Just a quick catch-up post on the presentation I gave tonight for Fire Talks Online… if you want it, you can download the raw PPTX here: Intro to Woodworking.
As always… good hunting!
Fire Talks Online: Intro to Woodworking
Fixing Firmware File Systems
Here’s the scenario: you’ve downloaded the firmware for a device that you want to explore in more depth, and extracted out the updates. You dig through them and see that they’re EXT4 systems, and say “jackpot!” while rubbing your hands together in glee. “A quick mount and I can browse to my heart’s content” you say to yourself… and then you see “wrong fs type, bad option, bad superblock on {DEVICE}, missing codepage or helper program, or other error.” Let’s get past that. 🙂
Quick Hit: Base64 PowerShell Exfiltration
Okay, so you’ve landed in a constrained language PowerShell on a remote box, and the local application security policy is stopping you from using all the regular stuff (e.g. netcat, opening network connections, etc)… but you need to exfil a medium amount of binary data. How would you do that?
The following isn’t perfect, but it’s the solution I used recently… feel free to share better solutions! 🙂
Continue reading “Quick Hit: Base64 PowerShell Exfiltration”
Quick-Hit: Am I Inside A Docker Container?
If you don’t know, here’s an easy way to find out…
cat /proc/self/cgroupIf you see “/docker/{hash}” following one of the outputs then yes, yes you are. A non-Docker system looks like the following:
Continue reading “Quick-Hit: Am I Inside A Docker Container?”
Quick Hits: Screen
Ever been frustrated by a session that was running remotely when your SSH/nc/1337shell.phpaspxcf dropped, and all that work was wiped out in the blink of an eye because when that died your shell did too, and the OS was nice enough to clean it all up?
Yeah, it sucks. Fortunately, there’s an easy way to handle that, and it’s called “screen”. Let’s dive in.
Continue reading “Quick Hits: Screen”
Getting Started with the HackRF
I have to teach some folks how to find, isolate, and analyze signals tomorrow, which of course means this is the perfect time to document some quick steps for my own reference. I started the build out from the DEFCON 26 Hardware Hacking Village Kali Live Build. If you don’t have it your mileage may vary… on to the buildout.
Backpack Pentesting
I made a presentation a few months ago based on a simple question I relieved… “What is all that stuff in your backpack?” I normally carry, well, more than I really need. Full list with links is below, or here’s the presentation for those who want to see it in all its original, horrible glory. Ever wonder what types of stuff I normally carry when on a pentest? Well, now you know. Enjoy!
QuickHit: wget Website Mirroring
You may often need to mirror all (or part) of a website for offline analysis. The ‘wget’ program has some easy features to use when you want to quickly get a local copy of a site and correct common issues (like links pointing to server locations). Set up one of these behind the scenes while you work on other aspects, then peruse at your leisure.
Update 2018-07-21: Or just use the script I wrote to simplify this for my customized Kali build, available here.
Random Characters
Because every so often it’s nice to have a list of characters you can just copy/paste from, rather than trying to figure out where else they may be.
Quick ASCII Binary Tools
Just going to leave this here (and here) in case anyone needs a quick set of source-able functions to make quick ASCII->Binary and Binary->ASCII conversions from Linux command lines. 🙂
Hermit's Cave 