https://jckhmr.net/ Recent content on jckhmr.net Hugo -- gohugo.io en-us Sun, 19 Apr 2020 00:37:23 +0000 https://jckhmr.net/lazy-sysadmin-vulnhub-writeup/ Sun, 19 Apr 2020 00:37:23 +0000 https://jckhmr.net/lazy-sysadmin-vulnhub-writeup/ ‘Lazysysadmin’ is another of the targets as recommended by the excellent TJnull, in preparation for the OSCP. Lazysysadmin is considered an ‘easy’ machine. Just for fun, we’ll take a look at a number of different exploitation routes as well as take a look at some post-exploitation activities (specifically data exfiltration or exfil). Exfil would obviously be of interest to a Red Team operator who is more more ‘goal driven’ and not so fixated on gaining root. https://jckhmr.net/links/ Tue, 24 Mar 2020 01:48:32 +0100 https://jckhmr.net/links/ Just a flavor of the most commonly used references that spring to mind. I need to start a github repo for this … Twitter (just a few, in no particular order) @SpecterOps @ZephrFish @hacks4pancakes @troyhunt @binitamshah @gossithedog Websites (my current regular reads) blog.zsec.uk - Andy Gill (a.k.a. ‘ZephrFish’) - very detailed content on a wide range of stuff from Red Team 101 through to ‘Learning the Ropes 101’ stuff for those looking to get into the world of hacking. https://jckhmr.net/tools/ Tue, 24 Mar 2020 01:48:32 +0100 https://jckhmr.net/tools/ A few of the tools I have created … some are just utilities that ‘do’ something simple or make life simpler for me. Others are a bit more adventurous. Hop on over to github for further details. https://jckhmr.net/talks-and-presentations/ Tue, 24 Mar 2020 00:37:23 +0000 https://jckhmr.net/talks-and-presentations/ Talks and presentations that I have given 2015 OWASP Belfast Meetup - October 1st, 2015: Mobile App Pentesting. [slides] 2017 OWASP Belfast Meetup - Mobile Pen Testing with a Wifi Pineapple 2019 BSides Belfast - Offensive Ansible for Red Teams [slides] [video] 2020 Newry NewTec 2020. A big shout out to Joe Mckevitt and Jonny Mullagh for having me! [event info] Robert Gordon University Aberdeen (Scotland), 11th March 2020- Cybersecurity Meetup: Automating Red Team Attack Infrastructure [slides] Robert Gordon University Aberdeen (Scotland), 12th March 2020 - Undergraduate talk: Hacking a career in Offensive Security [slides] Image credit: Luis Quintero https://jckhmr.net/create-a-wordpress-webshell-plugin/ Mon, 23 Mar 2020 00:37:23 +0000 https://jckhmr.net/create-a-wordpress-webshell-plugin/ Webshells are a really useful stepping stone on the path to a proper reverse shell. The idea is that they use popular scripting based approaches such as PHP to accept some parameters in a GET request. That data then gets executed as a system level command - i.e. against the underlying operating system used by the web site. The types of activity you can perform are dependent on the privileges associated with the account running the web server. https://jckhmr.net/another-hotel-room-safe-with-a-default-manufacturer-reset-code/ Mon, 04 Nov 2019 00:37:23 +0000 https://jckhmr.net/another-hotel-room-safe-with-a-default-manufacturer-reset-code/ Why is this sort of thing still happening? Finding a hotel room safe with a default code is not a particularly new security issue, which begs the question as to why it is still happening today if the issue is incredibly easy to fix. I encountered this issue recently when I had checked into a hotel. After flicking through the TV I got bored and turned my attention to the hotel room safe. https://jckhmr.net/my-bsides-belfast-2019-talk-offensive-ansible-for-red-teams-attack-build-learn/ Thu, 31 Oct 2019 14:43:23 +0000 https://jckhmr.net/my-bsides-belfast-2019-talk-offensive-ansible-for-red-teams-attack-build-learn/ BSidesBelfast (October 31st 2019) was the first time that I actually presented at a major conference. I’ve been to quite a few other BSides events, but always as an attendee, never as a speaker. That all changed when I got the opportunity to present a talk on ‘Offensive Ansible for Red Teams - Attack, Build, Learn’. TL;DR: In this article I’ll talk about my overall experiences at BSides Belfast 2019 as well as give a brief overview of the talk I presented. https://jckhmr.net/wintermute-part-2-neuromancer-vulnhub-writeup/ Sun, 17 Feb 2019 11:05:48 +0000 https://jckhmr.net/wintermute-part-2-neuromancer-vulnhub-writeup/ This VulnHub writeup is based on Neuromancer - part two of the excellent ‘Wintermute 1’ challenge, created by creosote I’ll spare you all the detail, but as a quick recap, after having rooted Straylight we find that it is dual-homed - i.e. it is part of a second sub-net. We pick up the action from the ‘note.txt’ file found after having gained root privs on that box. TLDR/Spoiler Alert: The privesc route for this machine is not the obvious one chosen by other people who have taken the time to put together so many great writeups. https://jckhmr.net/wintermute-part-1-straylight-vulnhub-writeup/ Sun, 17 Feb 2019 10:59:58 +0000 https://jckhmr.net/wintermute-part-1-straylight-vulnhub-writeup/ This VulnHub writeup is based on Straylight - part one of the excellent Wintermute 1 series found on Vulnhub, created by creosote. The Wintermute 1 series is designed to be similar to some of the challenges presented by the ‘OSCP’ (Offensive Security Certified Professional) labs. Skills such as pivoting are really put to the test in the series, and it certainly ticked the box for me in terms of learning new stuff. https://jckhmr.net/toppo-vulnhub-writeup/ Sun, 14 Oct 2018 19:27:14 +0100 https://jckhmr.net/toppo-vulnhub-writeup/ I’ve recently been approached to help introduce some new folk to the wonderful world of ethical hacking. The assumption is that they may know about the basic theory behind the stages of rooting a target, but have little by way of hands-on experience. Ideally I want to do something that can be completed in a group scenario where everyone can play along and achieve root in a couple of hours tops. https://jckhmr.net/stapler-vulnhub-writeup/ Sun, 14 Oct 2018 19:14:11 +0100 https://jckhmr.net/stapler-vulnhub-writeup/ ‘Stapler’ is the second machine from Vulnhub.com that I looked at as part of my OSCP preparations. This one just requires good enumeration skills and leaving no stone unturned. This is a lesson I learned after discovering two different ways for privesc. I had been reading other writeups on this box and then I learned a third way of compromising this machine. I obviously hadn’t read notes posted on Vulnhub by the author, and neither did I pay FULL attention to the output from my enumeration tools. https://jckhmr.net/fristileaks-vulnhub-writeup/ Mon, 17 Sep 2018 21:32:38 +0100 https://jckhmr.net/fristileaks-vulnhub-writeup/ ‘Fristileaks’ is the first of my efforts to exploit Vulnhub.com machines as part of my OSCP preparations. I needed some additional machines to help fine tune my methodology to do things as ‘surgically’ as possible without getting stuck down pointless rabbit holes. I love reading the stuff from abatchy and I decided to get stuck into their recommendations for ‘OSCP-like Vulnhub VMs’ I like to go into lots of (hopefully) useful detail in a progressive manner, starting with an overview and then getting more into the nuts and bolts. https://jckhmr.net/about/ Mon, 01 Jan 0001 00:00:00 +0000 https://jckhmr.net/about/ If you found this, five points for beginning your OSINT journey about me. :-) Over 15 years ago, I moved into information security, having worked in web and ‘new media’. I started out with technical writing, providing secure coding training for devs, which then evolved into a security architect role, before becoming an application security pen tester. On the latter, I specialized a lot in mobile, delving into things such as encryption for mobile apps.