CNO Day 4 Metasploitable

Awesome tip #1: In metasploit console (msfconsole), once you have loaded up an exploit, take show payloads for a spin. This will show all payloads that are compatible with the given exploit. Awesome! Today we got the chance to work on Metasploitable 3, a Windows VM with a number of vunerability and flags (15ish of them). Its a great way to take this knowledge and apply it to an actual machine.
Read more →

CNO Day 3 PrivEsc

Privilege Escalation. Basics On Windows, SYSTEM is the highest privilege possible. Local Administrators can effectively get SYSTEM privileges. On Linux, root (uid=0) is the highest privilege possible. Regular users can escalate to root privileges on demand (i.e. sudo). Techniques Kernel exploits - leverage a flaw in the OS. Vunerabilty is determined by researching kernel version, patch levels. Tend to be patched quickly. High privileged programs - get a program running at a higher privilege to execute your code.
Read more →

CNO Day 2 Exploitation

Exploitation An exploit is some software which leverages a vunerability to perform an action. Important to differientiate the payload from the exploit. A payload is something executed via an exploit. Finding Exploits Exploit DB Google SearchSploit - a local mirror of exploit-db; useful for local cached copies. For example CVE-2008-4250, maybe assigned different vendor specific labels. In this case MSE08-067, by searching Google and heading to the Microsoft security bullitin:
Read more →

CNO Day 1 Enumeration

Covers basics starting with enumeration. There is a process to exposing vunerabilities. Not a linear process. Imposter syndrome is huge in this field, due to the complexity of the field, and how many domains it covers. The anatomy of a hack (EEE); Enumeration, Exploitation, Escalation There are multiple ways to do one thing, for example to figure out if the sshd daemon is running you could: Check if port 22 is listening netstat -tlp Check if the sshd process is running Try to ssh connect to the daemon List the running services through systemd Tools Tools to grok:
Read more →

Beyond Compare

Installation on Linux is well documented. wget https://www.scootersoftware.com/bcompare-4.2.4.22795.x86_64.rpm su rpm –import https://www.scootersoftware.com/RPM-GPG-KEY-scootersoftware yum install bcompare-4.2.4.22795.x86_64.rpm On my Fedora 27 box, I found the launcher bash /usr/bin/bcompare exits with a return code of 1, if the linker cannot resolve all dependencies. BC_LIB=/usr/lib64/beyondcompare export BC_LIB EXEC=$BC_LIB/BCompare #check to see if we have all of the shared libraries. CHECK=ldd $EXEC | grep "not found" | wc -l if [ "$CHECK" -ne "0" ]; then echo Some Shared Libraries were not found ldd $EXEC exit 1 fi Dumping out the shared libs BCompare depends on:
Read more →

IRC

Last updated: Sun 04 Aug 2019 02:40:29 PM AEST Hey there, these are some of my notes about IRC in general, and the CLI client irssi. IRC Primer Internet Relay Chat (IRC) is an open protocol that uses TCP and optionally TLS. IRC was born in August 1988, by Jarkko Oikarinen at the University of Oulu in Finland. Years later, in 1993, was standardised as RFC 1459. Assigned port 194/TCP by IANA, however in practice most use 6667/TCP, and nearby ports (6660-6669, 7000).
Read more →

LCA 2018

I’m a convert. This conference was incredible, with passionate presenters, excellent content with an amazing inclusive and friendly community vibe. Most sessions are available on YouTube. Things I am inspired to do post LCA 2018: Setup ctags with Vim. Think ‘go to definition’ for Vim, with support for 40+ langs. Specifically Exuberant Ctags and unite-tag. Play with more kernel syscalls (like ptrace). Signal processing and logic analyser lab and kit.
Read more →

PKI

Some of my (and others) notes of managing PKI with the excellent openssl. Its simple and just works. To get going will create a root CA (Certificate Authority) and an intermediate signing CA. Using the CA’s will issue three keypairs; one for email protection, one for TLS, and one for digital signatures. The digital signature keypair will be presented in the form of a CSR (Certificate Signing Request), as if generated by a third party that would like a keypair, signed by our CA hierarchy.
Read more →

Ansible

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications. Automate in a language that approaches plain English, using SSH, with no agents to install on remote systems. With Ansible and its amazing module ecosystem, you describe what needs to be accomplished (i.e. declarative), rather than describing how to accomplish each step (i.
Read more →

Vagrant

When something becomes messy in the software industry, we have the habit of tucking the problems away behind abstractions. To me Vagrant is simply an abstraction layer for working with a range of hypervisors (libvirt, VirtualBox, VMWare, Hyper-V, Docker and more), in a reliable and consistent manner. By articulating VM’s as a simple text based (Ruby) configuration file, a Vagrantfile, achieve greater simplicity, portability across systems, and consistency which could theoretically be used with any virtual environment running on top of any other system.
Read more →

systemd

Cheatsheet ========================================== ========================================== INFORMATION LOGS ========================================== ========================================== systemctl journalctl list-dependencies -u <name> by service list-sockets -f follow live log list-jobs -k kernel messages list-unit-files -k kernel messages list-units -r reverse (newest first) get-default -o json format output –type=service –all -b -1 from previous boot -n 10 limit output lines (tail) ========================================== -S,–since e.g "2012-10-30 18:17:16" SERVICES -U,–until e.g. "10 min ago" ========================================== systemctl ========================================== stop <name> SYSTEM STATES start <name> ========================================== restart <name> reload <name> systemctl status <name> reboot reboot.
Read more →

Computer Heros

Some heros in the world of computer science. Founding Fathers (pre 1960) George Boole (1815 - 1864) Boolean algegra. Papers The Mathematical Analysis of Logic (1847), and An Investigation of the Laws of Thought (1854). Friedrich Ludwig Gottlob Frege (1848 - 1925) Analytic philosophy. Developed modern logic in the Begriffsschrift and work in the foundations of mathematics. Books The Foundations of Arithmetic, On Sense and Reference and The Thought.
Read more →

Tmux Quick Reference

Kudos to afair for putting together this neat Tmux Cheat Sheet, which I’m addicted to at the moment. ========================================== ========================================== TMUX COMMAND WINDOW (TAB) ========================================== ========================================== List tmux ls List ^b w New -s <session> Create ^b c Attach att -t <session> Rename ^b , <name> Rename rename-session -t <old> <new> Last ^b l (lower-L) Kill kill-session -t <session> Close ^b & ========================================== Goto # ^b <0-9> CONTROLS Next ^b n ========================================== Previous ^b p Choose ^b w <name> Detach ^b d List ^b = ========================================== Buffer ^b <PgUpDn> PANE (SPLIT WINDOW) Command ^b : <command> ========================================== Copy ^b [ .
Read more →

DIY Computer Part 5 Machine Architecture

A continuation of my participation in the amazing Nand2Tetris course, by Noam Nisan and Shimon Schocken, now running on Coursera. Related posts: DIY Computer Part 1 The NAND Gate DIY Computer Part 2 The ALU DIY Computer Part 3 Memory DIY Computer Part 4 Machine Language Now armed with the necessary elementary logic gates and chips, are now ready to assemble a general purpose computer. Using a finite amount of hardware, it will be capable of performing practically an infinite number of tasks (e.
Read more →

Nerd Links

Contents Miscellaneous GNU/Linux Networking Software Engineering and Architecture Containers DevOps and Cloud C Java Vim Security Databases Web #Miscellaneous Google Open Source 2000+ OSS projects managed by Google NSA on GitHub GNU/Linux journal-triggerd runs trigger on systemd’s journal messages. An In-Depth Guide to iptables covers pretty much every angle of iptables, from basic rules to NAT’ing to protocols and interfaces. How to automatically execute shell script at startup boot on systemd mdadm Cheat Sheet practical commands when running software raid on Linux sed One Liners huge collection of useful sed examples Async IO on Linux: select, poll, and epoll thorough write-up on ‘select’, ‘poll’ and ‘epoll’ system calls, and how to measure them.
Read more →

Operational PGP

A practical guide about doing secure email the right way with PGP. I did not write this guide. Credits to the author grugq. Original source. In case this guide goes missing in the future, wanted to preserve it for my own future reference. Operational PGP This is a guide on how to email securely. There are many guides on how to install and use PGP to encrypt email. This is not one of them.
Read more →

GNU/Linux Commands

A survey of the standard and high quality programs that feature in most Unix based distributions, with the GNU variants being my favourite. The bash shell is a great way of interfacing and orchestrating these beautifully crafted programs. As a starting point, I’ve listed out each utility offered by the amazing GNU Core Utilities and util-linux umbrella projects; considered defacto standard on most distributions. Contents Quick Reference General System Information Directory Navigation File Searching Archiving and Compression Networking Text Manipulation Set Operations Windows Networking Monitoring and Debugging Disk Space CDs Locales Dates and Times Finding Documentation Manual Pages Appropriate Commands whatis GNU Info Entry /usr/share/doc Documentation RPM bundled documentation Examples grep cut sort tr wc tar rsync sed awk ssh (Secure Shell) wget BFL of Common Programs Resources Quick Reference General apropos compress | Show commands that relate to a keyword man -t ascii | ps2pdf - > ascii.
Read more →

C

If you need a compiler and build system, my post on make and GCC could be handy. Philosophy Rob Pike’s 5 Rules of Programming Source You can’t tell where a program is going to spend its time. Bottlenecks occur in surprising places, so don’t try to second guess and put in a speed hack until you’ve proven that’s where the bottleneck is. Measure. Don’t tune for speed until you’ve measured, and even then don’t unless one part of the code overwhelms the rest.
Read more →

Shay Banon on Innovation

Some great wisdom imparted by Shay Banon (creator of Elasticsearch). Be bored. To promote innovation. Open source and building a critical mass. Be committed. You need to care for it now; IRC, forums, negative feedback, bugs. The benevolent dicator model (BDM) versus the democracy with a leader model. Be distributed. Choose a useful (and normally hard) problem to solve. Best way to learn is to actually build something. Double down on passion.
Read more →

make

A small orientation guide, to getting a gcc and make C development environment running. Assuming everything is installed on your system. Example source tree (physical organisation) is as follows: seething ├── include │ ├── allheads.h │ ├── engine │ │ └── safe_sum.h │ ├── logger.h │ ├── one_loney_integer.h │ └── person.h ├── src │ ├── engine │ │ └── safe_sum.c │ ├── logger.c │ ├── main.c │ ├── person.c │ └── person_tests.
Read more →

Architecture

A collection of software concepts I plan to apply to some up coming projects. Some fundamental philosophies: Automation everywhere. A clean (agnostic) contract with the underlying operating system, promoting portability between execution environments. Can scale without major changes to tooling, architecture or development. Smallest possible delta between development and production, enabling continuous integration. Deployment Processes are first class citizens. Execute the application as one or more stateless processes.
Read more →

soapUI mock bug

Today I stumbled onto interesting soapUI quirk, involving a combination of mock services, SOAP 1.2 and multipart message definitions. In essence, the soapUI mock service will always return an HTTP 500, with the following response: {% highlight xml %} soap:Body soap:Fault soap:Code soap:ValueServer/soap:Value /soap:Code soap:Reason Missing operation for soapAction [http://services.net.bencode/wsdl/2016/06/01/retrievecoolnesslevelrequest] and body element [{http://services.net.bencode/wsdl/2016/06/01}retrieveCoolnessLevelRequest] with SOAP Version [SOAP 1.2]/soap:Text /soap:Reason /soap:Fault /soap:Body /soap:Envelope {% endhighlight %} Sigh. Thankfully some legend known as fyerf posted a solution on the smartbear community forums.
Read more →

DIY Computer Part 4 Machine Language

A continuation of my participation in the amazing Nand2Tetris course, by Noam Nisan and Shimon Schocken, now running on Coursera. In this course you will build a modern computer system, from the ground up. We’ll take you from constructing elementary logic gates all the way through creating a fully functioning general purpose computer. In the process, you will learn how really computers work, and how they are designed.
Read more →

bash

Bash is a Unix shell written by Brian Fox in 1989 for the GNU Project as a free replacement for the Bourne shell. To this day, Bash remains one of the most powerful and ubiquitous scripting tools on the planet. Contents Useful Shortcuts Initialisation Shell Grammar Variables Local variables Environment variables Positional arguments Expansions Brace expansion Command substitution Arithmetic expansion Double and single quotes Stream Redirection Arrays Conditions if statements case statements Loops For Loops Select Loops While Loops Until Loops Functions Coprocesses Builtins Bash Recipes Top 6 largest things in the current directory Display the 23rd line of /etc/passwd Filter the first column from process status Delete Subversion scrap files Move shell scripts and mark them as executable Pattern matching Scan code base against list of patterns Rename Multiple Files Run a command every time a file is modified Keep a program running after leaving SSH session Resources Kudos to Denys Dovhan and his awesome Bash handbook.
Read more →

Classloaders

First some kudos and credits to the below. None of the material in this post is original, and I have documented it for my personal learning. Please refer to the below original (and superior) articles. ZeroTurnaround’s Jevgeni Kabanov awesome and most practical Do You Really Get Classloaders? Oracle’s A Sundararajan Understanding Java class loading All the way from 1996 by Chuck Mcmanis The basics of Java classloaders Hello java.
Read more →