mz's site. Blog and various stuff...

.:: NGSEC Security Certification ::.

Sun, 14 January 2007

.:: NGSEC Security Certification ::.

Sun, 14 January 2007

.:: my ngsec certificate ::.

Sun, 14 Jan 2007

I'm proud to present my certificate:

.:: my ngsec certificate ::.

Sun, 14 Jan 2007

I'm proud to present my certificate:

Today I've received email from ngsec team with congratulations:

Dear mzet:

Congratulations! You have mastered NGSEC's Security Game #2 (Web Authentication II).

Sincerely,
Next Generation Security Technologies
http://www.ngsec.com

Here's a ranking (position number 632):

Ngsec ranking

After this hint I was able to solve level 10. It also required some knowledge about elf file format and familiarity with such tools as:

gdb
objdump
readelf

.:: ngsec game 2 - level 9 ::.

Thu, 7 Dec 2006

I finally figured out how to solve 5th level (it was so easy!). Levels 6 - 8 were quite easy too. Now I'm facing level 9th (the last one), the aim is as usual to bypass the authentication mechanism. This time it's in a form of cgi program written in C. Here's a code:


#include <unistd.h>

void show_error(void) {

    printf("
            <center>
            <p class=\"cab\"><b>Authentication ERROR!</b></p>

            <p class=\"txt\">Either your username or password are incorrect. Please go back and try again.</p>
            </center>
            \n");

    exit(-1);

}

int main(int argc, char **argv) {

    char user[128];
    char pass[128];
    char *ch_ptr_begin;
    char *ch_ptr_end;
    char buffer[1024];
    char good_user[48]="XXXX";
    char good_pass[48]="XXXX";



    if (argc!=2) {
        printf("Usage: ./validate <QUERY_STRING>\n");
        exit(-1);
    }


    /**********************************/
    /* Get Username from Query String */

    /**********************************/
    memset(user,0,sizeof(user));
    ch_ptr_begin=(char *)strstr(argv[1],"login=");
    if (ch_ptr_begin==NULL)
        show_error();
    ch_ptr_begin+=6;
    ch_ptr_end=(char *)strstr(ch_ptr_begin,"&");
    *(ch_ptr_end++)='\0';
    strncpy(user,ch_ptr_begin,sizeof(user)-1);


    /**********************************/
    /* Get Password from Query String */

    /**********************************/
    memset(pass,0,sizeof(pass));
    ch_ptr_begin=(char *)strstr(ch_ptr_end,"password=");
    if (ch_ptr_begin==NULL)
        show_error();
    ch_ptr_begin+=9; 
    ch_ptr_end=(char *)strstr(ch_ptr_begin,"&");
    if (ch_ptr_end!=NULL) *(ch_ptr_end++)='\0';
    strncpy(pass,ch_ptr_begin,sizeof(pass)-1);


    if ((strcmp(user,good_user)==0) && (strcmp(pass,good_pass)==0))  {

        // AUTH OK STUFF

    } else {

        show_error();


    }
}

.:: My stuff ::.

Sun, 5 Nov 2006

I added new page - [My stuff]. You can find there some of my achievments. Enjoy.

.:: zengine ::.

Mon, 9 Oct 2006

I've got involved in graphics engine programming. It's completly new project, codename: zengine or ZENgine. Words zen (in japanese: meditation) and engine mixed together.

.:: zengine ::.

Mon, 9 Oct 2006

I've got involved in graphics engine programming. It's completly new project, codename: zengine or ZENgine. Words zen (in japanese: meditation) and engine mixed together.

.:: zengine ::.

Mon, 9 Oct 2006

I've got involved in graphics engine programming. It's completly new project, codename: zengine or ZENgine. Words zen (in japanese: meditation) and engine mixed together.

.:: Summer practice at ITP ended ::.

Mon, 2 Oct 2006

After three months of working at Intel Technology Poland I have to say that I had great time working there. I've met interesting people there and learnt many new things.

.:: Ngsec game 1 completed ::.

Mon, 28 Aug 2006

Dear mzet:

Congratulations! You have mastered NGSEC's Security Game #1 (Web Authentication).

Sincerely,
Next Generation Security Technologies
http://www.ngsec.com

Here's a ranking (position number 1495):

NGSEC's ranking

.:: Interview at Intel Technology Poland ::.

Sun, 18 June 2006

Tomorrw at 13:30 polish time.

.:: Ngsec games ::.

Mon, 22 May 2006

I've recently found interesting contest, ngsec games. I'm on the 10th level now. Unfortunately I don't have time to finish it, maybe I will find some on Saturday.

.:: Vim ::.

Sun, 9 Apr 2006

I have switched to vim. I have already used emacs and nano as my def editor now it's time to try out vim ;). I've read this tutorial and made my "cheatsheet" as author of this tut advises.

.:: Site is up and running ::.

Fri, 7 Apr 2006

At last my site is up and running, I'm very happy about it :)