在ayazero那里看到这段话,记录一下。
阅读全文
搜索此博客
2006年12月31日星期日
2006年12月30日星期六
Crypto Challenge
nequ writes: You have gotten past the outer barriers. You have installed a network sniffer. You were able to get access to some key-files. Full of hope you analyze the traffic of past days. Will you be able to break their code? Will you spot the weaknesses? the files you grabbed are: maybe you will: have the log of a black-hat-session that is denied get logs that leak more information, because of a thoughtless server-update .. in the next days. at the moment there seems to be a TAN-generator. the client sends the init for the generator, the server selects which TAN to see. but what are the *.ref files good for? why are there five TAN-transactions before login suceeds? maybe you have to take a closer look and rethink your presumptions. if you think you can take the risk, than start a session by posting a comment that includes your transmission. please make a new topic per session, i will post the servers answers. one session per NO-member maximum! if you make it to the prompt you win. here are the logs:
central.ref:
02 02 04 04 07 07 10 11 21 24 26 30 31 33 34 35
36 40 43 45 45 45 50 50 51 56 62 63 65 71 72 74
user.smith.ref:
01 01 05 07 12 12 13 13 16 16 23 26 27 35 36 37
40 41 44 45 46 47 50 53 54 60 60 60 61 64 71 77
role.smith.clerk.ref:
01 02 04 13 16 16 16 17 21 24 25 31 33 34 35 36
37 44 47 52 53 56 64 65 67 67 70 70 71 71 72 72
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:51:37 Nov/01/2006 (GMT) C: login user=smith role=clerk C: 03 03 05 05 07 07 10 11 12 14 16 17 20 22 32 35 37 41 45 46 52 54 57 60 60 62 64 70 71 76 76 76 S: 2 C: 73405261 S: OK C: 00 07 10 15 16 20 24 27 27 30 32 33 34 36 37 42 43 45 50 54 56 62 62 62 63 67 71 71 75 75 76 76 S: 1 C: 72045361 S: OK C: 01 05 06 11 14 20 21 25 31 34 34 36 40 40 42 42 45 45 53 53 53 54 57 60 63 67 71 73 74 75 76 77 S: 0 C: 21750463 S: OK C: 00 05 12 15 17 17 17 20 21 22 23 25 27 32 34 37 40 41 43 51 51 54 54 56 56 60 61 64 70 73 75 75 S: 0 C: 14362075 S: OK C: 02 04 07 07 10 10 10 13 17 22 27 30 31 32 33 34 37 40 43 45 51 52 54 61 62 65 71 71 75 75 76 76 S: 2 C: 61435207 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:52:39 Nov/02/2006 (GMT) C: login user=smith role=clerk C: 02 05 07 10 10 12 12 15 15 21 24 26 26 26 34 35 36 41 42 43 44 46 47 52 53 57 61 61 63 67 71 77 S: 2 C: 07153264 S: OK C: 02 02 03 03 06 06 10 11 20 24 24 24 27 31 32 35 40 40 41 45 53 54 57 61 62 63 70 71 72 74 75 77 S: 0 C: 01425673 S: OK C: 02 02 03 03 04 04 10 11 12 15 16 17 20 21 25 25 25 32 34 36 42 46 47 50 50 56 57 60 66 71 74 75 S: 1 C: 14623075 S: OK C: 00 01 03 04 05 07 10 13 17 17 17 21 24 26 31 31 32 32 36 36 43 44 50 56 57 61 64 65 73 73 74 75 S: 1 C: 46217530 S: OK C: 01 01 02 02 04 04 12 14 17 24 26 27 30 30 36 37 40 43 43 43 45 50 53 54 55 56 57 62 63 65 70 77 S: 2 C: 70261354 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:59:07 Nov/03/2006 (GMT) C: login user=smith role=clerk C: 04 05 07 10 10 12 12 15 15 20 25 27 31 31 34 37 40 43 46 51 53 53 53 56 61 63 64 65 66 67 71 77 S: 2 C: 27065134 S: OK C: 01 01 02 02 03 03 12 13 15 20 24 24 24 26 32 35 37 40 40 45 47 50 55 60 62 64 65 66 67 73 74 76 S: 2 C: 70126435 S: OK C: 03 04 05 15 15 16 16 17 17 21 22 30 31 31 32 40 41 42 43 44 46 50 52 56 61 63 63 63 64 72 75 76 S: 0 C: 60153247 S: OK C: 03 03 04 04 05 05 12 13 17 20 20 21 26 31 35 36 43 45 46 50 52 52 52 57 60 66 70 71 72 75 76 77 S: 2 C: 75620143 S: OK C: 00 06 10 15 17 20 23 26 26 32 34 35 40 42 43 44 46 47 50 53 57 61 61 65 65 67 67 72 72 72 74 76 S: 0 C: 17563204 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:54:07 Nov/04/2006 (GMT) C: login user=smith role=clerk C: 02 03 06 10 10 12 12 15 15 21 24 27 27 27 31 33 41 42 43 44 46 47 50 52 53 60 64 67 71 71 73 76 S: 2 C: 27143056 S: OK C: 01 01 04 07 12 12 13 13 16 16 23 24 27 30 30 30 31 35 40 42 45 50 51 53 54 55 57 62 63 67 71 77 S: 1 C: 01365427 S: OK C: 01 01 01 02 05 12 12 14 16 20 20 23 23 27 27 30 36 37 41 45 47 50 51 52 54 55 56 62 66 70 74 76 S: 0 C: 45076312 S: OK C: 03 04 04 04 06 10 12 15 22 26 30 32 33 34 35 36 42 45 46 46 51 53 54 60 60 61 61 67 67 70 71 72 S: 0 C: 42135607 S: OK C: 00 05 10 14 15 15 20 21 22 24 25 27 30 34 37 41 42 43 53 53 56 56 57 57 60 63 67 71 71 71 72 75 S: 2 C: 46325701 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:53:02 Nov/05/2006 (GMT) C: login user=smith role=clerk C: 03 03 06 07 14 16 17 20 22 23 24 26 27 31 31 34 34 35 35 40 40 40 42 43 51 54 57 60 61 62 73 77 S: 1 C: 03416257 S: OK C: 00 02 03 04 06 07 13 16 17 23 24 24 26 33 34 41 41 45 45 47 47 51 53 57 60 61 62 70 72 72 72 74 S: 2 C: 32647051 S: OK C: 01 04 05 10 16 17 21 26 27 31 31 32 32 37 37 40 43 43 46 50 53 54 55 56 57 63 66 73 74 74 74 75 S: 0 C: 62705314 S: OK C: 02 06 07 11 14 20 21 23 34 36 37 37 37 42 42 43 43 45 45 51 52 53 60 61 63 64 66 67 70 71 74 74 S: 0 C: 61240735 S: OK C: 01 02 05 14 14 14 16 17 22 26 30 31 32 42 45 46 46 50 54 57 60 60 61 61 63 63 71 72 74 75 76 77 S: 0 C: 24175603 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:54:54 Nov/06/2006 (GMT) C: login user=smith role=clerk C: 04 05 06 11 13 14 15 16 17 20 25 26 34 36 37 37 40 41 43 51 53 53 53 57 66 67 70 70 72 72 75 75 S: 0 C: 23756410 S: OK C: 01 01 05 05 06 06 12 14 16 21 23 27 30 32 33 34 36 37 40 44 51 54 56 60 63 67 67 67 70 70 72 74 S: 0 C: 02631745 S: OK C: 00 01 02 04 05 07 12 14 15 15 20 21 26 34 36 37 44 45 53 53 56 56 57 57 62 64 67 70 71 71 71 75 S: 2 C: 36504721 S: OK C: 03 06 06 06 07 12 16 17 20 21 25 30 30 32 32 34 34 40 42 45 53 55 61 63 63 65 70 71 73 75 76 77 S: 1 C: 65312704 S: OK C: 00 01 12 12 14 14 17 17 20 25 27 30 31 33 35 36 37 40 42 47 52 53 56 60 61 61 65 71 73 76 76 76 S: 0 C: 10237654 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:51:51 Nov/07/2006 (GMT) C: login user=smith role=clerk C: 00 01 02 04 05 07 12 15 15 17 22 25 32 34 36 40 41 41 41 45 53 53 54 54 56 56 62 64 67 70 71 76 S: 1 C: 40726135 S: OK C: 03 03 03 04 07 11 17 20 21 25 31 35 37 37 40 41 43 44 45 47 52 53 54 60 61 62 70 70 72 72 76 76 S: 2 C: 14263507 S: OK C: 03 03 03 04 06 12 13 14 20 21 27 31 36 36 37 40 41 43 44 46 47 50 52 57 60 60 62 62 65 65 76 77 S: 2 C: 15263074 S: OK C: 00 03 04 05 06 07 13 14 16 21 23 24 30 35 37 37 37 44 45 51 51 52 52 53 53 60 61 67 74 75 75 76 S: 1 C: 43267150 S: OK C: 03 03 04 04 05 05 10 11 23 26 27 31 32 35 41 43 45 50 56 56 56 57 60 60 61 62 70 71 72 75 76 77 S: 0 C: 01627453 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:55:25 Nov/08/2006 (GMT) C: login user=smith role=clerk C: 01 04 04 05 11 14 21 23 27 31 35 37 42 42 43 43 47 47 50 53 56 60 61 64 65 66 67 70 70 70 74 76 S: 1 C: 07231546 S: OK C: 04 04 04 06 07 10 13 15 20 21 23 33 37 43 45 47 47 51 54 56 60 63 64 65 66 67 70 70 71 71 72 72 S: 0 C: 42715630 S: OK C: 01 03 07 07 07 10 11 12 13 15 17 22 23 30 30 34 34 36 36 40 42 46 51 56 57 60 62 65 72 73 73 75 S: 1 C: 64712530 S: OK C: 01 01 02 02 05 05 10 14 14 14 16 21 23 27 30 33 40 40 43 47 51 52 53 60 61 63 64 66 67 72 74 76 S: 0 C: 04215736 S: OK C: 01 02 03 10 15 17 22 26 35 35 35 36 37 40 42 43 51 52 56 56 60 60 63 63 64 64 71 72 73 75 76 77 S: 0 C: 26147503 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:53:27 Nov/09/2006 (GMT) C: login user=smith role=clerk C: 01 01 02 02 03 03 13 14 17 21 23 27 30 35 35 35 36 41 45 46 50 50 54 57 60 63 64 65 66 67 70 77 S: 0 C: 02746531 S: OK C: 01 02 07 13 13 13 15 16 21 24 27 34 35 35 37 42 43 46 50 50 51 51 52 52 61 63 64 65 66 67 75 77 S: 2 C: 01265734 S: OK C: 02 04 05 10 10 12 12 14 14 21 23 27 27 27 31 32 33 35 36 37 42 45 46 51 55 63 64 67 71 71 75 76 S: 1 C: 21643750 S: OK C: 03 04 06 12 14 15 21 22 23 25 26 27 33 37 41 43 46 51 53 57 57 62 65 65 65 67 70 70 74 74 76 76 S: 2 C: 05342617 S: OK C: 03 03 05 05 07 07 10 10 12 14 21 25 26 30 31 31 31 36 40 44 52 53 54 60 61 62 63 64 66 73 74 75 S: 0 C: 05641237 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
---8<-----[sniffer started] S: hello, this is broken-tin.neverbank.co.uk S: localtime: 07:54:48 Nov/10/2006 (GMT) C: login user=smith role=clerk C: 03 03 05 05 06 06 10 10 12 17 20 22 30 31 31 31 34 40 41 42 43 44 47 52 53 57 62 63 65 71 74 75 S: 1 C: 10764325 S: OK C: 00 03 10 14 17 20 23 23 26 31 31 34 34 37 37 40 46 47 50 52 53 55 56 57 62 64 65 72 72 72 73 75 S: 2 C: 40672351 S: OK C: 02 06 07 12 14 17 17 17 20 21 22 24 25 27 31 35 36 41 41 43 43 46 46 54 55 60 61 65 70 74 74 75 S: 2 C: 51307426 S: OK C: 00 01 03 05 06 07 13 16 16 17 23 25 27 33 36 42 43 45 50 51 51 51 56 62 62 64 64 65 65 70 71 72 S: 0 C: 35217406 S: OK C: 00 02 10 13 14 21 21 23 23 24 24 30 34 36 42 45 45 45 47 50 52 52 56 63 65 67 70 72 74 75 76 77 S: 1 C: 72136054 S: OK S: welcome Mr Smith! S: /usr/local/clerk/bin/smith>
digg it!
阅读全文
2006年12月29日星期五
2006年12月24日星期日
午后的暖日
我的床放在窗边,每天午后,都有暖暖的太阳透过窗户照进来。懒懒地躺着,享受着亲人般的温和。昨晚看到一文写村上春树的流行,勾起我无数回忆。依文章所言,我也算是国内第二批村上的读者了,读的应该是第二版的《挪威的森林》,也因此钟爱披头士那首曲子。村上的书适合一个人的半夜,慢慢地品读。村上书中那种现代社会的孤独和无奈,似乎多少为这种时刻的读者带了一丝慰藉,或许这世上还有人同在这一时刻读着村上的作品,享受着“小资”的孤独吧。
渡边的三十多岁独身男人的生活方式,摆脱了物质、精神两方面都在低水准挣扎的悲哀(这几乎是我们的宿命),宽容地对待他人的选择,骄傲地坚持自己的选择。不必太在意外界的事情,专一一意地过自己的生活。当然在选择一种相对自由的生活方式时,也将随之而来的孤独全盘接受,不带抱怨地生活着,不带抱怨,这是一种尊严。
阅读全文
2006年12月23日星期六
2006年12月20日星期三
exec-shield
发现Gentoo自己的gentoo-sources居然没有exec-shield补丁,那样子的话,其实还是挺危险的。虽然整个系统自行编译的,很多地址并不完全一致,但是有些时候还是能暴力猜解到的。
可以通过cat /proc/sys/krenel/exec-shield察看,具体值代表什么就去看源代码咯,这个patch一直跟随着内核版本更新中。
另一个randomize_va_space是大家都有D,就不多说什么了。但是有意思的是,linux-gate.so.1这个地址却是固定的。有文章详细讨论了为什么,看得头晕。晚点再补上来。
阅读全文