Poc || GTFO - IPFS edition Weekend hackathon completed

Hackerspace Software Development
#1

Weekend hackathon completed and just launched http://hireme.dwightaspencer.com. Rename the result to a pdf, get a resume. rename to .jar and run get my website.

tenor

#ipfs #hackathon #POC #devops

Version 1.0.0 code base will be used on xmcore and midnight hacker CTF events.

Additional Details

This project has been setup as a weekend hackathon to create a Polyglot Resume for Dwight Spencer. Three “cookies” or flags are located in this file and one can find in various ways.

Project Goals

- Demonstrate CICD pipeline creations
- Demonstrate Docker based CICD builds for local development
- Develop universal release pipeline for IPFS
- Develop universal github assets pipeline
- Reuse codebase as a polyglot release framework for CTFs held at Dallas Makerspace, 2600, and MLH.io events.

Roadmap

0.0.1

- Polyglot jar/pdf file

0.1.0

- Self extracting jar file

1.0.0

- troff created pdf documents
- zipnote for filegate.txt
- FILE_ID.DIZ and other base items from releases.zip on XM Core.
Critical .zip vulnerabilities? - Zip Slip and ZipperDown
#2

I can’t understand enough of this to be impressed.

What does this mean in Plain English?

#3

wait… your actually going to make me give away the magic golden egg?

fine… give me a moment to post up the asciinema

#4

Video Demo

Details for version 1.0.0 and file formats:

  • FILE_ID.DIZ format is used by software to automatically detail what a ‘release’ contains.
  • filegate.txt - a text file used to denote source distribution group added by zipnote and common to denote which fidonet style distribution network one released the zip from or as a meta data tag of some sort.
  • Jar files are just zip files with a java centric structure. But nothing prevents one from using this to distribute ANYTHING.
  • Polyglot files are files that hold other files while still operating as another file. Think Steganography but on layers above that.

Usages

  • Legitimate usages; like the one in this POC, the same pdf (zine, presentation, whatever) is also the demo, is also the installer. Build an multios/multiarch go app, include the tutorial manual and both are the same file.
  • CTF training (what we’ll be using this for in the future and with the Datagram Packet Show on Youtube) and Zine releases
  • Black/Grey hats already can figure this one out… :wink: if not think badusb but digital [also have fun learning from this but what you do with this is on you.]
  • More impressive Business cards at Conventions; plasma torched paper is fun to look at but able to tell your attendees to rename the slide sheet to .jar and they get the get a tech demo, presentation pdf, and early release in on file goes a long ways to impress.
  • … your suggestions below
1 Like