DavidMah · February 26, 2013 20:57
diff --git a/gistfile1 b/gistfile1
 `cat /dev/urandom | xxd | head -16` > some_hexdump.txt
 0000000: 3938 c251 68a6 8557 ef2e 469b 24fc f349  98.Qh..W..F.$..I
 0000010: 8e89 36ab 6824 a5cd 13a9 7477 bddf 8b29  ..6.h$....tw...)
 0000020: b4ef 20ca 79e9 b811 05cb a5a5 b441 54e7  .. .y........AT.
 0000030: 286f 5370 e3ec cf92 147d 873d 5665 818e  (oSp.....}.=Ve..
 0000040: f7e0 e35f fd50 7dbe b143 bcf4 41d1 11c9  ..._.P}..C..A...
 0000050: b181 0f32 b66f 5842 0ceb 6396 529e aeda  ...2.oXB..c.R...
 0000060: e934 ba21 674d 93b5 153f 144d 0472 835e  .4.!gM...?.M.r.^
 0000070: 03a1 ea03 7c92 573c ef7b f181 3ffa 391f  ....|.W<.{..?.9.
 0000080: fbea 4e3a 691c d577 4779 3c8d 5501 4ba1  ..N:i..wGy<.U.K.
 0000090: fccb 9dcb f43c d034 2a60 f2e5 3f27 5fce  .....<.4*`..?'_.
 00000a0: e0b0 1886 5b16 a62a 68de 96ba 620a 8233  ....[..*h...b..3
 00000b0: 659c 2d61 24f4 9d1f 9de3 76ec 5dc4 4b4e  e.-a$.....v.].KN
 00000c0: 9a04 0449 84ea 5c35 c0f9 56be f34a d48a  ...I..\5..V..J..
 00000d0: a118 8978 8e12 3efc c40c 428b 711a b107  ...x..>...B.q...
 00000e0: e2ac 862d 016e bf9a 5851 e6a6 b6b5 2513  ...-.n..XQ....%.
 00000f0: 790e c412 ff07 dc91 9cd8 e13e 9645 72ee  y..........>.Er.

 Some potential exercises
 * Read the file
 * Create a python list of all of the bytes ([39, 38, ...])
 * Transform the list into a list that contains only the least significant bit [1, 0, ...] (common locations for hiding data)
 * Transform the list into a list that contains only the most significant bit [0, 0, ...] (common locations for hiding data)
 * Extract the 0x30th through 0x35th bytes ([28, 6f, ...]_) (In a file, it is common to want to extract a particular header)

 Other than quick data manipulation, another useful python thing is scripting
 interactions with websites. This way, you can test your CTF exploits
 automatically. It also opens up the possibilities of attacking concurrency bugs
 (spawn like 100 threads of python and have them all make requests).

 I haven't used python to do it before, but I believe that Mechanize
 (http://wwwsearch.sourceforge.net/mechanize/) is a fancy tool since it supports
 javascript/cookies to do stuff like log in. Anything without Javascript doesnt
 really matter because we can just construct cURL requests.
	`cat /dev/urandom \| xxd \| head -16` > some_hexdump.txt
	0000000: 3938 c251 68a6 8557 ef2e 469b 24fc f349 98.Qh..W..F.$..I
	0000010: 8e89 36ab 6824 a5cd 13a9 7477 bddf 8b29 ..6.h$....tw...)
	0000020: b4ef 20ca 79e9 b811 05cb a5a5 b441 54e7 .. .y........AT.
	0000030: 286f 5370 e3ec cf92 147d 873d 5665 818e (oSp.....}.=Ve..
	0000040: f7e0 e35f fd50 7dbe b143 bcf4 41d1 11c9 ..._.P}..C..A...
	0000050: b181 0f32 b66f 5842 0ceb 6396 529e aeda ...2.oXB..c.R...
	0000060: e934 ba21 674d 93b5 153f 144d 0472 835e .4.!gM...?.M.r.^
	0000070: 03a1 ea03 7c92 573c ef7b f181 3ffa 391f ....\|.W<.{..?.9.
	0000080: fbea 4e3a 691c d577 4779 3c8d 5501 4ba1 ..N:i..wGy<.U.K.
	0000090: fccb 9dcb f43c d034 2a60 f2e5 3f27 5fce .....<.4*`..?'_.
	00000a0: e0b0 1886 5b16 a62a 68de 96ba 620a 8233 ....[..*h...b..3
	00000b0: 659c 2d61 24f4 9d1f 9de3 76ec 5dc4 4b4e e.-a$.....v.].KN
	00000c0: 9a04 0449 84ea 5c35 c0f9 56be f34a d48a ...I..\5..V..J..
	00000d0: a118 8978 8e12 3efc c40c 428b 711a b107 ...x..>...B.q...
	00000e0: e2ac 862d 016e bf9a 5851 e6a6 b6b5 2513 ...-.n..XQ....%.
	00000f0: 790e c412 ff07 dc91 9cd8 e13e 9645 72ee y..........>.Er.

	Some potential exercises
	* Read the file
	* Create a python list of all of the bytes ([39, 38, ...])
	* Transform the list into a list that contains only the least significant bit [1, 0, ...] (common locations for hiding data)
	* Transform the list into a list that contains only the most significant bit [0, 0, ...] (common locations for hiding data)
	* Extract the 0x30th through 0x35th bytes ([28, 6f, ...]_) (In a file, it is common to want to extract a particular header)

	Other than quick data manipulation, another useful python thing is scripting
	interactions with websites. This way, you can test your CTF exploits
	automatically. It also opens up the possibilities of attacking concurrency bugs
	(spawn like 100 threads of python and have them all make requests).

	I haven't used python to do it before, but I believe that Mechanize
	(http://wwwsearch.sourceforge.net/mechanize/) is a fancy tool since it supports
	javascript/cookies to do stuff like log in. Anything without Javascript doesnt
	really matter because we can just construct cURL requests.
No results found