Sometimes, when working with Java payloads, it might be necessary to switch to a different Java version or use specific version in order to run a program. Recently I needed to switch from OpenJDK version 17 to 11 in order to get a ysoserial payload to generate. One of the suggestions available when researching this was to use alternatives to switch versions, but this seems like a relatively permanent solution to a temporary problem.

The box “Sau” was just retired on HackTheBox. This was an interesting box because you have to chain together a couple of exploits in order to get a shell, but overall, it is not a very difficult box. Sau means “pig” in German, but the box was created by sau123 so maybe the box name is related to his username. Enumeration I started off with an nmap full port scan. One thing to notice from the scan is that port 80 appears closed, and in nmap is indicating that is behaving differently.

Kerbrute When pentesting active directory boxes, sometimes you have to brute force some domain accounts. It is possible to do this with netexec ( formerly crackmapexec ), but Kerbrute is usually faster and produces less noise. I liked using kerbrute for password spraying. Unfortunately, kerbrute did not have a build available for arm64. The only builds were for x86 and x64. The last release from project was a few years ago, maybe before the era where ARM macbooks became so good at running VMs.

Recently, I discovered that I can create an iOS shortcut step to connect to an SSH server and run a script. This is similar to how the SSH client can run a program when you specify a command as an argument to SSH when connecting. Doing this, I can create a script that reads standard input as input to the program, which is analogous to the same way as a CGI script can handle POST data.

I recently undertook a project to get conected to my devices from my phone. My goal is to be able to SSH from aywhere. I’m currently writing this in vim from a terminal on my phone connected to a laptop across the room over the internet, without forwarding any ports on my router. I have a Samsers Foldable Bluetooth Keyboard that I bought from amazon. It allows me to type on the phone like a terminal, but it folds up into roughly the size of a phone itself so I can carry it around.

CTF link: https://tuctf.com/ challenge files: https://github.com/nicholas-long/environment/blob/main/zet/20231203212512/README.md Solving the TUCTF23 State of the Git Challenge The TUCTF23 challenge took place recently and ended on 2023-12-03. In it, there was a forensics challenge which included some git commands and some data analysis. The challenge says we should check if any secrets are exposed in their git repository. This challenge comes as a tar.gz file. Because of the name and nature of the challenge, I immediately checked if it was a git repository, and it was.

Link to script to OCR text content displayed on the screen of youtube videos Motivation for Project It would be neat to be able to search the text content displayed on the screen of any youtube videos. In order to do that, you would have to run optical character recognition (OCR) on the frames of the video. I watch a lot of hacking walkthroughs from ippsec where most of the videos feature terminal output.

I like having a splash screen with ASCII art. A lot of people like using neofetch, but I like putting my own art there. Either way, it is very simple to configure. Bash and Zsh both load RC files from your home directory when they launch, .bashrc and .zshrc respectively. These are just scripts that get loaded full of setup commands to run before running your commands in the interactive terminal.

Motivation for the Project In web penetration testing, it is commonplace to write quick and dirty python scripts to perform a web requests. Burpsuite has a feature to copy a request as a valid curl command that you can run to recreate an identical HTTP request. This command is a valid bash command that could then be used to create a bash script to perform the same request. What if there was also a way to automatically generate a boilerplate python requests script that sets all appropriate headers, cookies, and post content?

Description of the Problem When trying a reverse shell payload, you want to remove as many variables as possible. Often it must be injected in the middle of a series of broken quotes or special characters. It would be beneficial to remove as many special characters as possible. Base64 consists of an alphabet of uppercase, lowercase, numbers, and special symbols like plus signs. These speical characters have meaning in web payloads, where form encoding or json special characters may mean you have to alter your payload to work properly in the context where you paste it.