Custom Proxmox VE LXC Images

Using Linux Containers can significantly improve deployment times to make customized instances of a system. For instance, you may want to create 10 unique instances of a system for training purposes, but don’t want to run custom code on each when it starts to generate key material, assign users, etc. Using Linux Containers can make that simple, but unfortunately it’s not always so simple to create that custom image for deployment. This post is going to cover the start to finish customization of an image (in this case, using Kali Linux) from the base image to one that can deploy in a non-privileged virtualization platform (in this case, Proxmox VE). Let’s get started!

Continue reading →

March 9, 2022 0

Hermit’s Hardware Hacking Box

Have you ever wanted to get into hardware hacking as well as offensive security, but didn’t know how to get started? Good news! For a recent meeting of the Pittsburgh Hacker’s Association I put together a presentation on how to setup the standard box I use for almost everything. It’s a dual-boot system with both Ubuntu and Kali, a shared data partition, and all the tools you could ever need pre-configured and installed. If you want to get started, just grab the PDF and get going!

Good hunting! 🙂

February 13, 2022 1

QuickHit: Things to Attack

Need a quick list of things to attack? Try these. 🙂

Buggy Web App: http://www.itsecgames.com/
Damn Vulnerable iOS App: http://damnvulnerableiosapp.com/
Damn Vulnerable Web Application: http://www.dvwa.co.uk/
Damn Vulnerable Web Services: http://dvws.professionallyevil.com/
Google Gruyere Web App: http://google-gruyere.appspot.com/
Hack This!: https://www.hackthis.co.uk/
Hack This Site: https://www.hackthissite.org/

Continue reading “QuickHit: Things to Attack” →

May 22, 2020 0

Quick-Hit: Am I Inside A Docker Container?

If you don’t know, here’s an easy way to find out…

cat /proc/self/cgroup

If you see “/docker/{hash}” following one of the outputs then yes, yes you are. A non-Docker system looks like the following:

Continue reading “Quick-Hit: Am I Inside A Docker Container?” →

February 12, 2019 0

A Primer on Social Engineering

Which is easier to accomplish? Breaking into a facility at night or breaking into that same facility during daylight working hours. Depending on your target, the answer may surprise you. Continue reading “A Primer on Social Engineering” →

November 2, 2018 0

Chuck Lumley

I maintain a modified version of Kali I use as the basis for my testing which includes a variety of extra tools, preference, references, etc. If you want a copy yourself, you can find one here:

https://drive.google.com/drive/folders/1id6hRacVUtcQRtq8zjSkxtTSE3AvxTk3?usp=sharing

Each version is named for a different character played by Henry Winkler, for the record.

Continue reading “Chuck Lumley” →

July 21, 2018 1

Quick ASCII Binary Tools

Just going to leave this here (and here) in case anyone needs a quick set of source-able functions to make quick ASCII->Binary and Binary->ASCII conversions from Linux command lines. 🙂

Continue reading “Quick ASCII Binary Tools” →

June 20, 2018 0

Benedict Slade

I maintain a modified version of Kali I use as the basis for my testing which includes a variety of extra tools, preference, references, etc. If you want a copy yourself, you can find one here:

https://drive.google.com/open?id=1X0IHNuRCWjHoQdvQUaEwWoDLKEB1_5ti

Continue reading “Benedict Slade” →

May 12, 2018 0

CTF-Tools

I’ve started tracking individual CTF and other tools that I typically add to distributions to my standard GitHub. If you want/need to pull any of these they are located here:

https://github.com/hermit-hacker/ctf-tools

May 12, 2018 0

MSF Fundamentals 2017 (Part 3 of 3) – Pivoting and Automation

This is quick-hit version of part three of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit. If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 3 of 3 (Pivoting and Automation) (basic_0x04)

The purpose of this article is to cover pivoting, port-forwarding, and automation to expand the reach of your tools and reduce the amount of time you spend on repetitive work. Part one covered starting up the MSF, finding an exploit, finding a matching payload, and configuring everything up to the point of launching the exploit. Part two covered exploitation and post-exploitation modules to the point where you are comfortable with the various ways of manipulating a system after you’ve opened a session to it. This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016. If that’s true, then let’s go!

Continue reading “MSF Fundamentals 2017 (Part 3 of 3) – Pivoting and Automation” →

March 20, 2017