Matthew Closson mclosson

## wire_transfer.c
/* Welcome freedom fighter.  The liberation front has gained access to the
 * source code for a wire transfer program used by FIRST NATIONAL CYBER, a
 * bank used by the alliance for oppression and we need you to find a
 * vulnerability in this program and stea... er liberate the funds from an
 * operative named prince_john.
 *
 * The bank programmers have attempted to put in a number of defensive checks
 * to prevent abuse of the bank wire network, and we cannot modify the
 * program source code without risking detection but we suspect that deadlines
 * and corporate training programs have left them without the motivation

## good_enough_password.c
/* You can successfully authenticate to this program by entering the password
 * as seen in the code below, or by doing something else.  What is it and why?
 *
 * $ make good_enough_password
 * $ ./good_enough_password
 * Enter password:
 *
 * Hint: The problem is worse on a 32bit platform.  To compile for 32bit on OSX
 * $ cc -m32 -o good_enough_password good_enough_password.c
 * $ ./good_enough_password

## client.rb
require 'httparty'
require 'json'

module Pipedrive
  class Client

    def initialize(api_token)
      self.api_token = api_token
    end

## euler1.s
# https://projecteuler.net/problem=1
# sum the nautural numbers below 10 that are multiples of 3 or 5

.section .text
.globl _start

_start:
  pushl $1 # counter
  pushl $0 # sum

## Set.java
import java.util.*;

public class Set {
  private List values = new ArrayList();

  public Set(int[] inputSet) {
    for (int i = 0; i < inputSet.length; i++) {
      boolean exists = values.contains(inputSet[i]);
      if (!exists) {
        this.values.add(inputSet[i]);

## google_client.rb
require 'httparty'
require 'minitest/autorun'
require 'minitest/mock'

class GoogleClient

  BASE_URI = "http://google.com"

  attr_writer :http_client

## google_client.rb
require 'httparty'
require 'minitest/autorun'
require 'minitest/mock'


require 'httparty'

class GoogleClient

  BASE_URI = "http://google.com"

## google_client.rb
require 'httparty'
require 'minitest/autorun'
require 'minitest/mock'


require 'httparty'

class GoogleClient

  BASE_URI = "http://google.com"

## authpf-rules.sh
#!/bin/sh
#
#  authpf-rules: this needs a better name (authpfconf?)
#
#  Generate per user rules for authpf based on the groups a user is a member of.
#  If the user is a member of the engineering & support groups then they should
#  get access to the hosts in the associated pf tables upon authenticating.
#
#  Example:
#

## timeout.c
/*
 *  timeout - application to check a list of users against the current time
 *  and return a message on whether each user is authorized to login to the
 *  system during this time on a FreeBSD system.
 *
 *  These time frames are configured in the /etc/login.conf or the user's
 *  ~/login.conf files for their class of user.  The login application will
 *  check these allowed or denied time lists and prevent the user from logging
 *  in during unauthorized times however users whom are already logged in will
 *  be able to remain logged in regardless of the time.
	/* Welcome freedom fighter. The liberation front has gained access to the
	* source code for a wire transfer program used by FIRST NATIONAL CYBER, a
	* bank used by the alliance for oppression and we need you to find a
	* vulnerability in this program and stea... er liberate the funds from an
	* operative named prince_john.
	*
	* The bank programmers have attempted to put in a number of defensive checks
	* to prevent abuse of the bank wire network, and we cannot modify the
	* program source code without risking detection but we suspect that deadlines
	* and corporate training programs have left them without the motivation
	/* You can successfully authenticate to this program by entering the password
	* as seen in the code below, or by doing something else. What is it and why?
	*
	* $ make good_enough_password
	* $ ./good_enough_password
	* Enter password:
	*
	* Hint: The problem is worse on a 32bit platform. To compile for 32bit on OSX
	* $ cc -m32 -o good_enough_password good_enough_password.c
	* $ ./good_enough_password
	require 'httparty'
	require 'json'

	module Pipedrive
	class Client

	def initialize(api_token)
	self.api_token = api_token
	end
	# https://projecteuler.net/problem=1
	# sum the nautural numbers below 10 that are multiples of 3 or 5

	.section .text
	.globl _start

	_start:
	pushl $1 # counter
	pushl $0 # sum
	import java.util.*;

	public class Set {
	private List values = new ArrayList();

	public Set(int[] inputSet) {
	for (int i = 0; i < inputSet.length; i++) {
	boolean exists = values.contains(inputSet[i]);
	if (!exists) {
	this.values.add(inputSet[i]);
	require 'httparty'
	require 'minitest/autorun'
	require 'minitest/mock'

	class GoogleClient

	BASE_URI = "http://google.com"

	attr_writer :http_client
	#!/bin/sh
	#
	# authpf-rules: this needs a better name (authpfconf?)
	#
	# Generate per user rules for authpf based on the groups a user is a member of.
	# If the user is a member of the engineering & support groups then they should
	# get access to the hosts in the associated pf tables upon authenticating.
	#
	# Example:
	#
	/*
	* timeout - application to check a list of users against the current time
	* and return a message on whether each user is authorized to login to the
	* system during this time on a FreeBSD system.
	*
	* These time frames are configured in the /etc/login.conf or the user's
	* ~/login.conf files for their class of user. The login application will
	* check these allowed or denied time lists and prevent the user from logging
	* in during unauthorized times however users whom are already logged in will
	* be able to remain logged in regardless of the time.