DEV Community: Jocelyn (she/her)

Hacktoberfest 2020: PRs and Game Dev Galore

Jocelyn (she/her) — Sun, 01 Nov 2020 05:50:38 +0000

This past Hacktoberfest, I had a lot more planned than I could pack in a punch. I took on two game jams (one of which is still ongoing), planned out some emulator projects, and made four pull requests on some fixes to my own repos and projects. Furthermore, I recently published my first ever game (and in CHIP-8!) and made a CLI music and movie recommending app as a part of ShellHacks Miami!

Before then, I had barely considered regularly making pull requests, nor had I thought of the significance of PRs and how much they mean to open source. But thanks to this grand opportunity by Digital Ocean, I come out of this Hacktoberfest much more learned and with thoughts.

Improvements through PRs

For my first pull request, I added some more... life, to spicy Asian mom bot. Aside from some slight refactoring and restructuring, I made a request for mom bot more "friendlier", and as a result, I definitely got back some positive feedback from those who requested it.

In addition, in the beginning of this month, I participated in ShellHacks 2020 hosted by Florida International University, in which I ended up successfully demoing my first completed project! There's definitely plans to turn it into a mobile app using the Kivy framework in Python, but for now, it is simple (albeit requires some authentication). I made a few more PRs on it to refactor and restructure its code, as well as some linting. Read more on this project here.

First solve at a CTF!

I just remembered this but, after having competed in CTFs for about a year with the ever so talented Kernel Sanders at UF, I actually had my first breakthrough solve at DamCTF this year!

You can read my writeup on solving the Discord bot challenge here.

Open Source on Games??

Lady Runner and CHIP-8 Programming

I stumbled upon OctoJam 7 while scouring Itch.io for some fun game jams and ideas to participate in. Initially the aesthetics lured me in, but then the more I read up on the Octo language and project, the more I wanted to create a nostalgic game of my own! And after much much debugging and help from The Internet Janitor himself along with other seasoned devs, I successfully released my first (albeit short) game on Itch (and it's open sourced too!). Octo, as I've found, is definitely fun and a great intro to what's to come for learning and working with Assembly. I'm definitely looking forward to participating in this jam next October.

Light Letters

As of right now, I'm currently active and running in Yuri Jam 2020 on Itch.io, and working on a VN-platformer hybrid game about two people trying to reach each other in a desolate cyberpunk world through a series of letters (and jazz music galore). Plans are to publish a two-level demo by the start of December (hopefully!). Currently I am using Godot Engine to develop this as well (yay open source!).

There isn't much progress at the moment due to school and other projects, but! I managed to implement some of the basic mechanics through some placeholders. I have high hopes that this will turn into something more in a month's time.

Thoughts

This has definitely been a hack-filled Hacktoberfest, as I planned it to be. I definitely have a lot more to do, and much to look forward to, but thank you again to Digital Ocean for giving me inspiration to work on publishing more towards open source on Github! I feel like I am definitely progressing more as a developer and hacker after all of this.

For more on my projects and ongoing progress, visit my Github here.

damctf 2020 - electric-bovine writeup

Jocelyn (she/her) — Mon, 12 Oct 2020 00:53:11 +0000

I'd just like to first say, as someone who's already built 2 Discord bots, this challenge really peaked my interest and was also about the only thing that tore me away from sleeping in the rest of this Saturday afternoon.

So my first instinct in enumerating and exploring the internals was the source code itself. When skimming through, you can see here that upon joining the bot server, new members automatically get assigned with a basic role:

role=client.guilds[0].get_role(763128055429595156)
awaitmember.add_roles(role)

I played around with the commands listed in the help command. When scouring through the links with !resource, all 4 videos happened to be cow-related memes on long hour loops, which lead me to thinking that the flag must have something to do with the !cowsay command.

However, upon triggering !cowsay, the bot sent back a denial due to permissions. So I must've had to somehow add a certain role for me to be able to trigger !cowsay. When looking at the !cowsay function, I found that it checked the user's role IDs to see if it was equal to or larger than the specified ID the !cowsay function was looking for:

else:
      if message.author == client.user:
                return
      elif(client.guilds[0].get_member(message.author.id).guild_permissions >= client.guilds[0].get_role(763128087226351638).permissions):
                # accept, do cowsay.
                try:
                    arg = message.content.split("!cowsay ")[1]

So I tried adding the role with !role_add. However, I had to be in the server's channels to send that command. But when looking at the bot server, I was not allowed to send any messages. Weird.

Then after a while of looking, I finally noticed that !send_msg could send anything to the #botspam channel that was hidden in the bot server. So I try injecting a command with !send_msg !role_add @username <@!763128087226351638> and make a dent! However, I get this message back:

Hmmm... Noodles wants to add role private. Interesting. . .
Denied role private to member Noodles. Gotta hack harder than that!

Darn it. Looking back at the first couple lines I thought the bot didn't parse all of the numbers in the ID so I'd tried padding it with extra repeats on both ends but, nada.

Then eventually with some help from my other teammates, I'd tried experimenting with my nickname in the server and changing it to private, just like the role I tried to request. And boom! I get this back:

Hmmm... Noodles wants to add role private. Interesting. . .
Granted role private to member Noodles. Well Done!

Interesting indeed...

So now I could screw around with the cowsay command. However, when trying the obvious !cowsay cat flag.txt, I get back an invalid character message. Turns out, in the source code, that no special characters were allowed nor even whitespaces. Darn. Obviously this was a command injection I had to complete with the !cowsay command, so how else could I bypass this?

Well! After testing out some other special characters like #, $, ;{}, and eventually <, I make yet another dent with <. When I send < to the !cowsay command, the bot returns a blank, and not the typical cow output I'd expected. So < must be something!

Eventually I learn that I could filter through flag.txt to pipe it through and read, and boom, I finally get the flag with !cowsay <flag, which outputted this:

 __________________________
< dam{discord_su_do_speen} >
 --------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Extremely fun challenge overall! I hope to play more interesting challs such as this in the future. Also much thanks to my teammates at Kernel Sanders. Really appreciate them.

How to Learn InfoSec and Hacking through Structured Levels

Jocelyn (she/her) — Fri, 02 Oct 2020 23:47:03 +0000

Lately I've spent this past summer aimlessly flipping through PDFs of guides on programming and exploitation as well as diving into (what is probably my 5th time) CS50 to revisit the basics and learn the foundation needed to break into this mysterious field. After watching countless videos and reading hundreds of articles every night, though, I find myself getting distracted and off track jumping from resource to resource and book to article, barely getting anywhere.

So after all that time spent, here I'll lay out a structured guide of resources and websites to keep me on track to where I need to be to get to a point of understanding CTFs and overall application security better. Hopefully it may reach some of you guys who may also be bitterly prone to distractions and hopping from guide to guide.

Level 1

Even if you're a seasoned hacker or expert in CS, or whether you're a fledgling beginner, there's no better way to start off learning the basics than with Harvard's CS50. For the 2020 version at least, it'll get you deep into C programming, data structures and algorithms, concepts of memory and pointers (which is also great for understanding buffer overflows later on), Python, SQL, and application development. Basically the foundation of almost everything you'd learn in a 4-year Computer Science program.
Hacking: The Art of Exploitation, which is also a great guide in exploring C, Assembly, networking concepts, exploitation and more for a beginner. An excellent book providing the foundation of hacking and its origins.
OverTheWire, especially Bandit and Natas through Krypton challenges down the list are useful ongoing wargames to learn more about Linux and web security and exploitation through hands-on experience and useful hints should you get stuck.
HackSplaining, a visual look at common vulnerabilities in web applications.
Optional reading, but Code by Charles Petzold is also another good intro to how computers work and why to understand internals better for absolute beginners.
MIT's The Missing Semester teaches you the tools needed to approach programming, hacking, and overall development (i.e. Github, Docker, Vim, IDEs, BASH scripting etc).
FreeCodeCamp for learning HTML, CSS, JS, and web development through projects and certifications to go for (so you know how to break them ;))

Level 2

TryHackMe's Zero to Hero Boxes Guide. There's a map for free members who can't or won't get the subscription, and a map for subscribed members.Personally I find this a much easier and similar alternative to HackTheBox, due to the numerous threads and hints and explanations in each of the boxes to help you understand concepts better. Though, it's best to keep practicing the concepts and exercises taught in the boxes as it can be so simple and easy to forget once you've finished a box.
Heath Adam's Ethical Hacking Course (aka TheCyberMentor). Assumes you're a beginner to ethical hacking and teaches you everything you need to know about penetration testing for web and other applications. Especially useful if you're interested in pursuing the OSCP in the future.
The Nightmare course by my good friend guyinatuxedo. It is a comprehensive online book on getting into binary exploitation through exploring CTF challenges and various other real life examples. And one of the more beginner friendly guides for those interested in malware analysis and reverse engineering in the future.

Level 3

HackTheBox. If you get stuck, there's always Ippsec's videos.Playing through the retired boxes is an especially good place to start off in HTB.
Pwnable.kr for a cute and fun approach to pwning challenges and binary exploitation.
VulnHub. Similar to HackTheBox in that it provides downloadable Virtual Machines to practice hacking into.
Microcorruption, an ongoing CTF focused on embedded security.
For OSCP-like boxes on HTB and VulnHub, here's a spreadsheet listing the boxes that are highly similar to the labs during the PWK course that also serves as another great way to build your skills overall.

Level 4 (Or more for deeper understanding of computer and systems internals as well as other specific fields)

Nand2Tetris teaches you how to build a computer and OS from the ground up. A deep dive into operating systems
Hasherezade's Malware Analysis/Reverse Engineering Guide
For a hands-on and lecture based approach to going through The Web Application Hacker's Handbook (if you're interested in web), look no further than Sam Bowne's Securing Web Applications. I personally couldn't get through the book at first but having a video and exercises to follow along with through reading the book helped immensely in understanding the concepts better.
Awesome Gameboy Dev for learning emulation, reverse engineering, and assembly and C for building and reversing all things Gameboys.
Cryptohack, a relatively new and very astounding website which teaches you cryptography through programming exercises (highly recommend the use of Python for this). Starts off easy but gets exponentially harder as you progress.
Trail of Bit's Guide on Forensics. There's not much friendly guides on learning computer forensics out there for those who are interested, but this guide is about the only one I found that provides a comprehensive overview of how to approach forensics challenges for if you encounter one in CTFs.
Systems Programming and Tools taught by Sanjiv Bhatia, lectures and walkthroughs on programming in the Linux/Unix environment.

Some other fun sites to practice on

HackThisSite!
Try2Hack
picoCTF. High school based CTF but also fun for beginners as well. Also great in exploring what topics you may be specifically interested in.
HackNet, just a really fun hacking simulator, one of the few accurate ones out there as well.
Don't forget to check for upcoming CTFs at ctftime.org!

Realistically, you could approach any of these resources in any order you prefer depending on your level of experience. This, though, provides to me at least a more structured and streamlined way of learning security concepts in a progressing manner. I hope this also helps future readers interested in also breaking into the field. This list may be edited in the future as needed.