Maybe you’ve decided that you want to close down your old computer that was running a Lightning network node, but you haven’t decided to stop using Bitcoin. Maybe you just need to pay for an unexpected expense. Maybe anything. The question becomes: How do you take the BTC you currently have linked into a Lightning wallet and shoot it back off to a Bitcoin main wallet? I didn’t find that readily available anywhere and clearly listed, so here you go. 🙂
Continue reading “Closing out Lightning to Bitcoin”QuickHit: Things to Attack
Need a quick list of things to attack? Try these. 🙂
- Buggy Web App:Â http://www.itsecgames.com/
- Damn Vulnerable iOS App:Â http://damnvulnerableiosapp.com/
- Damn Vulnerable Web Application:Â http://www.dvwa.co.uk/
- Damn Vulnerable Web Services:Â http://dvws.professionallyevil.com/
- Google Gruyere Web App:Â http://google-gruyere.appspot.com/
- Hack This!:Â https://www.hackthis.co.uk/
- Hack This Site:Â https://www.hackthissite.org/
Fire Talks Online: Intro to Woodworking
Just a quick catch-up post on the presentation I gave tonight for Fire Talks Online… if you want it, you can download the raw PPTX here: Intro to Woodworking.
As always… good hunting!
Fixing Firmware File Systems
Here’s the scenario: you’ve downloaded the firmware for a device that you want to explore in more depth, and extracted out the updates. You dig through them and see that they’re EXT4 systems, and say “jackpot!” while rubbing your hands together in glee. “A quick mount and I can browse to my heart’s content” you say to yourself… and then you see “wrong fs type, bad option, bad superblock on {DEVICE}, missing codepage or helper program, or other error.” Let’s get past that. 🙂
Quick Hit: Base64 PowerShell Exfiltration
Okay, so you’ve landed in a constrained language PowerShell on a remote box, and the local application security policy is stopping you from using all the regular stuff (e.g. netcat, opening network connections, etc)… but you need to exfil a medium amount of binary data. How would you do that?
The following isn’t perfect, but it’s the solution I used recently… feel free to share better solutions! 🙂
Continue reading “Quick Hit: Base64 PowerShell Exfiltration”
Quick-Hit: Am I Inside A Docker Container?
If you don’t know, here’s an easy way to find out…
cat /proc/self/cgroup
If you see “/docker/{hash}” following one of the outputs then yes, yes you are. A non-Docker system looks like the following:
Continue reading “Quick-Hit: Am I Inside A Docker Container?”
Quick-Hit: Editing Submissions in BurpSuite
Let’s say you’re running some tests on a service and want to use some characters that aren’t standard in your systems’ character set. How do you do that?
Continue reading “Quick-Hit: Editing Submissions in BurpSuite”
Quick Hits: Screen
Ever been frustrated by a session that was running remotely when your SSH/nc/1337shell.phpaspxcf dropped, and all that work was wiped out in the blink of an eye because when that died your shell did too, and the OS was nice enough to clean it all up?
Yeah, it sucks. Fortunately, there’s an easy way to handle that, and it’s called “screen”. Let’s dive in.
Continue reading “Quick Hits: Screen”
Windows and Linux Base64 Encode/Decode Commands
Continue reading “Windows and Linux Base64 Encode/Decode Commands”
Quick Tip: Linux and Rufus
Just learned today:
If you are making a bootable disk from a Linux distro using Rufus and it won’t mount, try creating it using the DD option.
Apparently, Linux sometimes only likes its own tools being used on it.
Bonum Venandi,
KS