Wednesday, November 2, 2011

Quick RVM + BeEF install guide

Disclaimer: This is only a recipe I wrote for me. But I thought it could be useful for other people so I decided to share it. Of course, no guarantee! So if you encounter any problem, then I can only say this: RTFM! :-)

Note #1: I used Debian 5.x but it should work for other UNIXes.
Note #2: Perhaps you'll need to invoke "apt-get" with some *-dev/lib packages. Unfortunately I didn't take note of that.


1/ Install on ~/.rvm
$ bash < <(curl -s )

$ echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm" # Load RVM function' >> ~/.bash_profile

$ rvm requirements

$ rvm list known

$ rvm install 1.9.2

2/ We test "rvm"...
$ rvm use 1.9.2

$ ruby -v

Optionally, you can set a version of Ruby to use as the default for new shells. Note that this overrides the 'system' ruby:
$ rvm use 1.9.2 --default

For turning back to system default Ruby:
$ rvm use system


3/ Set up Ruby environment for BeEF
$ rvm use 1.9.2
$ rvm gemset create beef
$ rvm 1.9.2@beef

4/ Dowload from svn
$ svn checkout beef-read-only

Then rename to "beef" & cd to it.

5/ Execute BeEF installer:
$ ruby install

And then choose "automatic install". Otherwise, ask the installer what to install and then manually install it:
$ gem install ansi term-ansicolor dm-core json data_objects do_sqlite3 sqlite3 dm-sqlite-adapter parseconfig erubis dm-migrations librex --no-rdoc --no-ri

6/ Change default user/pass:
beef / beef

By editing the file:

7/ We also can change listening host & port by editing the file:

8/ Create startup script: "beefstart"


[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm" # Load RVM function

# Beef environment setup
rvm 1.9.2@beef

# Don't forget to change this according to your needs!
cd /home/roman/tools/beef

# Run BeEF

# Return to system Ruby
rvm system

9/ Now, to run BeEF
$ ./beefstart

(we can just add BeEF directory to $PATH)

Monday, September 26, 2011

CSAW 2011 CTF Quals - Reversing - .NET1 (200 pts)

Just saw the write-up for .NET1 by K3YS3C. That was the hard way.

Following KISS principle, the challenge could be easily solved by using Cryptool 2 (yes, we all are used to work with 1.x, aren't we?). Even for a non expert crypto-man like me, it's not difficult to identify that the algorithm used was XTEA, simply by googling for the magic number 0x9e3779b9 (taken from ProcessBlock function on Reflector's disassembling) and then analyzing XTEA against our disassembling.

XTEA is supported by Cryptool 2 (good catch by Kachakil). Given that, it's a matter of learning how to use the new interface. You can load the TEA template and then modify the properties of TEA box to select XTEA (supported: TEA, XTEA and XXTEA).

Given the 128 bits key from:

 It's needed to be converted from "unsigned int" to (hex-encoded) byte stream: 

Feeding former key to Cryptool 2:

 Et voilĂ , you got the key!

key{  f79b5967afade81c142eab7e4b4c9a3b  }