Hacking Sorge, Stock, Bugiel, N├╝rnberger

News

19.07.2018

Final Deadlines TOMORROW

Hi everyone,

Tomorrow (Friday, July 20th 23:59) is the final deadline for the last exercise sheet and for the final report.
Make sure you submit in time since late submissions will not be accepted.

Regards,
Joshua

18.07.2018

No meeting today

There will be no meeting today.

14.07.2018

Exercise 06 extension

Due to some technical problem with virtual box and ubuntu, the vm for exercise was not stable with ASLR.

I have uploaded a new vm. Please download it.

Due to this exercise 06 submission is extended till Friday 20th July 2018 11:59 pm.

11.07.2018

Exercise 6 : Task 1 Flag fixed

The flag was wrong. It is fixed now. Please try to submit and report if it is not working.

04.07.2018

Exercise 5: Additional note

Unfortunately, there has been a problem with the picture in task 2 - the version of the memory image that I uploaded does not contain the picture in a reasonably accessible format. It does, however, contain a screenshot. So ignore the description of the picture and... Read more

Unfortunately, there has been a problem with the picture in task 2 - the version of the memory image that I uploaded does not contain the picture in a reasonably accessible format. It does, however, contain a screenshot. So ignore the description of the picture and describe the screenshot and how you obtained it. The information in the screenshot may confirm something you have already found out, but do not use it as a substitute for other memory analysis methods.

02.07.2018

Exercise 05: Image download

I have received several comments indicating the memory image download did not work. It does, but only within the university network (including VPN).

28.06.2018

Exercise 05

Exercise sheet 5 has been uploaded. Sorry for the slight delay.

26.06.2018

Last-Minute update for Ex4

Hi all,

a big sorry from my side, but there has been a mixup in the encrypted message on Exercise 4. The binary data was mixed so that every two bytes were swapped. If you managed to extract the AES key but failed to decrypt the message from the sheet, try it... Read more

Hi all,

a big sorry from my side, but there has been a mixup in the encrypted message on Exercise 4. The binary data was mixed so that every two bytes were swapped. If you managed to extract the AES key but failed to decrypt the message from the sheet, try it again with the following data:

8feb0333433b0f660c8a7215e95eeecc
27e47a35d75c0eda16aa42e30752e407
50032f405358c7f0e07650480ad42795
0af6a7293a8e37515bad8a29b3f129af
54ee5ea350e880a74f3848371db88c72
6fffe3f2b437319815199d6eeab3c0b6
c2c6d80153d82cafba8c1933090504ad
10ca8c221dcef3fd2a8f40cae8d5b2e3
ca4f2d101a540514ca68cef6896e6ec1
4fec604ee5219124f815e59e359c785c
c321e6f70a8df9d534996dcf96812e60
665ffcd15e94983e82cdc62a40cd34a9

If your submission is correct up to the point where you decrypt the message, you will of course get full points.

Sorry for the mistake and see you tomorrow,
Frederik

18.06.2018

Raspberry Pi

If you have a Raspberry Pi 2 Model B at home, you can download the following image and solve Exercise 4 Part 1 yourself without any additional hardware. Copy the image to an SD card (min. 16 GB) and boot it.

... Read more

If you have a Raspberry Pi 2 Model B at home, you can download the following image and solve Exercise 4 Part 1 yourself without any additional hardware. Copy the image to an SD card (min. 16 GB) and boot it.

https://hyperion.cispa.saarland/fred/hacking/pi2.image

Keep in mind that we cannot offer support for your own hardware. If the image doesn't work or you run into problems using it, it might be necessary to swap for one of the provided Raspberry Pi 3 Model B.

In case you break the operating system on the provided Raspberry Pi 3 Model B, you can use this image to restore the SD card (8 GB) to its original state.

https://hyperion.cispa.saarland/fred/hacking/pi3.image

15.06.2018

Exercise 4.1

The Cold Boot part of Exercise 4 is ready and the sheet will be released this weekend. As we announced on wednesday, you will be needing hardware for this exercise which we will of course provide. Each team can come by the office in E9 1, room 1.13 on monday and get... Read more

The Cold Boot part of Exercise 4 is ready and the sheet will be released this weekend. As we announced on wednesday, you will be needing hardware for this exercise which we will of course provide. Each team can come by the office in E9 1, room 1.13 on monday and get one Raspberry Pi. As the software has yet to be copied to all devices, we suggest that you come after lunch. You may however try coming in the morning, if you're feeling lucky.

Sorry for the delay and have a nice weekend.

Frederik

08.06.2018

Exercise 3: Covert Channel: Hint 3/3

Last hint:

One channel uses a (slightly modified) morse code.

07.06.2018

Exercise 3: Covert Channel: Hint 2/3

Hi,

the second hint is:
One of the channels is hard to find when using wiresharks default settings for the used network protocols

06.06.2018

Exercise 3: Covert Channel: Hint 1/3

Hi everybody,

there has been a request to give some hints on the Covert Channel task.

So I decided to give you three hints on the following dates:
6.9.2018: 15:30
7.9.2018: 15:30
8.9.2018: 15:30


So here is the first hint:
3 out of 4 channels are... Read more

Hi everybody,

there has been a request to give some hints on the Covert Channel task.

So I decided to give you three hints on the following dates:
6.9.2018: 15:30
7.9.2018: 15:30
8.9.2018: 15:30


So here is the first hint:
3 out of 4 channels are sending text as their payload

 

Cheers,
Joshua

15.05.2018

LSF Signup

Please sign up for the course in the LSF. The deadline for registration (and unregistration) is set to next week Wednesday, May 23rd.

 

07.05.2018

Exercise 1: Due date

Hi everyone,

There has been a typo on the current exercise sheet (which has been corrected).

The first exercise sheet is due on May 15th 11:59PM.

 

05.05.2018

Exercise Sheet #1: Server fixed

Hi all (again),

the server for Exercise Sheet #1 is (or should be) fixed now. If you encounter any problems, write me an email. The server still runs on all 3 ports (1337, 1338, 1339), so if one doesn't work, you can try another.

Have a nice weekend and good... Read more

Hi all (again),

the server for Exercise Sheet #1 is (or should be) fixed now. If you encounter any problems, write me an email. The server still runs on all 3 ports (1337, 1338, 1339), so if one doesn't work, you can try another.

Have a nice weekend and good luck with the exercises,
Frederik

P.S.: It wasn't explicitly written on the exercise sheet, but the service is for verification only. Please do not try to brute-force the passwords or dictionaries (I keep logs now!). All the information you need is on the exercise sheet and somewhere online. If you have problems, contact me with a (detailed) description of what you tried so far.

05.05.2018

Alternative servers for Exercise Sheet #1

Hi all,

due to the troubles with the server for Exercise Sheet #1 I have set up two alternative connections. You can use

nc pulsar.die-sinlosen.de 1338
nc pulsar.die-sinlosen.de 1339

It seems that the server is only accessible by one team/person at a... Read more

Hi all,

due to the troubles with the server for Exercise Sheet #1 I have set up two alternative connections. You can use

nc pulsar.die-sinlosen.de 1338
nc pulsar.die-sinlosen.de 1339

It seems that the server is only accessible by one team/person at a time. While I'm trying to sort this out, please be patient and try one of the alternatives or wait a few minutes if the connection hangs.

Sorry for the trouble
Frederik

Show all
 

Hacking

Please use the meta proseminar to register.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators