ECB Encryption / Python Web Hacking | Natas: OverTheWire (Level 28)

John Hammond · Intermediate ·🔐 Cybersecurity ·7y ago

Key Takeaways

ECB Encryption using Natas: OverTheWire (Level 28)

Full Transcript

hello everyone my name is John Hammond and welcome back to some more natus over the wire web application security some Python scripting and programming to hack some websites free cool stuff I've been away from this for a while because this challenge level 28 is a little difficult and kind of hard so this is going to be a long video please do bear with me I hope it's pretty cool though I hope you learn a few things so let's dive right in I have the web page visible right here because I want to showcase the functionality of this application before I start to look at it in code so we have this computer joke database where we could search for a query and it will supposedly return information back out to us normally we were able to view the source code of some of these applications just so we can learn and understand a little bit more going through the wargames here but unfortunately this level does not provide the source code so if I don't enter anything into the search it will go ahead and return some results for us in fact it gives us just a couple here no shortcuts in life let's right click on find one blah blah blah it gives us like computer jokes if we were to put in stuff like anything or please sub it would return queries that have that string in it and unfortunately nothing has please sub in it that's weird if I tried to search for the letter A obviously it'll get a couple more results if we wanted to just go for sequel injection we particularly could but obviously that's not going to return anything because that text is not in that query or whatever it's trying to run in the database however if I just went for like a single quote or a double quote or just a quote it will be able to return things that have this in here so that lets me interpret that okay it's probably escaping these single quotes and double quotes it's not just gotta make the database crap out on us so what I'm sure you're noticing is when we actually look at some of these returns all these things that actually return out to us that give us some information we are getting a interesting change in the URL it throws us to search PHP it gives us this query variable that that is the HTTP variable that we're working with and it looks like a bunch of garbage a lot of encoded data a lot of this URL encoding it is likely for trying to hide some special characters and that looks like it may turn out to be base64 when we actually take a look at it so let's go ahead and do that let's get to our Python script where we have the code over on the left here and then the output of the the return and what the webpage gives us on the right-hand side so I just made a simple get request to do that let's actually set this to and set this to HTML for syntax highlighting that looks neat okay good and let's go ahead and try and make a request now where we actually submit a query so we're gonna end up posting to that URL with data going through here I'll put this on a new line so it looks a little bit nicer let's say query can equal just the letter A and then that should be everything we need right I'm hoping well we get anything yep okay cool we get some responses and now we want to be able to look at the URL so we can do this we can't actually just check out response dot URL and at the very very top here you see okay it gives us the entire URL and this front part the whole actual web address and the search dot PHP query that's all going to be a static length so if I wanted to scrape out the very very end here we can probably just take how long how many characters is this you can see at the bottom left 60 60 character selected so let's go sixty characters from the end and we'll just get okay that portion that is the encoded information oh I put that on text not the URL okay cool so now let's go ahead and encode this we probably won't need you a relative I'll do this through the requests I just actually learned this the requests actually has a utils like sub module that allows you to quote or unquote I think it's unquote let me check I'm hoping fingers frost yeah okay cool now that is certainly base64 and if we wanted to with that base 64 module included we could base 64 dot be 64 decode and we'll get some raw bytes out of this that sublime text won't be able to show for us so let's actually check out the representation or our EPR to display those raw bytes and okay looks like we're getting a lot of interesting things there so as I'm exploring this actually before I go ahead and show the representation I want to look at some experiments when we test with the okay we'll just pay 6040 code let's again not do that just yet I want to save these lines though because we will probably keep track of them pretty soon I would just want to see that base64 string for a few of these and I want to gather these I want to be able to see are there any interesting changes when I change my query so just a less random inputs I'll steal a few more of these and put them down here so I can examine them say just what and get a few more okay so if you check out this text here you should notice that the first portion of this encrypted or encoded or whatever this data is is actually staying the same for the first part right here it looks like it'll get up to 42 characters in and the base64 encoded values to give us constant and the same values however everything that follows looks like it will change so that leads me to think of the conclusion that we are having some static text or some non changing just regular text or data that's being a pro pendant or put at the very very start of our input or what goes through and then that's being encrypted and then eventually encoded and it seems that that's it's it's not particularly changing the segments that are being displayed here are being encrypted kind of piece by piece or chunk by chunk or block by block and that's telling us that okay they're being encrypted the exact same way that points me in direction the direction did I say and I say in other words I may have said in other words okay I didn't want the England cricket team that's not what I wanted I wanted ECB encryption this is block cipher that is electronic codebook [Music] electronic codebook ECB it is a form of encryption where the message is divided into blocks and each block is encrypted separately but going through the exact same operation kind of using the same key it's it's not chaining these blocks or these chunks together so you'll be able to see a residual you'll be able to determine portions of the encryption scheme as you tinker with and as you play with it you'll see some examples so you're on this Wikipedia page the image of tux to Linux mascot when it's encrypted use an ECB you're still able to kind of make out what that image actually is so we can probably do something interesting here but let's keep in mind that it is using this ECB electronic codebook block cipher to encrypt our input so the next kind of point of attack is to determine the block size or how big or what are the what what's the dimensions of these chunks or these blocks that our message is being cut up into so let's take a look let's see how we can figure that out what I want to do first is actually determine let's see here what query will we have oh I just deleted those things that I told myself I wanted classic let's try and see what the length of the actually decoded or like if the raw data is after we send it different and varying lengths of information so let's do for I in range and let's go about a like how many characters that we want to go for well how about how long is this to begin with how long is our decoded one to begin with before we actually check out the I put an extra string there okay it is 80 characters long so what could we potentially be working with here let's go for I in range 30 maybe 30 characters long 180 I don't know let's try it let's just go response equals all this let's determine the length we don't have to view it out let's just view the length I or query length and then response length will be just like that so let's now change this query to like the letter A multiplied by I so let's try and run this see how long it takes for us I forgot a comma here okay so query length 0 response to length 80 this will keep returning and returning and returning for us until okay we see something change here we've got a difference in the response length being 80 and the response length now going to 96 so that's changing the encryption that it's actually outputting here for us it looks like we're getting more of these changes as we change our query length just as we would expect we're gonna hit 100 pretty soon let's admit on this a little bit and okay okay we went to 80 sweet so this starts at 80 and goes until a ends here and that takes about or is it 13 lines yep but we got 96 over here this length of the response is only 96 for 16 lines and then as we check out 112 we have 112 again 16 times you can see it at the very bottom I've selected 16 lines same thing for 128 if we check that out we have 16 lines so what we can assume and understand here is that this very very first block that we're looking at is obviously taken up by some of the original data or the original string or text that is being prepend Adhan or putting in at the very start of our input so that can't be that trustworthy but maybe these other 16 length blocks we certain I can trust so that's how we can determine the block size okay so now let's try and figure out where our data actually is or kind of how much room or what buffer do we have to work with within these blocks so let's check out let's say our block size can equal 16 now that we've kind of figured that out now we can determine what blocks we want to actually check out let's do another for loop for each of these let's do a print just to get a nice visualizer let's get about 50 characters of a line there and let's do for block in range how many blocks we want to check out well the original thing was 80 and we want to go to we don't want to go to MIT we don't want to make any requests anymore we saw that change happen about with character length of 16 a query length of 16 so let's change that to against 16 or 15 or whatever you want I'm not I'm not choosing 16 because it's a block size I'm choosing it because that's where we saw a change in the response length and it gives us a couple in and out so we can explore some of those now let's check out the actual blocks of the data that we're seeing in the response let's check out about how about 5 or let's say 80 the original length was 80 and then we divide that by the block size so let's check out the response that we're getting just like we've seen before except now we don't want the length we want the original thing decoded from locks the current block that we're looking at times block size so this will originally start at 0 and then up until block plus 1 times block size so that'll go 16 bytes at a time 16 first block and then 16 to 32 the second block and then 32 to 48 the third block etc so if we wanted to check that out let's wrap her to get the raw representation again and let's print out block block data just like that and we still want to have our query length visible up at the top here so now let's check out what this does response what's not what's going wrong here oh I would actually need that after thee after I go ahead and query the site okay so query length 0 response length 80 and this is happening over and over again until we get to about 16 requests 15 requests just fine so you can see again I'm looking at the raw representation of the bytes your elaborate representation of the data so it's not basic ste 4 encoded just separate into different chunks those different blocks so the first block or I guess block 0 and we can actually change this to block +1 so it makes a little bit more sense or has a hat as to how we are reading it okay check this out so blocks 1 & 2 seem to be the same for every query length that we send it so that tells us that that must be the amount that is filled up by the original prepended text that's at the very very that's the static text that we don't have control over it's just being added in at the very start of our input and that's what's it's encrypting you can see that that doesn't change blocks 1 & 2 don't change however block 3 is changing with our input so where do we find a threshold where we fill up one block we fill up block 3 and then we start to move into what would be blocked for because apparently there's data being added after our input so we could potentially figure out what that is because it's ECB because it's a lot electronic codebook cipher so I see in query length 10 in query length 11 block 3 actually stays the same value so it looks like that same way onward from 12 13 etcetera etcetera so that means the threshold for filling all of block three that where that location in the message where we are where our input is going we have filled the block between ten and nine so nine means that there is just one more character that wood has eventually fill the block because once it has it hits ten and eleven it's gonna stay the same over and over and that means we fill the block with our RA letters so if we have one last character available in the block if we send it a query of length nine we could potentially figure out what that data is following our input because it's being encrypted if we actually figured out okay what is this block what does that block look like if we fill it with one more character and we could keep iterating through that character to try and determine what character is it in the real data that they're appending that we don't know yet we could probably leak it out so that may seem weird that may sound weird let's let's do it let me show you how we how we can make this happen let's go ahead and say the correct string is just this representation again we'll put that in repper so that is what they would is we would assume from that and we could import string have all of the potential characters here there's principal characters for C in string dot printable then we'll make a request where we say a nine times because we know that that is we're gonna have one last character to fill this block and we'll put in the character that we're looking at so then we can go ahead and get what block we're looking at block three in this case we'll take that original line that we had and just set block to two because it is zero based when we know we're looking at block three but since it counts 0 1 2 that will be the third block our answer will be this again with the third block that we're looking at so we can test if answer is equal to the correct string then we know we found the character that would be following that that that input that we supply so let's include that see right there we can print trying see and let's run this trying 0 1 2 3 4 etc etc and this will loop through the characters here I hope this makes sense I'm gonna try and visualize it here with some block stuff I'll try and make these blocks just like this so if we were filling up our blocks up until the last segment here so 1st and 2nd blocks are filled and then the third block we know we just okay cool it found it % here hopefully that will close in we are filling up until we just leak into whatever the 4th mole 4th block may end up being so 1 2 3 we fill the third block up until the character that would eventually be starting the next block starting the fourth block so since the original data is at the very very end here following our input we can supply everything up to that last block and since it will be encrypted one way or the other we can keep checking to see what is that character going to be is it going to equal what it would have been had it been actually encrypted following that that's very very hard to discuss and I'm sorry if I suck at explaining that hopefully you see it visually ok so since we are since we found the character % we have an interesting hunch here now because knowing the application and knowing the functionality of what this program does it's probably running a query something like select text from jokes where the text is like and this is sequel right here where it's using that % as a wild-card where text is like our input with the % following because that's the wild-card it'll match anything that has that notion in it so this is doing an interesting thing because normally using this technique now that we found that character we could potentially shrink our test block and just add the character that we found at the very very end so it will encrypt and decrypt the same way we would expect it because now that we figured out what character was next we can try that attack again shrinking down our padding or our space that we're filling in and so we can leak out more of the message that follows or the text that follows our input but this is kind of an issue in this case right here because we actually are probably wrapped inside of a string we at least in the sequel code that's probably running in the back we wouldn't be able to actually test this because our input is again as we saw from our testing in the beginning being escaped like we we tried to enter a quote or a single quote but we know that that's probably not being processed as real sequel commands so they're gonna be escaped with a backslash so unfortunately since that will take up more than one character and that's going to leak over into the fourth block and we won't be able to test it we won't be able to track it down since we are testing in just the very very edge of the third block okay but now we have a hunch now we know that maybe this is running a sequel injection maybe this has some opportunity for sequel injection except we can't use those single quotes or double quotes just as I was saying because they're going to be escaped we can't just do that sequel like Union selects whatever we want blah blah blah password from users we can't do that just in the search query because it will be escaped out of it so now we have to take advantage of what we know with this electronic code book with this encryption scheme we could potentially try and figure out what what what could we enter what encrypted information could we get that would actually look like we had entered that information since we can encrypt the same way but if we handle that escape sequence properly because we know that we're gonna end up having it eventually following let's actually keep that that query here if we got this single quote to be included in the third block and not no longer really necessary for the fourth block that way we could be home free where we could do our own injection following it so now we just have to figure out how we can encrypt and get the data forward that input this probably sounds weird again I'm gonna show it to you let's write this code here let's say our injection is a space character or the letter A whatever padding we want to use times nine so we fill up the third block because that's that's our buffer here and I'm only going to use nine characters so just as we saw that select text from jokes where thing like blah blah blah that single quote at the very very end will actually go ahead and be interpreted just fine we won't have an escape going through we'll actually just have that single quote at the very very end rather than the % so nine will be that threshold if I use that injection and then I add on our single quote Union select let's just do password from users because that's kind of what we've seen in the previous levels and we'll just do a comment here to note the very end of the sequel injection for the sequel query now we have that string that we want to figure out how we can encrypt how we could actually get that to be something that the backend application will handle so let's do that let's determine first of all how many blocks is this going to take the way that we can do that is we can just say locks equals lengths of injection and we got a minus the ten here because we have is padding the A's or the spaces that we're filling it up with and the single quote let's do minus ten and then let's divide that by the block size now that will get only up until we have a remainder so we have to say if we have a remainder we're gonna need another block the way that we can do that is we can just test if length of injection minus ten modulus block size is not equal zero so if it's not a it's not a straight factor if we do have a remainder then we can just say blocks plus equals one so we add a an extra block in there let's see how much how much this is going to take up it's gonna take up three blocks okay that's fine now what we can do is we'll go ahead and encrypt this the way we can do that is by checking this response and getting the URL just as we've done before and said rather the query we're working with will say our injection and then let's check out the block that's returned for us the full thing we don't need the representation we just want the raw bytes and we don't need it cut at any specific block we don't want the full thing do I have a number of parentheses there okay cool we're good so let's just say raw inject and if you wanted to see this you could if we want to check out the representation you could that's just fine so that is going to be the encrypted scheme that has our injection in now how are we going to be able to properly put this into a request without actually making the request and having the program encrypt it we have to encrypt it for the program let's trick it let's try and give it original good data like the spaces that we use to earn the a characters that we use to fill the third block then let's get the very very end like after we have actually filled the third block just so we know the very data at the at the very end of the original query and then fake it with that first part of the the safe good string and then let's put our injection in between it so that probably sounds strange but again I'll show you in code so let's get a response with just the a character or our padding ten times to fill the third block let's get that like good base and let's actually say that our query will be or the URL that we're end up going to the query that we're gonna be using is good base up tool the third block size so the third block block size times three so we know that that's the third block that we want now that we filled it we can go ahead and add our injection in there so injection will get the third block size filled and let's take block size plus three plus blocks because that is the amount of blocks that are necessary for our injection times the block size so that's a full value here now we should be able to add on the very very end that we had from our good base again taking from three blocks in to the very end so it's it's faking the query it essentially just puts our injection in it encrypts it the way that it would have expected it again making sure the blocks are all in a line I've set up blocks I've said that a lot throughout this whole thing so let's check out our query right now probably something that we can't see that's fine let's go ahead and basic c4n code it hmm oh I'm sorry I made a mistake here let's go from zero to the third block at the start and then other way around so from 48 in or the third block in that's my bad now we have a proper looking injection string okay now we want to go ahead and quote this so it is properly URL encoded and this was a sticking point for me it looks like that function does not actually URL encode forward slashes and that made all the difference when I actually tried this challenge so we're gonna have to go ahead and replace those let's change those forward slashes should be % 2f in hex so that does make all the difference in this challenge we will need to make sure those four slashes are URL encoded this has to be fully URL encoded for it to work ok so this can be our query now and let's keep in mind that when we actually retrieve this data it was in the form of the URL with search dot PHP at the end it brought us to search PHP as a page and then it had query as the actual HTTP variable that we're working with so now that we've constructed that variable on our own let's go ahead and add that in so we don't post a request we just get a request with argument query now if I run this display out the text we're getting from that response nothing so something is wrong let's explore I think I see the first problem and that I was using just the string injection as the blocks that I was trying to reach out rather than just raw inject so now let's try and run this okay all right that was it sweet so that is the password that's the flag that we're looking for but I hope this made sense I hope this I know this is a crazy long video but I hope you were able to visualize everything that I was doing because electronic codebook cipher is very very strange and the way that it encrypts block by block and each block is just a segment of the original message but we can detect it we can determine what it actually is so let's get re and scrape out this flag here I think it's re dot find all your raw string from Li something in there anything to endo I with our response dot txt zero and we don't need a number of blocks to be displayed anymore that's just fine okay there is the flag just like that so that is natus level 28 I hope that you guys enjoyed it kind of a long process doing some peculiar interesting things I hope it was easy to see the code was easy easy to understand we're doing some interesting things but I was honestly just very amazed and impressed and pleased with this I thought it was very cool and honestly a really big learning experience for me I will have to jot down this process is like the the procedure that I went through here to actually okay determine the block size and then determining where the block actually has our input going in and then determining how we could take advantage of the fact that that escape sequence or that that string delimiter the double quote or single quote would actually be handy for us when we're trying to do our sequel injection so very very cool very very interesting hope you guys enjoy this hey shout out to the people that support me on patreon thank you guys so much you're fantastic I love you I don't know why no pixel has an O in front of the same you're the best man $1 a month on patreon I'll give you a special shout I just like this have a never video five dollars or more in patreon will give you early access to everything there at least on YouTube before it goes live if you want the content where I want to Todd wrote it's work ready that's the best way to do that please do join our discord server link in the description is an awesome community flow CTF players programmers and hackers you can hang out with me and other cool people we'll be tackling I CTF Knox CTF and other competitions that are coming up this week hey I have a link the description for a Humble Bundle book package that will really help me out its affiliate link full disclaimer I'm a sellout I'm sorry I suck but it helps me put food on the table and you guys and your support really just enables that for me so thank you thank you would love to see you on patreon please do like this video comment this video subscribe if you're into that stuff I don't know I love to see you on patreon love to see in the next video get out of here man

Original Description

If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 E-mail: johnhammond010@gmail.com PayPal: http://paypal.me/johnhammond010 GitHub: https://github.com/JohnHammond Site: http://www.johnhammond.org Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 0 of 60

← Previous Next →
1 Code Commentaries? PHP to JavaScript in Bash and PHP!
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
2 Tutorials? MySQL connection with PHP and Bash!
Tutorials? MySQL connection with PHP and Bash!
John Hammond
3 Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
4 JavaScript Splits The URL!
JavaScript Splits The URL!
John Hammond
5 HTML Tables in Python!
HTML Tables in Python!
John Hammond
6 HTML, Net Shares, GML!
HTML, Net Shares, GML!
John Hammond
7 Python 08 Programming Style and Comments
Python 08 Programming Style and Comments
John Hammond
8 Python 26 Object Oriented Programming
Python 26 Object Oriented Programming
John Hammond
9 75 Python Tutorials, Out Now!
75 Python Tutorials, Out Now!
John Hammond
10 Batch 14 Mathematical Expressions
Batch 14 Mathematical Expressions
John Hammond
11 Batch 85 Array Append
Batch 85 Array Append
John Hammond
12 Batch 86 Array Count
Batch 86 Array Count
John Hammond
13 Batch 87 Array Index
Batch 87 Array Index
John Hammond
14 Batch 88 Array Insert
Batch 88 Array Insert
John Hammond
15 Batch 89 Array Remove
Batch 89 Array Remove
John Hammond
16 Batch 90 Array Reverse
Batch 90 Array Reverse
John Hammond
17 Python [colorama] 00 Installing on Linux
Python [colorama] 00 Installing on Linux
John Hammond
18 Python [colorama] 09 Cursor Position
Python [colorama] 09 Cursor Position
John Hammond
19 Python [hashlib] 02 Algorithms
Python [hashlib] 02 Algorithms
John Hammond
20 Python 00 Installing IDLE on Linux
Python 00 Installing IDLE on Linux
John Hammond
21 Python [pygame] 11 Rectangular Collision Detection
Python [pygame] 11 Rectangular Collision Detection
John Hammond
22 Python [pygame] 12 Platforming Rectangular Collision Resolution
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
23 Python [XML-RPC] 01 Research
Python [XML-RPC] 01 Research
John Hammond
24 Python [pyenchant] 03 Personal Word Lists
Python [pyenchant] 03 Personal Word Lists
John Hammond
25 FancyURLopener Authentication and User-Agent [urllib] 03
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
26 Python 04: PEP8 Coding
Python 04: PEP8 Coding
John Hammond
27 Python Challenge! 17 COOKIES
Python Challenge! 17 COOKIES
John Hammond
28 Google CTF 2016: Ernst Echidna
Google CTF 2016: Ernst Echidna
John Hammond
29 Google CTF 2016: Spotted Quoll
Google CTF 2016: Spotted Quoll
John Hammond
30 Google CTF 2016: Can you Repo It?
Google CTF 2016: Can you Repo It?
John Hammond
31 Google CTF 2016: No Big Deal
Google CTF 2016: No Big Deal
John Hammond
32 Google CTF 2016: In Recorded Conversation
Google CTF 2016: In Recorded Conversation
John Hammond
33 Homemade CTF Challenge: 01 "Orchestra"
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
34 Homemade CTF Challenge: 02 "Bae's Base"
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
35 Homemade CTF Challenge: 03 "Web Hunt"
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
36 Homemade CTF Challenge: 04 "UPX"
Homemade CTF Challenge: 04 "UPX"
John Hammond
37 Homemade CTF Challenge: 05 "The Assumption Song"
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
38 Homemade CTF Challenge: 06 "A Brisk Stroll"
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
39 Homemade CTF Challenge: 06 "I lost my password!"
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
40 web25 :: Mr. Robot : EKOPARTY CTF 2016
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
41 web50 : RFC 7230 :: EKOPARTY CTF 2016
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
42 misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
43 Hack The Vote 2016 CTF: Sander's Fan Club [web100]
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
44 Hack The Vote 2016 CTF Warpspeed [forensics150]
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
45 Juniors CTF 2016 :: Black Suprematic Square
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
46 Juniors CTF 2016 :: Six Strange Tales
Juniors CTF 2016 :: Six Strange Tales
John Hammond
47 Juniors CTF 2016 :: Lost Code
Juniors CTF 2016 :: Lost Code
John Hammond
48 Juniors CTF 2016 :: Here Goes!
Juniors CTF 2016 :: Here Goes!
John Hammond
49 Juniors CTF 2016 :: Southern Cross
Juniors CTF 2016 :: Southern Cross
John Hammond
50 Juniors CTF 2016 :: Clone Attack
Juniors CTF 2016 :: Clone Attack
John Hammond
51 Juniors CTF 2016 :: Dirty Repo
Juniors CTF 2016 :: Dirty Repo
John Hammond
52 Juniors CTF 2016 :: Hackers Blog
Juniors CTF 2016 :: Hackers Blog
John Hammond
53 Juniors CTF 2016 :: Voting!!!
Juniors CTF 2016 :: Voting!!!
John Hammond
54 Juniors CTF 2016 :: The Good, The Bad and The Junkman
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
55 Juniors CTF 2016 :: Stop Thief!
Juniors CTF 2016 :: Stop Thief!
John Hammond
56 Juniors CTF 2016 :: ROFL
Juniors CTF 2016 :: ROFL
John Hammond
57 Juniors CTF 2016 :: Restriced Area
Juniors CTF 2016 :: Restriced Area
John Hammond
58 Juniors CTF 2016 :: Oh SSH!
Juniors CTF 2016 :: Oh SSH!
John Hammond
59 HackCon CTF 2017 TRIVIA and BONUS Challenges
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
60 HackCon CTF 2017 "Bacche" Challenges
HackCon CTF 2017 "Bacche" Challenges
John Hammond

Related AI Lessons

Up next
Cyber security threats @FameWorldEducationalHub #cybersecurity #threats #shorts #ytshorts
FAME WORLD EDUCATIONAL HUB
Watch →