Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

OSSN is a open source start-yourself social media platform. So, lots of images!

First, there is just the ability to read any file. Just specify the actual path of the file. This is pretty standard... but, there is one twist: the crypto!

The file name used some custom cryptography (here we go) that was crackable. However, it was not trivial. A lot of digging took place in order to get this exploit to work.

First, an 8 character key is generated for Blowfish. However, the generation of this key reduced the space from 281,474,976,710,656 possible keys to 2,147,483,647. This is because the key was a value of md5(OSS + rand()). Rand only has 2^32 possible values! So, the key space was reduced.

Second, in order to brute force the key, a 'successful' encryption attempted needed to be identifiable. From reading the source code, it was discovered that the value for 'tmp/photos' could be easily grabbed with the encrypted blob. So, brute force the key until this value is found from the decryption process.

Finally, they were ready to brute force the key with a known correct result with all possible values that the key could be.

Overall, great write up! It is super interesting to see such subtle bugs in cryptography destroy the security of an application. Don't roll out your own crypto!