Author: Graham Thomas

Summer Time

I'm finally done with my stifling classes this semester, so I'm starting a plethora of side projects. Two of them are already on their way, Crackers and IPAtlas I'm also working on a Machine Learning project which I hope to be done with by the end of the month. Additionally, I will be starting the OSCP in a month and which will most likely consume the rest of my time this summer.   Graham

New Awesome Tool [REVSH]

Took a couple hours to figure out this tool and wrote a little write-up on the issues I found, how I solved them, and an example engagement. Props to @emptymonkey on twitter for the tool!   Installation sudo apt-get install openssl libssl-dev # Pre-req for building. git clone cd revsh nano config.h # (OPTIONAL) Set up new defaults that fit your situation. Editing the Makefile nano Makefile #EDIT THE MAKEFILE SO IT LOOKS LIKE THIS ------------------------------------- ## Linux CFLAGS = -Wall -Wextra -std=c99 -pedantic -Os -DOPENSSL LIBS = -lssl -lcrypto KEYS_DIR = keys KEY_OF_C = in_the_key_of_c IO_DEP = io_ssl.c ## Linux w/static libraries. #CFLAGS = -static -Wall -We

How to do a counting semaphore with pthread library in c++

I was struggling to find a good source of information for counting semaphore using the pthread library, so I figured I would summarize my findings here. If you have a buffer of N length you need to use and empty and full semaphore to ensure that the consumer does not consume an empty buffer and the producer does not produce into a full buffer. So! // Allocate globally sem_t sem_empty; sem_t sem_full; // Initialize to values sem_init(&sem_full, 0, 0); sem_init(&sem_empty, 0, BUFFER_SIZE); Once initialized, the threads will wait if the semaphore value is equal to 0. // For the producer sem_wait(&sem_empty); // Decrements the sem_empty value by 1 insert_item(temp); sem_post(&sem_full); // Increments the sem_full by 1 // For the consumer sem_wait(&...

HackDay VM Writeup

Please pardon the informality in this post :P First did an nmap scan on all ports. Had 22 and 8008 open. Browsed to 8008 and had a meme on the front page. Ran Nikto and found interesting robots.txt Started plugging and chugging until this one gave Navigated to vulnbank/ At this point it’s been 5 minutes and I’ve made a lot of progress. I threw a single quote into the username field and got a sql error back so I ran sqlmap. Sqlmap seemed to be able to inject into the username field, however, I wasn’t able to get any information out of it… I should probably get better at sql injection. sqlmap --url --data='username=admin' Next I tried a hydra brute force with the username admin and usi

OWASP @emptymonkey talk

Dude. This guy is awesome. Went to a talk tonight and learned about revsh. This tool is used to replace the crappy reverse shells we always get and gives you a full terminal. I am now spoiled. Not only that but the speaker continued on. He then did some black magic using and revsh to pass back a connection to his kali box. Following that, he opened a vpn...? and then got a ip for the box that he could run nmap on his kali box almost like he was on the same network. I'm definitely fudging up the explanation a bunch but I swear my understanding is deeper than I can articulate. It was really an awesome talk and I look forward to (hopefully if I can learn it) using it in my next engagement!

Rubber Ducky Script!

When I went to Toorcon this past weekend, I met Darren from hak5 (shoutout to them for making awesome products!) . After talking to him for a while, he offered me a free rubber ducky! I was super stoked because I had wanted one for a while. Sooooooo, I did something super productive, and wrote an auto-br0wner. Now, hopefully you don't know that that is. Here:!!br0wnd.jpg. So basically, the script will run and change all your desktop backgrounds to this on Mac. It's not as fast as I would like it to be, but it'll take around 10-15 seconds to change 6 desktops to that thing... Anyway, here is the script link:

Toorcon 2016

Went to Toorcon on Saturday and spent the whole day there. (10:00 to 8pm) Most of the time I spent on the CTF with a couple other people from SDHackers. I was part of the team called Ninjan0ps. I managed it single-handedly solved one 150 point challenge and help on multiple other challenges. Extra thanks to the Qualcomm guys who help put it on. Learned a ton from the people around me and has motivated me to try to participate in more CTFs on

Sudoku Solver

In an effort to be less of a potato at work, I'm trying to become a strong Ruby coder. So I decided on a project. I would write a program first with my current knowledge, then take a course, and then refactor my code using what I have learned. Anyway, fast forward to today and that project has just been finished. I really learned a lot from this project and I coded it to the best of my current ability. If anyone has time I would really like feedback on how to make it better, or if I did something a bad way please let me know. P.S. Can't solve every puzzle :P

Intuit Internship

The first day of Defcon, I was the noob so I got to get up at 4 in the morning to get in line for badges! Buying 12 badges during looks really funny btw. The next morning I get a call from the Intuit recruiter who offered me an internship position. It's been about a month since then and I can honestly say I have learned more here in the first month than I have teaching myself in the past year. Everything is amazing and I'm extremely lucky to have this opportunity to work with and under the people there.   Graham

August Update and Mouse Jacking

Alright. Once again, a bunch of stuff has happened. First, Defcon and Bsides were a blast even though I was under 21 in Vegas for a week. Meeting people in the field listening to talks, everything was so cool. One talk that really got me excited was the mousejacking talk. Not only was it a super cool way to hack a mouse, the speaker also creating firmware and a pretty helpful guide with helping you get started on the mousejacking stuff yourself! So I bought a drone receiver and flashed the firmware to it and began messing around. The tools he provided people with were a sniffer and scanner. But none of the tools had packet injection built in. So I wrote one! I stole the rubber ducky syntax and wrote an algorithm to convert Letters to packets and then injected them. After I was done I...