I'm finally done with my stifling classes this semester, so I'm starting a plethora of side projects. Two of them are already on their way, Crackers and IPAtlas http://github.com/grahammthomas. I'm also working on a Machine Learning project which I hope to be done with by the end of the month. Additionally, I will be starting the OSCP in a month and which will most likely consume the rest of my time this summer. Graham
Took a couple hours to figure out this tool and wrote a little write-up on the issues I found, how I solved them, and an example engagement. Props to @emptymonkey on twitter for the tool! https://github.com/emptymonkey/revsh.git Installation sudo apt-get install openssl libssl-dev # Pre-req for building. git clone https://github.com/emptymonkey/revsh.git cd revsh nano config.h # (OPTIONAL) Set up new defaults that fit your situation. Editing the Makefile nano Makefile #EDIT THE MAKEFILE SO IT LOOKS LIKE THIS ------------------------------------- ## Linux CFLAGS = -Wall -Wextra -std=c99 -pedantic -Os -DOPENSSL LIBS = -lssl -lcrypto KEYS_DIR = keys KEY_OF_C = in_the_key_of_c IO_DEP = io_ssl.c ## Linux w/static libraries. #CFLAGS = -static -Wall -We
I was struggling to find a good source of information for counting semaphore using the pthread library, so I figured I would summarize my findings here. If you have a buffer of N length you need to use and empty and full semaphore to ensure that the consumer does not consume an empty buffer and the producer does not produce into a full buffer. So! // Allocate globally sem_t sem_empty; sem_t sem_full; // Initialize to values sem_init(&sem_full, 0, 0); sem_init(&sem_empty, 0, BUFFER_SIZE); Once initialized, the threads will wait if the semaphore value is equal to 0. // For the producer sem_wait(&sem_empty); // Decrements the sem_empty value by 1 insert_item(temp); sem_post(&sem_full); // Increments the sem_full by 1 // For the consumer sem_wait(&...
Please pardon the informality in this post :P First did an nmap scan on all ports. Had 22 and 8008 open. Browsed to 8008 and had a meme on the front page. Ran Nikto and found interesting robots.txt Started plugging and chugging until this one gave Navigated to vulnbank/ At this point it’s been 5 minutes and I’ve made a lot of progress. I threw a single quote into the username field and got a sql error back so I ran sqlmap. Sqlmap seemed to be able to inject into the username field, however, I wasn’t able to get any information out of it… I should probably get better at sql injection. sqlmap --url http://192.168.1.235:8008/unisxcudkqjydw/vulnbank/client/login.php --data='username=admin' Next I tried a hydra brute force with the username admin and usi
Dude. This guy is awesome. Went to a talk tonight and learned about revsh. This tool is used to replace the crappy reverse shells we always get and gives you a full terminal. I am now spoiled. Not only that but the speaker continued on. He then did some black magic using mimic.sh and revsh to pass back a connection to his kali box. Following that, he opened a vpn...? and then got a ip for the box that he could run nmap on his kali box almost like he was on the same network. I'm definitely fudging up the explanation a bunch but I swear my understanding is deeper than I can articulate. It was really an awesome talk and I look forward to (hopefully if I can learn it) using it in my next engagement!
When I went to Toorcon this past weekend, I met Darren from hak5 (shoutout to them for making awesome products!) . After talking to him for a while, he offered me a free rubber ducky! I was super stoked because I had wanted one for a while. Sooooooo, I did something super productive, and wrote an auto-br0wner. Now, hopefully you don't know that that is. Here: grahamthomas.net/!!br0wnd.jpg. So basically, the script will run and change all your desktop backgrounds to this on Mac. It's not as fast as I would like it to be, but it'll take around 10-15 seconds to change 6 desktops to that thing... Anyway, here is the script link: https://github.com/GrahamMThomas/Get-Br0wnd.
Went to Toorcon on Saturday and spent the whole day there. (10:00 to 8pm) Most of the time I spent on the CTF with a couple other people from SDHackers. I was part of the team called Ninjan0ps. I managed it single-handedly solved one 150 point challenge and help on multiple other challenges. Extra thanks to the Qualcomm guys who help put it on. Learned a ton from the people around me and has motivated me to try to participate in more CTFs on ctftime.org
In an effort to be less of a potato at work, I'm trying to become a strong Ruby coder. So I decided on a project. I would write a program first with my current knowledge, then take a course, and then refactor my code using what I have learned. Anyway, fast forward to today and that project has just been finished. https://github.com/GrahamMThomas/SudokuSolver I really learned a lot from this project and I coded it to the best of my current ability. If anyone has time I would really like feedback on how to make it better, or if I did something a bad way please let me know. P.S. Can't solve every puzzle :P
The first day of Defcon, I was the noob so I got to get up at 4 in the morning to get in line for badges! Buying 12 badges during looks really funny btw. The next morning I get a call from the Intuit recruiter who offered me an internship position. It's been about a month since then and I can honestly say I have learned more here in the first month than I have teaching myself in the past year. Everything is amazing and I'm extremely lucky to have this opportunity to work with and under the people there. Graham
Alright. Once again, a bunch of stuff has happened. First, Defcon and Bsides were a blast even though I was under 21 in Vegas for a week. Meeting people in the field listening to talks, everything was so cool. One talk that really got me excited was the mousejacking talk. Not only was it a super cool way to hack a mouse, the speaker also creating firmware and a pretty helpful guide with helping you get started on the mousejacking stuff yourself! So I bought a drone receiver and flashed the firmware to it and began messing around. The tools he provided people with were a sniffer and scanner. But none of the tools had packet injection built in. So I wrote one! I stole the rubber ducky syntax and wrote an algorithm to convert Letters to packets and then injected them. After I was done I...