刍狗狗の小窝

My ISP doesn’t support IPv6 yet, I managed to have IPv6 connection by proxying through a DigitalOcean IPv6 server with WireGuard. First, create a DigitalOcean droplet with IPv6 enabled. According to the DigitalOcean IPv6 documentation, the subnet is /124, so it provides 16 IPv6 addresses to a droplet. vim /etc/sysctl.conf net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 sysctl -p to load the /etc/sysctl.conf file. Installing WireGuard according to https://www.wireguard.com/install. On the DigitalOcean server, run wg genkey > privatekey wg pubkey < privatekey > publickey On your client, also run the same commands to generate the private key and the corresponding public key (Your OS may have a WireGuard App that does it for you with clicking some buttons)

DNS nslookup -type=A google.com 1.1.1.1 host google.com 1.1.1.1 dig google.com Generate a test certificate for localhost openssl req -x509 -sha256 -nodes -addext "subjectAltName = DNS:localhost" -newkey rsa:2048 -days 365 -keyout localhost.key -out localhost.crt

This year we added a Proof of Work to some of our challenges. Just run python pow.py <target>, were target is the value provided by the server and get the flag. pow nc welcome.insomnihack.ch 1337 Run nc welcome.insomnihack.ch 1337, we get ====================================================================== ============ Welcome to the Insomni'Hack Teaser 2020! ============ ====================================================================== Give me an input whose md5sum starts with "1a3a7e" and get the flag ;) I completely forgot that there is a pow.

Visit the link, we get the web server’s c++ code. #include "crow_all.h" #include <cstdio> #include <iostream> #include <memory> #include <stdexcept> #include <string> #include <array> #include <sstream> std::string exec(const char* cmd) { std::array<char, 128> buffer; std::string result; std::unique_ptr<FILE, decltype(&pclose)> pipe(popen(cmd, "r"), pclose); if (!pipe) { return std::string("Error"); } while (fgets(buffer.data(), buffer.size(), pipe.get()) != nullptr) { result += buffer.data(); } return result; } int main() { crow::SimpleApp app; app.loglevel(crow::LogLevel::Warning); CROW_ROUTE(app, "/") ([](const crow::request& req) { std::ostringstream os; if(req.

On https://advent2019.overthewire.org/challenge-zero we are presented with a fireplace gif. I first thought it’s a forensic challenge with the fireplace gif, but couldn’t find anything abnormal in the image. Then I checked the source code of the page. <html> <head> <title>Fireplace</title> <!-- browser detected: chrome --> </head> <body> <img style="width:400px;" src="/flames.gif"><pre>Fox! Fox! Burning bright! In the forests of the night! Hint: $ break *0x7c00</pre> </body> </html> We see that the server detects our browser and responds accordingly.