五年養成計畫

我現在都已經讀到大學四年級了

開始要找實習的時候才發覺到自己的履歷看起來一點都不亮眼

拜讀了這位大神的部落格後決定要開始振作

http://lucida.me/blog/on-learning-algorithms/

以前大學總是渾渾噩噩的

什麼東西都是東摸西摸

覺得拿個及格分數就很滿意了

從現在大學四年級開始到碩一再加上三年的研替

總共五年的時間能夠重整一下自己的基礎

以下是書單(會不定時的更新):

程式設計師的自我修養

http://www.books.com.tw/products/0010456858

Trace QIRA(1)-directory tree and package

Some tools

---

• sourcetree ( https://www.sourcetreeapp.com/ )
• git cola ( https://git-cola.github.io/ )

Installation

---

• Now version is v1.1
• install.sh will install qira
• qemu_build.sh will install qemu
• fetchlibs.sh will fetch the libraries for i386, armhf, armel, aarch64, mips, mipsel, and ppc
• pin_build.sh will install the QIRA PIN plugin, allowing –pin to work

Debian Packages

---

• build-essential : essential to build Debian packages
• python-dev python-pip : Python
• debootstrap : a tool which will install a Debian base system into a subdirectory of another
• debian-archive-keyring : key for GnuPG
• libjpeg-dev : C library for reading and writing JPEG images
• zlib1g-dev : zlib is a library implementing the deflate compression method found in gzip and PKZIP
• unzip : tool to decompress zip file
• wget : network utility to retrieve files from the Web using http and ftp
• graphviz : Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks.
• curl : command line tool for transferring files with URL syntax
• Capstone : disassembly framework
• Virtualenv : tool to create isolated Python environments

Python Packages

---

• Six : Python 2 and 3 Compatibility Library
• html : simple, elegant HTML, XHTML and XML generation
• flask-socketio : Flask applications access to low latency bi-directional communications between the clients and the server
• pillow : Python Imaging Library
• pyelftools : Library for analyzing ELF files and DWARF debugging information
• socketIO-client : socket.io client library for Python
• Pydot : full interface to create handle modify and process graphs in Graphviz’s dot language
• Ipaddr : library for working with IP addresses
• Capstone : disassembly framework
• Hexdump : view/edit your binary with any text editor
• Nose : nose extends unittest to make testing easier
• ./qiradb : geohot’s python module

Language used

---

I use cloc to calculate code.

http://cloc.sourceforge.net/

• Mainly use C, Python, Javascript
• C is used to qemu and disassemble
• Python is for the website
• Web framework use flask
• Flask is a microframework for Python based on Werkzeug, Jinja 2 and good intentions

http://flask.pocoo.org/

• Website use Flask-SocketIO to communicate
• Flask-SocketIO gives Flask applications access to low latency bi-directional communications between the clients and the server.
• Client-side application can use javascript library to establish a permanet connection to the server

http://flask-socketio.readthedocs.org/en/latest/

Directory Tree

---

• extra
  
  • qiradb
  • website(qira.me)
• ida
  
  • Ida plugin
• middleware
  
  • 主要放置.py
• qiradb
  
  • 以C++寫成的資料結構
• qira_tests
  
  • Test case
• releases
  
  • qira各版本
• static2
  
  • recovering static structure
• tests_auto
  
  • auto tests
• tests_manual
  
  • tests manual
• tracers
  
  • pin
  • angr
  • qemu
• web
  
  • Web application client
  • Css js

QIRA introduction

---

• QIRA is timeless debugger
• Fullname is QEMU Interactive Runtime Analyser
• QIRA was initially developed at Google by George Hotz. Work continues at CMU.

QIRA website :

http://qira.me/

QIRA github :

https://github.com/BinaryAnalysisPlatform/qira

Usage

How to make ida plugin work

• Testing environment is on Windows 10 enterprise with Vmware workstation Pro 12
• Install qira 1.1 on Ubuntu 15.10 and port-forwarding 3002 port
• Quick install qira and google-chrome can by following script

- git clone https://github.com/bananaappletw/Ubuntu
cd Ubuntu/
./install.sh

• And copy two files qira_ida66_windows.p64, qira_ida66_windows.plw from qira/ida/bin/ to ida pro plugins/
• Open Chrome and IDA PRO on windows 10
• It should work like this

CTF For Beginner

HITCON Community 2015演講的投影片

主題 : CTF For Beginner

要是有興趣的歡迎加入Bamboofox喔

Bamboofox網站

網路安全策進會

Ctf For Beginner from 威伯 陳

Ubuntu-For-CTF

My config

---

https://github.com/bananaappletw/Ubuntu

---

Update everything

sudo apt-get update
sudo apt-get -y upgrade

Install google-chrome

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
sudo apt-get update
sudo apt-get install -y google-chrome-stable

Install multi architecture

dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install -y gcc-multilib

Install strace, ltrace, gdb64

sudo apt-get install -y strace
sudo apt-get install -y ltrace
sudo apt-get install -y gdb64

Install pip

sudo apt-get install python-setuptools
sudo apt-get install easy_install
sudo easy_install pip
sudo pip install pwntools
sudo pip install capstone --upgrade
sudo pip install ropgadget --upgrade

vim

sudo apt-get install -y vim
cp .vimrc ~
cp .gitconfig ~
git clone https://github.com/VundleVim/Vundle.vim.git ~/.vim/bundle/Vundle.vim
vim +PluginInstall +qall
wget https://github.com/Lokaltog/powerline/raw/develop/font/PowerlineSymbols.otf https://github.com/Lokaltog/powerline/raw/develop/font/10-powerline-symbols.conf
sudo mv PowerlineSymbols.otf /usr/share/fonts/
sudo fc-cache -vf
sudo mv 10-powerline-symbols.conf /etc/fonts/conf.d/

Install qira

cd ~/
cd ~/ && wget -qO- qira.me/dl | unxz | tar x && cd qira && ./install.sh
./fetchlibs.sh 
./pin_build.sh
./cda_build.sh

Training Website

All types

---

hackerrank

https://www.hackerrank.com/domains/shell/bash

CTF

---

Bamboofox

https://bamboofox.torchpad.com/

Secure programming

http://ctf.cs.nctu.edu.tw/

W3challs

http://w3challs.com/

pwnable.kr

http://pwnable.kr/

hackthissite

https://www.hackthissite.org/

Useful-Tools

Blogger

---

Stackedit

https://stackedit.io/editor#

Slides

---

Prezi

https://prezi.com/

Slides

http://slides.com/

Ascii graph

http://asciiflow.com/

Speak

---

sm

https://github.com/chusiang/sm

CTF

---

Convert hex string

http://www.unit-conversion.info/texttools/hexadecimal/

qira

http://qira.me/

python

---

python package

numpy

Kali2-For-CTF

---

Quick installation for CTF on Kali 64bits

• strace
• ltrace
• pwntools
• gdb64
  https://github.com/Gallopsled/pwntools
• ROPgadget
  https://github.com/JonathanSalwan/ROPgadget
• Vim
• Configuration
  
  • set encoding to UTF-8
  • syntax highlight
  • close record mode
  • replace tab to space and width is 4
• Plugin
  
  • powerline
    https://github.com/Lokaltog/vim-powerline
  • airline
    https://github.com/bling/vim-airline

Installation

git clone https://github.com/bananaappletw/Kali2-For-CTF
cd Kali2-For-CTF/
./install.sh

Learn-Python

---

Getting started with python in ten minute

http://tech.marsw.tw/blog/2014/09/03/getting-started-with-python-in-ten-minute

20 lessons to learn Python

http://www.thelearningpoint.net/computer-science/learning-python-programming-and-data-structures

Hackerrank

https://www.hackerrank.com/

Ruby on Rails on Ubuntu 15.04 Desktop

---

Update and upgrade

sudo apt-get update && apt-get upgrade -y

Follow the steps

https://gorails.com/setup/ubuntu/15.04

vmtools on Kali Linux

VMTOOL

apt-get install open-vm-tools

Run both 32-bits and 64-bits program on 64-bits Kali Linux

Add architecture

dpkg --add-architecture i386

Update repository

apt-get update

Install library

apt-get install ia32-libs
apt-get install gcc-multilib

How to install Arch Linux with BIOS boot loader and GPT partition table

We are going to install 64bit arch linux with BIOS and GPT partition table and boot loader is GRUB
Arch Linux is hard to install, because it needs a lot of basic knowledge of computer
Please read the following document carefully.
If you have any question, try to figure it out until you fully understand what you are doing now.
Simple Install guide
Detail Install guide

Partition the disks

On a BIOS/GPT configuration a BIOS boot partition is required. GRUB embeds its core.img into this partition.

Assume your disk is 20GB
our partition guide is

• BIOS 1MB
• swap 1GB
• root 19GB
  

  gdisk /dev/sda
  

BIOS

n
Enter
Enter
+1M
ef02

swap

n
Enter
Enter
+1G
8200

root

n
Enter
Enter
Enter
8300
w

fs and swap

mkfs.ex4 /dev/sda3
mkswap /dev/sda2
swapon /dev/sda2

mount

mount /dev/sda3 /mnt

Install system

pacstrap -i /mnt base base-devel

Generate the fstab

genfstab -U -p /mnt >> /mnt/etc/fstab

Chroot and cofigure base system

arch-chroot /mnt /bin/bash

Locale

vi /etc/locale.gen

en_US.UTF-8 UTF-8

locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8

Time zone

ln -s /usr/share/zoneinfo/Asia/Taipei /etc/localtime

Hardware clock

 hwclock --systohc --utc

Hostname

echo bananaapple.nctucs.net > /etc/hostname

Edit /etc/hosts and add your hostname

Configure the network

systemctl enable dhcpcd.service

Set the root password

passwd

Install GRUB

pacman -S grub
grub-install --target=i386-pc --recheck --debug /dev/sdx
grub-mkconfig -o /boot/grub/grub.cfg

Unmount the partitions and reboot

exit
reboot

Ruby on Rails on Ubuntu 14.04 with apache2 and passenger

Install curl, git, nodejs

sudo apt-get install curl
sudo apt-get install git
sudo apt-get install nodejs

Install mysql

sudo apt-get install mysql-server
sudo apt-get install mysql-client
sudo apt-get install libapache2-mod-auth-mysql 
sudo apt-get install php5-mysql
sudo mysql_install_db

Install apache2

sudo apt-get install apache2
sudo apt-get install apache2-utils

Install php

sudo apt-get install php5 
sudo apt-get install php5-mysql 

Ruby on rails on Centos 7 with apache2 and passenger

Before doing following steps, please turn off selinux

vim /etc/selinux/config
find this line SELINUX=enforcing, and change to SELINUX=disabled
and reboot

Install LAMP

yum install httpd mariadb-server mariadb php php-mbstring php-mysql php-gd mysql mysql-develStart and enable phpMyAdmin
sudo yum install epel-release
sudo yum install phpmyadmin

Install rvm

gpg –keyserver hkp://keys.gnupg.net –recv-keys D39DC0E3
\curl -sSL https://get.rvm.io | bash -s stable

Use rvm install ruby

rvm install ruby
rvm –default use 2.2.0

Install rails and bundle

gem install rails
gem install bundle

Install passenger and dependency

gem install passenger
sudo yum install libcurl-devel
sudo yum install httpd-devel
sudo yum install apr-devel
sudo yum install apr-util-devel

Install passenger with apache2

passenger-install-apache2-module
Add following lines in /etc/http/conf/httpd.conf or create file /etc/httpd/conf.d/passenger.conf

LoadModule passenger_module /home/apple/.rvm/gems/ruby-2.2.0/gems/passenger-4.0.58/buildout/apache2/mod_passenger.so

<IfModule mod_passenger.c>

PassengerRoot /home/apple/.rvm/gems/ruby-2.2.0/gems/passenger-4.0.58

PassengerDefaultRuby /home/apple/.rvm/gems/ruby-2.2.0/wrappers/ruby

</IfModule>

Create new ror project

cd /var/www/html
rails new ror -d mysql
configure /var/www/html/ror/config/database.yml file

Add following lines to /etc/httpd/conf/httpd.conf

RailsEnv development
<VirtualHost *:80>
      ServerName localhost
      # !!! Be sure to point DocumentRoot to 'public'!
      DocumentRoot /var/www/html/ror/public
      <Directory /var/www/html/ror/public>
         # This relaxes Apache security settings.
         AllowOverride all
         # MultiViews must be turned off.
         Options -MultiViews
         # Uncomment this if you're on Apache >= 2.4:
         Require all granted
      </Directory>
</VirtualHost>

sudo systemctl restart httpd.service

Trouble shooting phpmyadmin not show correctly

add lines after alias

alias /phpmyadmin /usr/share/phpMyAdmin
alias /phpMyAdmin /usr/share/phpMyAdmin

<Location /phpmyadmin>
   PassengerEnabled off
</Location>
<Location /phpMyAdmin>
   PassengerEnabled off
</Location>

mac清單

brew
iterm
welly
chrome
virtual box
sublime text
filezilla
sourcetree
moom