wikipedia - Dave's Blog

Stripe CTF - Level 7

2012 Sep 13, 5:00

Level 7 of the Stripe CTF involved running a length extension attack on the level 7 server's custom crypto code.

Code

@app.route('/logs/')
@require_authentication
def logs(id): 
    rows = get_logs(id) 
    return render_template('logs.html', logs=rows) 

...

def verify_signature(user_id, sig, raw_params):
    # get secret token for user_id
    try:
        row = g.db.select_one('users', {'id': user_id})
    except db.NotFound:
        raise BadSignature('no such user_id')
    secret = str(row['secret'])

    h = hashlib.sha1()
    h.update(secret + raw_params)
    print 'computed signature', h.hexdigest(), 'for body', repr(raw_params)
    if h.hexdigest() != sig:
        raise BadSignature('signature does not match')
    return True

Issue

The level 7 web app is a web API in which clients submit signed RESTful requests and some actions are restricted to particular clients. The goal is to view the response to one of the restricted actions. The first issue is that there is a logs path to display the previous requests for a user and although the logs path requires the client to be authenticatd, it doesn't restrict the logs you view to be for the user for which you are authenticated. So you can manually change the number in the '/logs/[#]' to '/logs/1' to view the logs for the user ID 1 who can make restricted requests. The level 7 web app can be exploited with replay attacks but you won't find in the logs any of the restricted requests we need to run for our goal. And we can't just modify the requests because they are signed.

However they are signed using their own custom signing code which can be exploited by a length extension attack. All Merkle–Damgård hash algorithms (which includes MD5, and SHA) have the property that if you hash data of the form (secret + data) where data is known and the length but not content of secret is known you can construct the hash for a new message (secret + data + padding + newdata) where newdata is whatever you like and padding is determined using newdata, data, and the length of secret. You can find a sha-padding.py script on VNSecurity blog that will tell you the new hash and padding per the above. With that I produced my new restricted request based on another user's previous request. The original request was the following.

count=10&lat=37.351&user_id=1&long=%2D119.827&waffle=eggo|sig:8dbd9dfa60ef3964b1ee0785a68760af8658048c

The new request with padding and my new content was the following.

count=10&lat=37.351&user_id=1&long=%2D119.827&waffle=eggo%80%02%28&waffle=liege|sig:8dbd9dfa60ef3964b1ee0785a68760af8658048c

My new data in the new request is able to overwrite the waffle parameter because their parser fills in a map without checking if the parameter existed previously.

Notes

Code review red flags included custom crypto looking code. However I am not a crypto expert and it was difficult for me to find the solution to this level.

A New Species Discovered ... On Flickr (npr.org)

2012 Aug 11, 9:17

Winterton, a senior entomologist at the California Department of Food and Agriculture, has seen a lot of bugs. But he hadn’t seen this species before.

There’s no off switch when you’re the senior entomologist. If you’re browsing the web you find your way to Flickr photos of insects or start correcting Wikipedia articles on insects.

flickr insect science photos

Reddit explains Obamacare

2012 Jul 1, 5:16

PPACA (aka Obamacare) broken down into its main subsections with brief explinations and citations linking into the actual PPACA document (why is it always PDF?).

Its interesting to see the very small number of parts folks are complaining about versus the rest which mostly strikes me as “how could this not already be the case?”

I’m no expert, and everything I posted here I attribute mostly to Wikipedia or the actual bill itself, with an occasional Google search to clarify stuff. I am absolutely not a difinitive source or expert. I was just trying to simplify things as best I can without dumbing them down. I’m glad that many of you found this helpful.”

health-care politics PPACA obama obamacare law legal

HTTP Compression Documentation Reference

2012 Jun 13, 3:08

There's a lot of name reuse in HTTP compression so I've made the following to help myself keep it straight.

HTTP Content Coding Token	gzip	deflate	compress
	An encoding format produced by the file compression program "gzip" (GNU zip)	The "zlib" format as described in RFC 1950.	The encoding format produced by the common UNIX file compression program "compress".
Data Format	GZIP file format	ZLIB Compressed Data Format	The compress program's file format
Compression Method	Deflate compression method		LZW
	Deflate consists of LZ77 and Huffman coding

Compress doesn't seem to be supported by popular current browsers, possibly due to its past with patents.

Deflate isn't done correctly all the time. Some servers would send the deflate data format instead of the zlib data format and at least some versions of Internet Explorer expect deflate data format instead of zlib data format.

zlib http http-header gzip technical deflate compress compression

Slash (punctuation) - Wikipedia, the free encyclopedia

2012 May 8, 5:36

Wikipedia’s alternate names for the slash include stroke, solidus, and separatrix.

humor wikipedia typography slash

Timeline of the far future (wikipedia.org)

2012 May 6, 3:01

Answers those questions like “When will the Sun boil away the Earth’s oceans?” and “When will the Sun burn out?”, but brings up new questions like which supercontinent configuration will win? I’m hoping for Pangea Ultima as it has the best name.

history future astronomy sun earth universe

Prime HTTP Status Codes

2012 Feb 22, 4:00

These are the prime HTTP status codes:

http prime technical useless

The 'Undue Weight' of Truth on Wikipedia (chronicle.com)

2012 Feb 15, 5:13

Interesting article on an expert attempting to modify an article on Wikipedia. Sounds like an issue when presented in this fashion, but looking at it from Wikipedia’s perspective, I don’t know how they could do better.

truth wikipedia internet

Herpderpedia, A Collection of Tweets by People Freaking Out About Wikipedia’s SOPA & PIPA Blackout

2012 Jan 18, 4:28

humor sopa pipa wikipedia law legal

Notabilia – Visualizing Deletion Discussions on Wikipedia

2011 Jan 10, 9:41

wikipedia visualization infographics design analysis humor

Ratatat Rocks

2010 Dec 28, 10:42

I just found out that I like the group Ratatat. I'd first heard them way back when the Zune was first released as the backing for Los Corazones on the zune-arts.net website.

But I didn't know who they were until today when I watched this Filmography 2010 video (via Kottke)

Until about 1:16 in, the music is Ratatat's Nostrand. On the first viewing it drove me crazy because I could only vaguely recall hearing something like that music before. I tracked it down via the zune-arts thing above and eventually found my way to the Nostrand video. Funny, all the recent comments on that one are from people who also just watched the Filmography video.

Berners Street Hoax - Wikipedia, the free encyclopedia

2010 Dec 6, 12:17Ye olde DoS: "The Berners Street Hoax was perpetrated by Theodore Hook in the City of Westminster, London, in 1809. Hook had made a bet with his friend, Samuel Beazley, that he could transform any house in London into the most talked-about address in a week, which he achieved by sending out thousands of letters in the name of Mrs Tottenham, who lived at 54 Berners Street, requesting deliveries, visitors, and assistance."

humor history prank

Peer-to-peer tech now powers Wikipedia's videos

2010 Sep 27, 3:15This is awesome and similar to something I got a cube for. Wikipedia runs its videos through a service that sets up torrents for arbitrary URLs. So awesome! Now if only this were built into the user agent rather than requiring hardcoding the sites to use it...

technical p2p wikipedia network networking torrent web

Comparison of JavaScript frameworks - Wikipedia, the free encyclopedia

2010 Apr 27, 3:30

ajax javascript reference web browser script technical jquery gwt

The Hitchhiker's Guide to the Galaxy (film) - Wikipedia, the free encyclopedia

2010 Mar 12, 11:11"All of the sculpted noses on the planet Viltvodle VI were fashioned after Douglas Adams' own. The creators used a 3D model he had created for the game Starship Titanic." The noses mentioned in the previous sentence were depicted in the movie in a church. The religion of this church maintains that the universe was created by their god sneezing out the universe and so they have statues of their god's nose throughout the church. Of course this is intended to seem absurd, however based on the previous sentence -- that the nose belonged to Douglas Adams -- then they really were worshping the nose of their creator.

douglas-adams book hhgttg movie religion nose

UVB-76 - Wikipedia, the free encyclopedia

2010 Jan 18, 3:24"UVB-76 is the callsign of a shortwave radio station that usually broadcasts on the frequency 4625 kHz (AM full carrier). It's known among radio listeners by the nickname The Buzzer. It features a short, monotonous buzz tone (help·info), repeating at a rate of approximately 25 tones per minute, for 24 hours per day. The station has been observed since around 1982.[1] In rare occasions, the buzzer signal is interrupted and a voice transmission in Russian takes place. Only four such events have been noted. There is much speculation; however, the actual purpose of this station remains unknown." Inspiration for Lost?

radio russia mystery

WPAD Server Fiddler Extension

2010 Jan 5, 7:42

I've made a WPAD server Fiddler extension and in a fit of creativity I've named it: WPAD Server Fiddler Extension.

Of course you know about Fiddler, Eric's awesome HTTP debugger tool, the HTTP proxy that lets you inspect, visualize and modify the HTTP traffic that flows through it. And on the subject you've probably definitely heard of WPAD, the Web Proxy Auto Discovery protocol that allows web browsers like IE to use DHCP or DNS to automatically discover HTTP proxies on their network. While working on a particularly nasty WPAD bug towards the end of IE8 I really wished I had a way to see the WPAD requests and responses and modify PAC responses in Fiddler. Well the wishes of me of the past are now fulfilled by present day me as this Fiddler extension will respond to WPAD DHCP requests telling those clients (by default) that Fiddler is their proxy.

When I started working on this project I didn't really understand how DHCP worked especially with respect to WPAD. I won't bore you with my misconceptions: it works by having your one DHCP server on your network respond to regular DHCP requests as well as WPAD DHCP requests. And Windows I've found runs a DHCP client service (you can start/stop it via Start|Run|'services.msc', scroll to DHCP Client or via the command line with "net start/stop 'DHCP Client'") that caches DHCP server responses making it just slightly more difficult to test and debug my extension. If a Windows app uses the DHCP client APIs to ask for the WPAD option, this service will send out a DHCP request and take the first DHCP server response it gets. That means that if you're on a network with a DHCP server, my extension will be racing to respond to the client. If the DHCP server wins then the client ignores the WPAD response from my extension.

Various documents and tools I found useful while working on this:

WPAD IETF draft document the never out of draft document describing WPAD
DHCP RFC
DHCP options RFC
DHCP Wikipedia article which includes helpful byte layout tables for DHCP messages.
Fiddler Wiki esp. the dev section but also the portion on the new preferences API.
Fiddler Dev Docs and for those things not covered in the Fiddler docs, Visual Studio's name completion (or the .NET Reflector) usually served me well.
Netmon a great network sniffing tool for all my non-HTTP network inspection needs.
Tiny DHCP Server on CodeProject which implements a conventional DHCP server.

proxy fiddler http technical debug wpad pac tool dhcp

Older Entries Creative Commons License

Some rights reserved.