C: changing shellcode bytes at the middle (or at shellcode offset)

The Problem

While writing a bindshell shellcode for the SLAE32 course Assignment #1, which will be described in details another blog post, there was an interesting issue while coding the C program. As the exercise required some flexibility on passing the port as an argument, the issue was that there is not a direct way to alter the 2 bytes of shellcode in C, so if you are looking for a way to change some bytes at the middle or at an offset of your shellcode the solution follows below.



Continue reading “C: changing shellcode bytes at the middle (or at shellcode offset)”

HTB challenge: LoveTok (php addslashes restricted quotes bypass)

The challenge

On a recent hackthebox challenge the following code required to be exploited to get the flag:
<?php
class TimeModel
{
public function __construct($format)
{ 
$this->format = addslashes($format);

[ $d, $h, $m, $s ] = [ rand(1, 6), rand(1, 23), rand(1, 59), rand(1, 69) ];
$this->prediction = "+${d} day +${h} hour +${m} minute +${s} second";
}

public function getTime()
{
eval('$time = date("' . $this->format . '", strtotime("' . $this->prediction . '"));');
return isset($time) ? $time : 'Something went terribly wrong';
}
}
Continue reading “HTB challenge: LoveTok (php addslashes restricted quotes bypass)”

HTB: Networked walkthrough

“Networked” Info Card  
Slight hint(s): Unrestricted file upload, bypass image upload restriction, bypass mimetype restriction
Slight hint(s) (PE): shell command injection, unescaped variable command injection
Continue reading “HTB: Networked walkthrough”

Haystack – hackthebox.eu walkthrough

This is a walkthrough on the machine called Haystack on hackthebox.eu, which most users found frustrating and/or annoying. Personally I would describe it more as a kind of annoying box, and although rated as easy my personal opinion is at least the Privilege Escalation part should be falling a bit more into the intermediate category. cat >> /etc/hosts <<<“10.10.10.115 haystack.htb”
Continue reading “Haystack – hackthebox.eu walkthrough”

OSCP – the road from failing to 105

Introduction to my OSCP Journey

Although this post is mentioned to be an overall overview and resource on how to prepare for OSCP, it is kind of targeted to those who didn’t manage to pass on their first attempt. As I am one of those guys too, and that made me make the necessary adjustments in my learning process. There are tons of reviews on OSCP regarding someone getting the certification after their first exam, and I am not one of them. Yes, I failed it. And do I regret it? Hell no. I dedicated to it and learned tons of stuff since my first exam attempt, and this post will be pointed towards those who failed their OSCP exam attempts and what to stress on when preparing how to successfully achieve the requirements for the OSCP certification.
Continue reading “OSCP – the road from failing to 105”

Booting grub from a removable device

Basics of grub

Recently I went into the problem of having to boot two different hard drives on a single notebook. The reason for this was that I wanted to keep the data from the first hard drive aside when using the notebook for work which might require remote access by third parties and screen monitoring. Yeah, buying an additional notebook is another possible solution (as someone suggested), but why spend thousands of bucks when you can achieve the same with just buying the hard drive, having in mind that additional cases as this are not quite often, and I could just swap a hard drive with additional setup already prepared. Please note that the idea here is to keep the SSD drive inside the notebook and swap only the second one.

In my case, the notebook has an SSD drive which has a Windows OS (and all the windows recovery partition stuff on it), and another regular SATA hard drive which includes my Kali Linux and a partition for data storage. Continue reading “Booting grub from a removable device”

Resize images automatically based on width, height or percentage

Recently I came up with the issue of having to resize a set of images based on their width and at keep aspect ratio at the same time. I came up with the following threads on stackoverflow:


https://stackoverflow.com/questions/15987091/imagemagick-resize-images-to-25px-height-and-aspect-ratio
https://stackoverflow.com/questions/965053/extract-filename-and-extension-in-bash

The purpose is to resize all images in the current folder using ImageMagick, while keeping old files and whereas the new filenames are written with the same extension and an appendix for easier identification of the resized images. The new filenames  also could be easily put in a new folder by changing the destination within the following commands:

 #!/bin/bash

# resize image based on width and keep aspect ratio
for i in *; do convert -verbose -geometry 800x "$i" "${i%.*}-small.${i##*.}"; done

# resize image based on height and keep aspect ratio
for i in *; do convert -verbose -geometry x600 "$i" "${i%.*}-small.${i##*.}"; done

# resize image by percentage and keep aspect ratio
for i in *; do convert -verbose -resize 40% "$i" "${i%.*}-small.${i##*.}"; done
A simple solution for designers who need to convert a folder of images at once instead of using a graphical editor and having to go through each image separately.