hacking tagged posts

This year I was at bruCon in Ghent, BE. I usually either go to interesting talks or spend the conferences in challenges just like I did in Defcon back in 2017.

So during bruCON I stumbled upon this challenge with QR-code that says “first one to scan this gets 100€”; in my head I thought pff this is easy and I will probably not be the first one to scan this. So I popped my phone and scanned. Nothing happened. Then I was like oh wait .. a huge piece of this qr-code is missing.

So the first thing I thought of is to mark the squares randomly because I thought it must be redundant or error correction squars. Remember at this point I know nothing about qr-codes...

As part of any post exploitation in a security auditing or testing engagement you will want to gather as much info as you want about the victim to be able to target your next victim in the chain.

Having said that sometimes you stumble upon strange files, encrypted data, and network traffic that you don’t know what to do with it. One of these was an .sdf file related to hmailserver. The last is an open source mail server, you can read more about it here.

When gaining access to this server you will want to read this file:

A sample output would look something like this:

While I was coding the ‘Twitter Short Handles Finder‘ I needed an efficient Alpha-Numeric Strings generator in Python. I coded this from scratch: