Firebase REST Authentication

Hello, In this article I will show you how to authenticate to Firebase and secure the databases with some simple security rules. I’m using this setup for my NucuCar project. Authentication The first step is to enable the Email/Password sign in method, by going to the Authentication and clicking the Sign-In Method tab: Next, we can add a manual user … Read more

Brute-forcing passwords with Hydra

Hello, In this article you will find the solutions for the Hydra room on Try Hack Me. Link: https://tryhackme.com/room/hydra Almost every bruteforcing or cracking task from HackTheBox/TryHackMe uses the rockyou.txt wordlist. You can google it and download it, if you can’t find it in your Kali distro under the path /usr/share/wordlists/rockyou.txt.gz If you’re using Kali then you have Hydra already … Read more

picoCTF2019 Reverse Engineering Asm

Hello, here’s my take on the picoCTF2019 reverse engineering asm challenges. If you don’t know assembly, please watch a few tutorials on it: http://opensecuritytraining.info/IntroX86.html http://opensecuritytraining.info/IntermediateX86.html asm1 – Points: 200 CMP: Compares the first source operand with the second source operand and sets the status flags in the EFLAGS register according to the results. The comparison is performed by subtracting the … Read more

Firebase Rest on Raspberry Pi

I’ve tried to use Google’s Firebase with the Firebase Admin SDK in my C# project. The good news is that the Admin SDK is easy to use and all you need to do is call two methods. The authentication part is handled by an environment variable which points to some .json file which you download. The bad news is that … Read more

picoCTF 2019 Reverse Engineering Vault Doors

I’m always late to the party but here’s my solutions to the PicoCTF2019 Vault Doors challenges from the reverse engineering section. I did it this mainly to improve my skills and hopefully to learn some new things. vault-door-training – Points: 50 Your mission is to enter Dr. Evil’s laboratory and retrieve the blueprints for his Doomsday Project. The laboratory is … Read more

PicoCTF 2019: whats-the-difference (Points 200)

Can you spot the difference? kitters cattos. They are also available at /problems/whats-the-difference… on the shell server In order to easily solve this challenge, I’ve used xxd and cut to generate an ascii hexdump of the images: Since I wanted to do a per character diff I wrote the following Python script: And finally run the script:

Bypassing ptrace calls with LD_PRELOAD on Linux

Hello, Here’s a quick article on how to bypass calls to ptrace when debugging a Linux executable. By calling ptrace with the PTRACE_TRACEME option, a process can detect if it’s being debugged and execute different instructions. This an effective anti-debugging technique. For example, take the following C program: If we execute the program from above we get Normal flow on … Read more