flameshot: FOSS tool for screenshotting

August 9th, 2023

One thing I love about courses is that you usually come across some software you haven’t known before.

I recently enrolled in the HTB Academy course and in the learning module, they mention flameshot – a tool for screenshotting.

Great, another one? What’s so special about it? In MacOS, command+shift+4 usually works pretty well so what else do you need?

Ah, flameshot has included capabilities to add highlight areas, circle areas, add text etc. This can save you a lot of time because you will not have to save the file, then edit it again with some other tool. Directly edit the screenshot in flameshot, annotate it and paste it into your documentation tool (Joplin, cherrytree or even OneNote if you must).

On Kali Linux, flameshot can be installed via ‘sudo apt-get install flameshot’

The software’s homepage contains some useful Q&A if you run into distro-specific problems:
https://flameshot.org/

Kali Linux: Capture terminal sessions with ‘script’

August 9th, 2023

‘script’ is mentioned on different blogs and and pages but I couldn’t get it to run until I came across this blog post by Ken Hess: https://www.redhat.com/sysadmin/linux-script-command

It’s fairly simple…. run ‘script -O <name_of_a_file> to start, you will get ‘Script started, output log file….’

Press Ctrl+d when you’re done and you will get a confirmation ‘Script done’

You can view the saved file using cat.

Where I ithought it doesn’t work is that the output file looks exactly like the terminal. You almost have to look very hard to a line like ‘Script started ….’ But work it does. And it can be a real time and life-saver for documentation.

Kali Linux: history with date & time

August 9th, 2023

In the Linux basic module of OSCP, you’re asked to configure your shell in a way that the history commands always displays the date and the time when the command was run.

Such information is valuable as evidence so this configuration tweak is well worth it.

If you’re the impatient type you might turn to some search engines for some quick results and you will definitely get a lot of hits. None of which work.

Why? All (most, at least) are written for the bash shell.

However, nowadays (2023) the default shell in Kali Linux is zsh.

See for yourself: run ‘echo $SHELL’ in your terminal.

Similar to the bash shell with a ~/.bashrc file, there is a ~/.zshrc file. Open the file with less and search for ‘history’ cat | grep the file and you will that there is an alias defined for history: ‘history 0’ (the numbers modifies the returned history lines).

In many posts, the fc is referenced, including the -E switch – most of the mentioned switches do not work as outlined in the posts.

Finally, I came across the -li switch which not only works (as in ‘does not return “bad option”‘). And this option actually returns the date/time info of commands run in zsh.

What does that mean for you?

Simply add another alias at the end of the .zshrc file:

alias history=’fc -li 0′
(that’s a zero. if you don’t add it, the history command will only return the 16 latest entries in the history file)

Now you can move on to the next task in the OSCP course.

OSCP diary – week *cough, cough*

February 14th, 2023

A long overdue update… I lost count what week I am in but I’m happy to report that I’ve continued working through the PEN-200 course at a steady pace and by now, I’ve finished all reports up to and including chapter 19 (password attacks).

This means I have four more chapters to go for the reporting. Maybe three because I have not been able to get PowerShell empire working properly. Which will leave the flags and the labs. As it is February now, completing the course around July or August still seems realistic.

ISC2 CCSP

February 14th, 2023

Last week (first week of February 2023), I took and passed the ISC2 CCSP exam (Certified Cloud Security Professional)

As usual, I watched all relevant videos I could find on pluralsight.com and used to the included practice exam until I consistently got a (very) high score. Additionally, I read thumbed through the All-In-One series book on the CCSP exam.

The actual exam was quite hard and I was surprised to learn I passed. Pleasantly surprised, obviously. The provisional result was printed out at the test center as is usual with ISC2 exams.

There is a reddit sub-thread where a lot of test-takers complain about this exam. Usually I don’t pay those people too much attention since I passed all these exams at first try so far (10-ish exams so far) but I have to admit, some questions left me troubled and confused. The bewildering questions did not seem relevant to the exam topic at all.

If somebody came here hoping for some useful advice on this exam, I’m sorry, I can’t give you any. I can’t give you any meaningful advice on what else to study apart from the above. Obviously, learn the basics by heart (shared responsibility model, threat models, data life cycle, SLDC, risk mitigations etc.) but beyond that, I am not sure what to recommend.

If you are taking the exam soon: don’t panic, stay concentrated, give it your best shot and best of luck!

OSCP diary – week 06

September 4th, 2022

Hrmpf…. Seems I forgot to write an update on week 05. In that case, I’ll have to summarize two weeks in this post.

I’m still studying buffer overflows, in particular Windows buffer overflows and trying to find my around the debugger that is installed on the offered Win10 virtual machine. I did some additional readings on other websites which explain the theory just as well if not even better.

One thing I can’t help noticing though is that the whole VPN thing is a drag. I get it, VPN is required. But I’m running Kali on Virtualbox, then I have to RDP into a Windows virtual machine. Yes, the recommendation is not to use Wi-Fi, but face it, in some rental places a wired connection might just not be possible.

The format of the OSCP website does not help much either. The notes column on the right side cannot be minimized but it takes up 25% of website’s width.

One problem that’s been bugging me for several weeks now was an update / upgrade problem with apt-get. I got an error message saying “file size is not as expected, mirror sync in progress?”

Looking this up, the solution seemed simple enough – replace the standard repo included in /etc/apt/sources.list with a mirror in your country as listed here:
http://http.kali.org/README.mirrorlist

Now this is where Murphy of Murphy’s Law comes in.

I picked one of the local mirrors, put it in the config files, ran apt-get clean and apt-get update again – but got the same error.

What happens in the background is that the default repo automatically forwards your connection to the fastest local mirror it can find. In my case, the mirror I accidentally put hard-coded into the config file. So, the main repo had a problem and the configured mirror as well. It almost drove me nuts and I was only able to solve by trying yet another mirror, carefully picked – a slower one on purpose. Then, finally apt-get update completed and I was able to catch up with a week’s worth of updates.

Blerg.

Nice to have this off my back, now I can get back to studying…

OSCP diary – week 04

August 21st, 2022

I finally finished the LFI exercise… it took a while because I was using a & instead of a ? in the wrong place in the URL. <sarcasm>Surprisingly, things don’t work properly if you do that</sarcasm>. After that, it was smooth sailing. OR SO I THOUGHT. Took some more digging and I got the flag so I’m good maybe but I certainly did not follow the instructions so I’m not sure if there is a correct way to complete the exercise. But I guess one aspect of the course is also to show that following the book/the guidelines is not always necessary or recommended.

Moving on, I made progress on the RFI exercise and continued reading up on SQL injections.

This all seems to take a long time, I wonder if I’m wasting too much on these exercises >_<

ISACA CRISC

August 16th, 2022

I got the digital certificate this week and now I can file for the reimbursement of the exam cost. This is the last step, the rest is just keeping on acquiring those CPEs

OSCP diary – week 03

August 16th, 2022

I’ve continued with the web application attacks chapter and I’m a bit ashamed to say I’m stuck on one of the LFI exercises. I try to finish all the exercises before moving on, or at least before moving to a completely new chapter.

In this particular exercise, I’ve tried a couple of things (what I could think of), watched the course videos (which I usually don’t) and did additional research but I’m still stuck. Might reach out to colleagues this week although I still have one idea that I need to check/confirm before asking others for ideas.

Meh, nobody said it’s easy.

Burp Suite Community edition – Intruder

August 12th, 2022

If you accidentally dabble with a PEN-200 course, there is an introduction to the Burp Suite Intruder feature with a lot of meat on the bones.

Alas, since the course was created, Burp Suite released a newer version with a re-defined interface (covered by Burp Suite course on Pluralsight) but it’s still possible to piece together the required components to follow the course content.

Until…. everything is set as described and you click on “Start Attack” and you get this pop-up:

Is this another “feature” of the community edition to push you towards purchasing the Pro version of Burp Suite?

Well, it might be. But you don’t have to shell out the cash quite yet.

Head over to the Resource Pool tab and you’ll see:

In fact, what you’ll have to do is this:

And obviously select this added option, then start the attack. It will obviously be slower but this chapter in the course is about the principle, not about brute-forcing cracking real passwords.