webserver

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@dextradata.com>

steganography/exif-metadata/notes.org

@@ -0,0 +1,30 @@
+* EXIF - Metadata
+
+
+Aufgabe
+
+Unser trauriger Freund Pepo hat sich verlaufen! Kannst du herausfinden, wo er ist?
+
+Das Kennwort ist die Stadt, in der sich pepo befindet.
+
+#+begin_src sh
+  exiftool ch1.png.1
+  # ...
+  # GPS Latitude                    : 43 deg 17' 56.27" N
+  # GPS Longitude                   : 5 deg 22' 49.38" E
+  # GPS Position                    : 43 deg 17' 56.27" N, 5 deg 22' 49.38" E
+  # ...
+
+#+end_src
+
+DMS:
+#+begin_quote
+# GPS Latitude                    : 43 deg 17' 56.27" N
+# GPS Longitude                   : 5 deg 22' 49.38" E
+# GPS Position                    : 43 deg 17' 56.27" N, 5 deg 22' 49.38" E
+#+end_quote
+
+DD:
+#+begin_quote
+43.2989639,5.380383333333333 -> 79XJ+H5J Marseille, France
+#+end_quote

steganography/exif-thumbnail/notes.org

@@ -0,0 +1,66 @@
+* EXIF - Thumbnail
+
+Task
+
+Find the password hidden in this JPG image.
+
+[[./ch10.jpg]]
+
+#+begin_src sh
+exiftool ch10.jpg -b > thumbnail.bin
+#+end_src
+
+** Full process
+
+1) Checked metadata in the original image:
+
+#+begin_src sh
+exiftool ch10.jpg
+#+end_src
+
+Key findings:
+- `Thumbnail Offset: 202`
+- `Thumbnail Length: 41506`
+
+2) Extracted the correct thumbnail from EXIF:
+
+#+begin_src sh
+exiftool -b -ThumbnailImage ch10.jpg > thumb_extracted.jpg
+file thumb_extracted.jpg
+exiftool thumb_extracted.jpg
+#+end_src
+
+Result:
+- `thumb_extracted.jpg` is a valid JPEG (600x339)
+- it also contains another EXIF thumbnail (`Thumbnail Length: 15957`)
+
+3) Extracted one level deeper:
+
+#+begin_src sh
+exiftool -b -ThumbnailImage thumb_extracted.jpg > thumb2.jpg
+file thumb2.jpg
+exiftool thumb2.jpg
+#+end_src
+
+Result:
+- `thumb2.jpg` is a JPEG (300x300)
+- JPEG comment: `We need to go deeper`
+
+4) Extra checks (stego tools unavailable in this environment):
+
+#+begin_src sh
+steghide info thumb2.jpg
+binwalk thumb2.jpg
+#+end_src
+
+Both commands were not installed in this environment.
+
+5) Opened/read the image content of `thumb2.jpg` directly.
+
+The text visible in the image:
+
+`The flag is: B33r!sG00d!`
+
+** Flag
+
+`B33r!sG00d!`

web-server/html-source-code/index.html

@@ -0,0 +1,33 @@
+<html><body><link rel='stylesheet' property='stylesheet' id='s' type='text/css' href='/template/s.css' media='all' /><iframe id='iframe' src='https://www.root-me.org/?page=externe_header'></iframe>
+
+<!--
+
+Bienvenue sur ce portail,
+Welcome on this portal,
+
+J'espère que vous passerez un agréable moment parmi nous, mais surtout que vous repartirez plein de choses dans la tête...
+I hope that you will enjoy your time among us, and above that all you will leave with lots of things in the head ...
+
+@ très bientôt
+See ya
+
+-->
+<h1>Login v0.00001</h1>
+
+<form>
+    Password&nbsp;<input type="password" value="" name="password"/><br/>
+    <input type="submit" value="login" />
+</form>
+
+
+
+
+
+<!--
+                                                                                                                                                                                                                                                        Je crois que c'est vraiment trop simple là !
+                                                                                                                                                                                                                                                            It's really too easy !
+                                                                                                                                                                                                                                                                 password : nZ^&@q5&sjJHev0
+
+-->
+
+</body></html>

web-server/html-source-code/notes.org

@@ -0,0 +1,10 @@
+
+* HTML - Source code
+
+Suchen Sie nicht zu weit weg
+
+[[./index.html]]
+
+#+begin_src :results output
+rg password
+#+end_src