an interesting competition with really good opponents whom I’m glad we had, in fact if I had to decide who won the challenge I would say it was a draw 
[Edited] This is the shit (:
Yesterday while chatting at SmashTheStack irc network dusty came up with an interesting PHP easter egg I was unaware of so appending these strings to the url you can get different combos:
?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP Credits
?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - Zend Logo
?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP Logo
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - Easter Egg
Till here everything looks normal but what about if we could use that easter eggs to get info from the server? Each PHP version as ssorg pointed has different credits, but these don’t change that much from version to version so here’s when NNP said that he had heard about this easters eggs time ago and as far as he remembers there was a tool that took profit of this to get info about the PHP running version.
Researching at google I finished at this page where I could take interesting info, seems that the images you get with ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 vary from version to version so we can distinguish 5 different images, but hell we’re still in the same case, only 5 images and “loads” of versions but going deep on this seems that version and more interesting info is sent by headers so this is the info I took from 0php:
PHPCODER GUY WITH BREADSTICKS (Thies C. Arntzen):
PHP Version 4.0.1pl2
PHP Version 4.1.2
PHP Version 4.2.2
BROWN DOG IN GRASS:
PHP4u Version 3.0, Based on PHP-4.3.2
PHP Version 4.3.2
PHP Version 4.3.3
PHP Version 4.3.8
PHP Version 4.3.9
PHP Version 4.3.10
BLACK SCOTTISH TERRIER DOG:
PHP Version 4.3.11
PHP Version 4.4.0
PHP Version 4.4.1
PHP Version 4.4.2
PHP Version 4.4.3
PHP Version 4.4.4
PHP Version 5.0.5-2ubuntu1.1
PHP Version 5.0.5-pl3-gentoo
PHP Version 5.1.0
PHP Version 5.1.2
RABBIT:
PHP Version 4.3.1
PHP Version 5.0.0
PHP Version 5.0.3
COLORED PHP LOGO:
PHP Version 5.1.4
PHP Version 5.2.0
I couldn’t find any tool that does this kind of “fingerprinting” so I might be coding one sooner or later depending on my spare time and needs.
ssorg also keeps track of this at this post.
