In my day job, I do a great deal of development on WordPress sites. I’ve come a long way in my understanding of the popular CMS software in the last couple years, but I’m still learning something new all the time.
In that spirit, here’s a collection of WordPress plugins that I’ve found to be life changers. I consider them must-installs when working on new sites:
I remember when I started creating custom post types and using ACF. It expanded my perception of what a WordPress site could be. Before discovering ACF, I had to resort to ugly hacks and just kind of lumping posts together with categories and duct tape.
The base ACF is free, but the Pro version is not only an extremely fair price (A$25 at the time of writing), but includes invaluable field types, like the Repeater, Options pages, and the ability to integrate with the new Blocks feature in WP5.
This one may have been abandoned, but it still works as of this writing. It checks for plugin, theme, and core updates regularly, and emails me about it. WordPress being kept updated is crazy important, so it’s great to be able to update as soon as possible. Might need to find a replacement for it, though, if it really has been left for rats.
If you’re doing any work with user roles, you need this. View Admin As allows you to switch between various roles and capabilities without having to log out, or keep a private browsing window open with another account loaded up.
Which template wound up being loaded? Why is this taking so long to load? WHERE ARE MY PANTS?? Query Monitor adds a wonderful dropdown on the admin bar that helps you find out the answer to all of these, and more.
Dumps all of a post’s meta values at the bottom of it’s edit screen. See every little bit of information being stashed along side your posts. Why something like this isn’t included as a built-in debug tool is beyond me.
Adds the wonderful vd(), vdd() debug methods (substitutes for print_r, et al), and a gorgeous, very helpful error message via the Whoops error handler.
Just a word of warning though: this seems to crank the error reporting level, so even basic issues stop everything in their tracks. Normally, this is good — fix it! But I had at least one time where it caused a silent crash, and I couldn’t do ANYTHING in WordPress. Not even disable Debug Toolkit. I had to go in and manually remove the plugin from the command line. MOST of the time, it’s perfectly great though. Just stay aware.
An interactive PHP console via the admin bar! Instead of hacking in a test or two and dying somewhere, just pop down the console and test out your PHP/WordPress code assumptions in a safe space.
This should have been a home run. Decent cast. And an interesting foundation of an idea.
A young couple looking to buy a new home become trapped, alone in community of identical homes. After repeated attempts to escape, always, inexplicably circling back to building #9, a box appears with a newborn baby inside: raise the child, and be released, print on the box promises.
For a while there it felt like a compelling, bizarre supernatural mystery in the best tradition of Twilight Zone‘s creepiest.
And then… just as it gives you a taste of where this might finally be going… nothing.
It yanks the rug out, and practically waves a scolding finger in your face for wanting more from the film. It punishes you for it with a an eye-roll of an ending that’s nowhere near as clever as it probably thinks it is.
There’s some creepy atmosphere, decent acting, but it literally goes nowhere at all. Just enjoy the trailer and imagine your own, more interesting film.
(This is a mirror from swtpc.org [archive.org], which itself is a mirror from BYTE Magazine. Minor formatting changes have been introduced.)
BYTE’s Audio Cassette Standards Symposium
Written by Manfred and Virgina Peschke BYTE, Feb 1976, Pages 72 and 73
BYTE Magazine sponsored a symposium on November 7 and 8, 1975 in Kansas City MO regarding the interchange of data on inexpensive consumer quality audio cassette drives.
These drives may be used as one of the mass storage devices in the first generation of personal computers, and will retain importance for some time to come as a means of interchange of software between computer enthusiasts who purchase products of the small systems industry.
In order to promote the growth of the industry, BYTE sought to achieve an industry standard on audio cassette data interchange through a working conference.
We extend our greatest appreciation to the 18 people who worked very hard until late Friday night and Saturday morning to discuss the multitude of problems and solutions associated with digital recording on auto cassettes. The names of the participants are listed in Table 1.
In spite of the short time available, the participants were able to draft a set of provisional standards which seems to promise great reliability and is rather inexpensive to implement; implementations may be entirely in hardware, or may require a mix of software and some minimal hardware.
Considerations were given to the problems of speed variation among recorders and playback equipment, start and stop delays, recording density (or speed) versus reliability, and recording frequencies to avoid interference with the telephone network in case some users plan to transmit the tones of the cassette over the phone lines.
On Saturday afternoon, Mr. Felsenstein and Mr. Mauch volunteered to write up the consensus among the participants as to a provisional standard which has been reproduced below.
Provisional Audio Cassette Data Interchange Standard The consensus among the participants of the audio cassette standards symposium at Kansas City MO sponsored by BYTE Magazine is as follows:
The proposed standard centers around the use of a frequency shift modulation method from which serial clock data can be extracted at rates of up to 300 baud. The system is intended to be used with low to medium cost cassette recorders incorporating electrical stop and start capability which may be operated under program control.
The technique proposed provides for long and short term tape speed variation, limitations in bandwidth due to effects such as tape misalignment, and the necessity to retain low cost and low complexity of the hardware. The technique allows for potential operation at higher tape speed than the nominal 1.875 inch/s (4.75 cm/s).
A mark (logical one) bit consists of eight cycles at a frequency of 2400 Hz.
A space (logical zero) bit consists of four cycles at a frequency of 1200 Hz.
A recorded character consists of a space as a start bit, eight data bits, and two or more marks as stop bits.
The interval between characters consists of an unspecified amount of time at the mark frequency. In this respect the data format is similar to that of asynchronous data communication.
The eight data bits are organized least significant bit first, most significant bit last, and followed (optionally) by a parity bit. The total number of significant bits and the parity bit cannot exceed 8.
Where less than eight data bits are used, the unused bits (following the optional parity bit) at the end of the character are mark bits (2400 Hz).
Data will be organized in blocks of arbitrary and optionally variable length, preceded by a minimum of five seconds of marks. To avoid errors due to splice and wrinkle problems common at the beginning of tape, the beginning of the first data block will occur no sooner than 30 seconds from the beginning of clear leader.
The contents of the data block are not specified.
The data block ends after the stop bits of the final character.
Bit clocking information may be extracted from the recorded waveform, which is always an integer multiple of the bit rate, regardless of tape speed. This permits the recovery and retiming of data by means of a UART, which requires a clock of sixteen times the bit rate, although other simple circuitry may be used.
A reliable bandwidth of 3000 Hz was assumed in choosing mark and space frequencies due to the head misalignment expected between various cassette recorders. The recording technique is a redundant form of Manchester or bifrequency code which has a long history of reliability in the computer industry. In its present form it was proposed by three independent manufacturers at the conference. One cited reliability rates of one error in 10**7 characters for 200 passes.
Table 1: Participants at Audio Cassette Symposium.
Ray Borrill
1218 Prairie Dr, Bloomington IN
Hal Chamberlin
The Computer Hobbyist, P 0 Box 5985, Raleigh NC 27607
Tom Durston
MITS, 6328 Linn NE, Albuquerque NM
Lee Felsenstein
LGC Engineering, 1807 Delaware St, Berkeley CA 94703
Joe Frappier
Mikra-D, 32 Maple St, Bellingham MA
Bill Gates
MITS
Gary Kay
Southwest Technical Products Corp, 219 W Rhapsody, San Antonio TX 78216
Bob Marsh
Processor Technology, 2465 Fourth St, Berkeley CA 94710
Harold A Mauch
Pronetics, 4021 Windsor, Garland TX 75042
Bob Nelson
PCM, San Ramon CA
George Perrine
HAL Communications Corp, Box 365, Urbana IL 61801
Ed Roberts
MITS
Richard Smith
The Computer Hobbyist, P 0 Box 5882, Raleigh NC 27607
Les Solomon
Popular Electronics, 1 Park Av, New York NY 10016
Michael Stolowitz
Godbout Electronics, Box 2355, Oakland Airport CA 94614
I was doing a bit of OSINT-ish poking around on this character, Mellissa Carone.
She’s a supposed voter fraud “whistleblower” for Rudy Giuliani. His star witness claims to have essentially seen all the voter fraud ever in her seemingly-drunken, insane testimony at a hearing in Michigan. You really have to see it to believe it. She made a complete ass out of herself trying to bullshit everyone in the room.
Even Rudy, at one point, had to be like “whoa, down girl”.
Ordinarily I wouldn’t be dwelling on a private individual in a blog post, but Mellissa chose to step into the public arena.
So I figured I’d see what I could dig up on the web, in relation to a couple of her claims. Just practicing some OSINT on a public figure.
Anyway, in her testimony she claimed to be an IT contractor hired by the current conspiracy scapegoat “Dominion“. Now she says she can’t get work anymore because “the Democrats destroyed her life”, and so on.
As far as jobs go, her LinkedIn says she’s been an intern at a place called Ciber Global but with the title “Cyber Security Analyst”. She mentions Ford Motor in a subheading on this one.
Next one down, same timeframe as the Ciber job, again, “Cyber Security Analyst” for Ford Motor Company. Maybe lent out as a temp?
Further back, an internship as an IT Technician at a local painting company.
Along side all this, she’s also listed as being a graduate of ITT Technical Instutute and the University of Michigan, working on an associates degree in Computer/Information Technology Administration and Management.
In addition to her work experience, her profile features a set of certificates and awards:
Nothing really of interest. I can’t even verify her Ciber employment, never mind this certificate. But that’s fine. I don’t really care. Any discrepancies are probably easily explained with a little more detail. (Benefit of the doubt, and all that.)
But then I scroll over to the third cert; the “Cyber Awareness Challenge” completion certificate:
What’s that logo? Department of… hmm. I can guess, but let’s ZOOM AND ENHANCE:
You too — yes, YOU — can take the unclassified training course, just like she did, and get your very own DoD Certificate of Completion for you to type “FART BUTT” on and save to a PDF and put on your own profile.
And best of all, it’s in COLOR and updated for 2021!
But in all seriousness, I encourage you to take a look at this small, free course they’re offering.
It’s actually well put together and rather creative for a multiple-choice quiz that marks you correct even when you’re wrong. You can’t lose!
The real meat of it, though, are the details it provides. There’s a lot of “duh” basic security things (don’t bring in external devices, don’t hold security doors open for anyone, etc), but it actually gives some interesting insights into how they handle working with classified security information, among other things.
So, a couple weeks ago I was watching this video tribute to Super Mario World‘s 30th anniversary.
At around the 17:20 mark, in the middle of talking about various tie-in products to promote the game, it brings up Mario & Yoshi’s Adventure Land. A one-episode animated movie that follows Mario and Luigi through, essentially, the events of Super Mario World.
What makes it unique is that it this is a “VCR game” of sorts that uses the Terebikko: an interactive ‘quiz’ device that mimics a telephone. Mario calls you. The phone rings. You pick it up. He asks you a question that needs a 1, 2, 3, or 4 response. (Or red, green, yellow, blue.)
You press the answer within the allotted time, and you get a response. (Near I can tell, it mutes the phone for the inappropriate response, but that’s something we’re going to find out definitively.)
And it’s more than just Mario. There’s a whole catalog of videos made for it in Japan, including Dragon Ball Z and Sailor Moon.
I found it all oddly fascinating. And my curiosity started to kick in. It seemed so simple, but it was a clever idea. I loaded the audio into Audacity and realized I could make out binary… uh oh.
See, one of the things I’ve always had an interest in, but never got a chance to try was demodulation of a digital signal from an audio file. Like the screeching of a modem, or a game loaded off an audio tape into a ZX Spectrum. That kind of thing. This seemed like the perfect on-ramp for it.
With very little actual information online, this also seemed like a perfect reverse engineering project in general.
I found out they released a version of this in the United States in 1989 under the Mattel label, a year after it’s debut in Japan from Bandai, and… I found one on eBay for under $20 shipped. 😎
So now I’m, seemingly, irrevocably committed to this project, now that money is involved. 😏
Here’s what I’m planning. I’ve already spent a couple days dicking around and have a stack of notes. I’m hoping to get at least several decent blog posts out of this adventure:
My Goals for this Project!
Primary
Reverse engineer the digital protocol used, as much as possible
Create a real time decoder for it
Create a tool to generate the codes, so people can create their own, new videos
Secondary
Do a complete tear-down of the actual device with high res screencaps of the internals (I believe both US and JP versions are identical — the case and operation certainly is, and the videos are all compatible with each other’s versions). Just totally document the hell out of it. Get it all onto Github and Archive.org for safe keeping.
Nice to Have
Possibly integrate the decoder into a software emulator/video player as an all-in-one playback app. (How hard are VLC plugins to write…? 🤔)
That last one is unlikely, but hey, if I haven’t burned myself out on the entire thing by that point, who knows?
UPDATE (2021-03-10): I’ve finally setup a site wiki for content like this. Here’s the entry for the Terebikko: https://wiki.network47.org/terebikko
Season 11 of Archer has been over for a while now, but a recent video from Wisecrack discussing the downside of the “coma seasons” got me thinking about it again. (For the record, I thought the coma seasons were generally fun, interesting “what if” anthologies that I understood helped break up creator Adam Reed’s creative block. But I was happy to see them in the rear view mirror.)
This latest season? Fun in the moment-to-moment. But on the whole? I was left feeling apathetic.
I thoroughly enjoyed the rest of the team becoming better without him, while he was in a coma. I mean, I loved the better people they became. Especially Cyril. It was like they all evolved in their ultimate forms.
And I know, deep down, that “backsliding” is where the plot of the show HAS to go. Their transformation is the setup, and Archer being the reason they were held back is the punchline.
I understand that. But it also brings a great deal of personal frustration.
I found myself thoroughly enjoying the new, improved ISIS. And I kind of hoped the show was going to subvert my expectations. Instead of resetting everyone to their pre-coma semi-incompetency (they weren’t technically shitty agents before; just… distracted… and held back), let’s explore the a new normal. One where Archer turns his back on his friends, because he feels betrayed. And they no longer need him to be the agent of chaos ‘glue’ to keep them successful.
For a while, I seriously believed they were going to do this.The various clues I picked up on almost seemed to suggest Sterling might basically say “fuck it” and start recruiting for his own, competing spy agency. And maybe we’d see future seasons dip into that awkward, jealous rivalry. It certainly looked like Sterling was beginning to accumulate a series of friends who actually LIKED him, for a while there. Aleister, Barry, Hands. Hell, maybe even steal Pam. A competing agency of people who actually appreciate him, and maybe work better with him around? Now that’s an interesting premise to explore for a while.
But… it didn’t go there.
Instead it was, apparently, just business as usual? Instead, Lana’s marriage begins to fall apart. Cyril relapses into his “beta” position. And the rest follow suit, with the whole show reset back to Archer being the cause of, and solution to all of their problems.
And that’s a letdown. The season felt like it was building this arc in the background… but it wasn’t. It was just my imagination. The show was just backsliding. Like the characters themselves.
And now with Sterling seeing coma illusions in the finale, I don’t know if this is a fake-out and he’s still in the coma. Or is this some new psychosis?
I… just don’t care…🤔
As a massive fan of the show for a very long time, that genuinely hurts to admit.
Don’t get me wrong, the show is still fun, if a bit tired. But it just feels completely aimless in the larger view. And that’s on them: they introduced the season-long arc concept back when the show took a hard turn into Archer:Vice. And now, many seasons later, a viewer can’t be blamed for looking for that to continue… trying to find a thread interlinking the episodes… and feeling kind of empty when nothing of consequence is there.
Though, the coma illusion stuff in the finale feels like wanting your cake and eating it. But I guess we’ll see what happens next season for that thread. If there WAS anything anything TO it.
So yeah. I really don’t know what the hell they’re doing at this point.
There was a predictable vibe to the show that was it’s meat and potatoes in prior years that is hard to accept returning to. Those jokes and tropes made the show what we love. But increasingly Archer feels like a show that knows that it has to change, tries for a bit, but then gets cold feet about commitment and swings the steering wheel back onto the main road. Sterling’s daughter was the last straw of my patience for that kind of thing: it felt like we could finally see even a sliver of permanent character development for him, but instead AJ just becomes another delivery system for TWO finger-raised-while-drinking jokes, and, this season, a kidnapping plot point.
Maybe it was better to just leave Sterling in the coma and leave the future to our imagination. 🤔
As a long time fan of Watch Dogs 2, I observed the initial concept and trailer for Watch Dogs: Legion roll out with a feeling of trepidation.
They’d dropped the number ‘3’ from the title, first off. Perhaps a trivial change, but for the paranoid, this was an ominous sign that things were changing.
And indeed they were.
Gone was a specific lead character. There was a big push towards the idea that you could “take control of anyone”. And it seemed like there was an overall less ‘realistic’ feel: digital-cyber-anarchists in pig masks, skull masks. Lots of masks. And it looked like it took place in a less relatable, less contemporary world, instead set further into the dystopian future.
While I welcomed the change of venue to the UK, everything else I was seeing just wasn’t clicking with me.
I felt like this would likely be where me and the Watch_Dogs™ franchise would part ways… I was all about WD2’s wonderful alternate-yet-familiar world of late 2010s San Francisco, with it’s terrific energy thanks to the rebel/ASCII pop art designs, and surprisingly compelling personalities. Not to mention it felt very relatable to today’s world. Slightly more advanced than today, but not unrecognizably so. Just twenty minutes into the future, you could say. 😏
And it strongly looked as if Legion was poised to throw away most of what appealed to me. So I stopped following the news about it, and decided all the indicators suggested this wasn’t going to be for me.
Then it launched…
Between the gameplay footage coming out, the absolutely brutal 2020 US election, and the frustrating additional delay of the much awaited Cyberpunk 2077 until mid-December, I found myself weak and incapable of holding onto the money in my virtual wallet.
So… how’d it go? Well, I just finished it last night. The “Ubisoft Connect” launcher informs me I’ve put in 49 hours so far. (For comparison, I’ve put a mere 60 hours into Watch Dogs 2. Or so it says. Feels like more.)
But did I like it?
Well, if the nearly 50 hours didn’t suggest it, I’ll spell it out: YES. Watch Dogs: Legion was definitely worth it.
The procedural/every-man rallied citizen gimmick that I was so skeptical about was actually a rather bold creative decision with a wonderful message about the power of the people. I don’t really want to see it return in future entries, but it worked here way better than I’d have ever expected. I didn’t notice similar voices. I’m sure the dupes were there but it was varied enough where it didn’t stand out. The variation and people, backstories, and relationships (!) it generates is rather impressive. (Though sometimes procedural generation can get you into trouble. 😏)
But it also held it back the narrative back in some ways: everyone calls you “DedSec” — a weak, but workable solution to recording lines without the near impossible task of referring to your procedurally generated name personally. Most of the time it sounded like it was referring to you as a representative of the group, but once or twice it just felt awkward. Not a game breaker, though. Not by a long shot.
The cinematics felt like a bit of a downgrade from Watch Dogs 2. Possibly this was due to the procedural nature of your current player character. The nuance of performance previously infused into Marcus and his San Fran DedSec friends is reduced a bit here. Again, forgivable considering the technological circumstances. They’re still generally quite good.
Even if the cinematics don’t always measure up, don’t even get me started on the absolute beauty and insane level of detail of London captured here. This might be the biggest advancement over WD2, and even that game still looks fantastic.
Quite often, especially with raytracing enabled, Watch Dogs: Legion is capable of looking almost photorealistic.
Another… well… I’m hesitant to call it a down side, as it’s merely the side effect of the gimmick.
But I’m kind of bummed that MY Legion experience isn’t everyone elses. It was just for me. Everyone playing this game is (with some exceptions) going to have a different vision of which DedSec member was there in the final act.
For instance, my main DedSec crew was composed of:
Wanda Baker: a 60+ assassin who’s looking for one last great thrill before hanging up her guns,
Theresa Green: a tough as nails, mid-40s punk rock MILF hacker with mohawk,
and Saeed Rahmanzai: a dreadlocked AR-glasses clad young drone expert (who got less play as the team got better with drone control)
There were a dozen others on the team, but once things really got rolling, they were pretty much just not much more than background noise…
For me, Wanda, Theresa, and Saeed ARE the saviors of London.
Yet… they’re not. They’re just folks I recruited along the way, and I got attached to them. My imagination filled in the blanks and made them more interesting.
The game is structured in such a way that I can do that, and the story won’t step on my imagination’s toes.
One other major difference from Watch Dogs 2: there’s a lot of streamlining of the gameplay present.
Many hacks from prior entries are gone. The character skill upgrades are greatly reduced. But you also get certain skills out of the box (like remote controlling vehicles, for example).
Where Watch Dogs 2 had a wealth of various, interesting upgrades, Legion’s options are much more… shall we say, focused… to a handful of weapon, accessory, and drone hack upgrades. Many of the more interesting skills are locked behind specific recruit classes with unique abilities. This is likely why the skill tree was minimized. It gives more value to recruiting the individuals. All the really cool tricks went to them. The “beekeeper” comes to mind, with a cloud of robotic attack bees… the “living statue” guy… the hypnotic “magician”… and so on.
I never got around to checking them out, unfortunately. I locked in my core team pretty fast.
This will likely be something I’ll be willing to explore on subsequent playthroughs. (There’s a perma-death mode, too!)
As for the core skills shared by the team, once you realize the spider-bot lets you take down unaware people from a distance, safely, and with ease, it’s really the only accessory you’ll care about. It kind of makes the game too easy. Nobody is forcing you to use it, of course: most missions have multiple open ended ways to accomplish tasks.
But blimey, it feels silly to NOT use it.
Also important: the drone/turret hijack and betrayal hack skills. Get a drone specialist early on to get access to these quickly, but with enough points in your skills and everyone can do them. (Sorry, Saeed. Thanks for your service.)
Overall, Watch Dogs: Legion is a pretty damned cool experiment. Despite all odds, it largely succeeds in pulling off the trick of it’s central gimmick while still delivering an engrossing (yet ultimately predictable — spoiler!) story.
While it hasn’t dethroned Watch Dogs 2 as my favorite in the series (it’s going to take a LOT to do that, admittedly) it certainly holds it’s own as a solid, enjoyable entry in the series.
Another Hack the Box write-up. This one is pretty short (EDIT: is it?), but it illustrates an unintended, but important gotcha that hit me.
But first…
I found out last time that a seemingly unspoken HTB convention* is that you only post write-ups for challenges that are retired (accessible to the paid VIP folks).
* Honestly, I only saw it mentioned while digging into the forums, and was told about it later when I posted the previous one on Reddit.
While I didn’t see an official explanation for this behavior, I suspect this is keep people from simply Googling for the flag. If that IS the case, I disagree with that idea: any good CTF’er will know to exclude the flag identifier -HTB or the CTF name (-"Hack the Box") when looking for information to help them legitimately solve the problem.
If someone is going to be a rotten rat and cheat their way through the challenges, well, that’s kind of the risk you take when it’s open to the public. Hiding the answers just means they’ll squirrel them away out of sight for the rats to find. (Boy there’s a lot of animals in this paragraph.)
And, of course, if it’s simply to give value to VIP members, well, I have no interest in helping a business maintain a poor model. But I don’t expect that to be the motive here. 😉
Suffice it to say, considering this one hasn’t been retired since 2018, I won’t be sharing it anywhere outside my own blog, apparently. And maybe Twitter. (Hi, Twitter!)
The Case Against Windows
I did this challenge, initially, using Windows. Mostly because this seemed like a pretty easy challenge, and I didn’t think that would be a problem.
The challenge provides you with a zip file, appropriately named misDIRection.zip.
Unzipping the file produces a .secret/ directory, and inside a series of directories labelled 0-9a-zA-Z. Some of these are empty. But some have 0-byte files named after integers. There were no duplicates among them.
I thought about this one for a bit, and considered how a message could be encoded.
Then I had an idea: what if the numbers map to a position in an output. Like, where file “1” is, that’s in the S directory. “2” is in F, etc.
So I started charting this out in Notepad, but I got about 4 letters deep and realized — wait, I should be doing this in a programmatic way. There are tools for this. Work smarter.
So I pull up the WSL bash prompt and throw down: find . -type f | sort -k 1.13 -n
This finds all the file-type entries under the current directory and pipes the result into sort. The -k argument basically says to sort on the 13th column, and -n specifies a numeric sort.
This gave a pretty clear arrangement: SFrce0rjUjNjdeX5XzFUX1BSNdFUX1NPN2V9. NICE!
Not So Fast, Son
While this wasn’t the flag, of course, it seemed like a solid lead into a second phase.
So I pull up CyberChef and start messing around with it. I go through the usual transformations I try, and Base64 immediately catches my eye: HZÜ{JãR3cuåù_1T_PR5ÑT_SO7e}.
It’s so painfully close to what I’m looking for. You can SEE the skeleton of a legit Hack the Box flag: HTB{xxx_xxx_xxx_xxx}. You can see the curly braces, and the underscores, and even the opening “H”. Presumably some of the other letters are correct as well, but you can’t know that yet, of course.
So I went down some weird rabbit holes. The hashid tool thought it was BigCrypt:
Everything I tried wound up being big time wasters.
So I gave up and looked for a write-up. Inside that write-up, the guy did everything I did:
WHAT?
I do a search for SFrce0rjUjNjdeX5XzFUX1BSNdFUX1NPN2V9 — and sure enough, there it is.
Am I going crazy? It’s just a basic Base64 decoding. Why is mine different?
Just to verify, I pipe it through the same base64 tool on my end. Nope. Still different.
What am I doing differently here?!
Then it dawns on me: I’m using Windows.
I’d gotten used to doing some formerly Unix-style command line stuff in Windows, thanks to WSL letting me bounce between the two worlds. And that was my mistake.
A Return to Relative Sanity
Let’s take a look:
Some characters showed up fine.
The same string gave two different decodings.
How could that be?
Well, unzipping a file that creates an alphabet… both upper AND lowercase letters… oh shit.
Riiight… unzipping in Windows means .secret/s is the same directory as .secret/S.
Which one you get depends on which one unzipped first. So I had a jumble of upper and lowercase directories that Windows went all YOLO on. And when I jumped over to WSL to do my find command, the damage was already done.
I needed to unzip the file from Unix.
So I nuked the entire directory and unpacked all of this from a proper Linux bash shell in my lab VM. And sure enough, I have a lot more directories.
I run my find command, and I get a slightly different version of my string: SFRCe0RJUjNjdEx5XzFuX1BsNDFuX1NpN2V9.
So I pump that through base64 -d, and we get the CORRECT flag this time: HTB{DIR3ctLy_1n_Pl41n_Si7e}.
The Takeaway
This was frustrating, but still quite educational: in the future I might encounter an issue similar to this, and hopefully I’ll remember this experience. I mean, I didn’t look closely enough at my string, and searching for it in the write-up made me think it was 1:1 exactly the same. All because search tools are, by default, case insensitive. And Windows is case insensitive.
But I’m very sensitive. 😢
Seriously, though don’t get too comfortable with Windows, man. It’ll stab you when you’re not looking!
I don’t for a moment think the author of this challenge intended for this outcome. (I sure didn’t.) But hey: thank goodness SOMEONE wrote a write-up on a non-retired Hack the Box challenge, huh? 😏
I’ve been doing a lot of TryHackMe rooms over the last week or two, but this morning I decided to jump over to HackTheBox to take a look at their OSINT challenges.
While I’ve never done a CTF write-up before, I want to start doing this a bit more often. Especially when I encounter new topics or concepts I’ve never encountered before.
We are looking for Sara Medson Cruz’s last location, where she left a message. We need to find out what this message is! We only have her email: saramedsoncruz@gmail.com
With this bit of content, I spent a lot of time going through my usual routine…
Sherluckin’ Out
First, I looked for the username saramedsoncruz using Sherlock. It’s a tool written in Python that queries a ton of social media services. (There’s websites for this, too.) This pulled up only a couple results:
When I saw the Geocaching link, I got excited. We could satisfy all of our requirements.
Her last location? Possibly! A potential message left? Sure! Maybe she took a picture of a message left in a cache. Or had comments about a cache she’d just found.
This seemed to be a lock… but, despite a match on that very specific username, it wound up going nowhere.
Struck out with the Pinterest link, but I had low hopes for that one.
Desperation Sets In…
At this point, I’m trying everything I know. Manually clawing though “Sara Cruz” accounts (and various permutations on the name) on Facebook and other social media sites. One even had a Guy Fawkes mask for an avatar — I thought to myself “Some dumb hacker shit! Surely, this must be it!”
But, no. Another dead end.
As I’m searching around, I see a link talking about Google IDs and Gmail accounts. It looks interesting, but I put it aside.
I’m about to give up — which is fine by me. Yeah, I’m always a little disappointed when I throw in the towel, but that’s part of the reason I do these CTF challenges: to test what I know, and if it’s something I don’t know: learn. (From write-ups. Like this. 😏)
…when suddenly!
So I return to the HTB OSINT page, and I take a look at the name of the challenge so I can google a write-up.
“ID Exposed”… hey, waaaait a minute…
I think for a moment as that piece of information zip-zaps across my mind over to the article I’d found earlier: Getting a Grasp on GoogleIDs.
I’d completely overlooked a clue in the title. Turns out this was VERY relevant!
I’ll leave the article for you to see the details, but long story short: there’s a profile ID number attached to every Google account. There’s a couple ways to get this ID outlined in the article.
In my case, I added it to my existing Google Contacts collection and sniffed the data-personid attribute from the modal dialog of the Contacts page when the contact is opened for editing (it may be seen elsewhere, but this is where I got it).
With this in hand, I went over to the People API people.get page, which lets you try executing an API endpoint. In order to execute this endpoint call, you’ll need to give permission for your own Google account.
Following the instructions in the article, I plugged in “people/c6412528252752365100” for the resourceName, and “metadata” for the personFields field.
The call, successful, returned this block of JSON:
Under the metadata -> sources entry with the PROFILE type, there is our GoogleID: 117395327982835488254.
Now That’s Brazilliant
From here, we can look for various things (again, check the article for what’s possible).
As it turns out, you can take a look at the ‘contributions’ that a GoogleID has made to Google Maps. This means reviews and photos, for the most part. Certainly the kind of data that would tick the boxes of what this CTF solution asks of us.
No photos, but they’ve posted a review for the ‘Museu do Futebol’ in Brazil, giving it a whopping five stars, and a terse comment of “really nice museum”…
Wait, there’s more.
Like, literally ‘More’.
Click it.
And there’s our flag, buried in a bunch of percent signs to force the comment to collapse. 🙂
HTB{i_W4S_D_I_S_c_O_v_3_R_3_D}
Conclusion
It’s okay to give up, as long as you’re willing to learn.
Just be careful that you’re not overlooking a clue being given to you. Few things suck more than bashing your head against the wall going down a dead end for an hour when a quick re-read of the CTF details might have prevented it. 😳
