Blogs

So you’re thinking about switching to Linux. We’ve all had those moments. For me, the first time was during my honours year. At the start of the year, we were asked whether we wanted our machines set up with Windows or Linux. I’d spent my whole life on Windows, but I figured it was time to see what Linux had to offer. So I installed Mint. But no way was I putting that shit on my main machine! Homie had games to play, and the idea of running stuff through Wine? Laughable. Back then, Linux gaming meant only playing what was precompiled for Linux. ...

Introduction OpenAI, Google, X and many more axll provide AI chatbot capabilities that are really useful to a point and that point is how much they know. There is a prevailing consensus that the more data you give a model the better it is. You can even customise and get the chat bot to know you better by uploading your personal data. By doing so however you are seeding all your data to be owned by which ever company you are uploading to. Oh and you want to use our top models consistently without rate limits cough up some money as well boy! ...

So you want to join the cool kids club and be a Linux gamer. You have found your distro of choice and installed it. In your infinite wisdom you still have that second hard drive to store all your data keeping it separate from your OS install files. After installing Steam you have run into countless stupid seemingly unexplainable problems and your can’t seem to find a clear guide on how to get it all working smoothly. Well worry no more intrepid cyber traveller I put together this guide after piecing together and overcoming the many problems that I faced and you are probably experiencing. ...

This was a fun little box that was on the season 7 rotation of Hack the Box that involved some python manipulation. Enumeration After starting up the box lets see what we are dealing with. └─$ nmap -sV -p- 10.10.11.62 Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-28 10:42 EDT ... PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.12 (Ubuntu Linux; protocol 2.0) 5000/tcp open http Gunicorn 20.0.4 Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel ... So we got 2 ports, namely 22 and 5000. 22 will be for the SSH to the box so what does this seeming http server on 5000 have in store? ...

Engineers have a curious relationship with their tools. Take Confluence, a platform many love to hate. It’s clunky, inconsistent, and often a source of frustration. As engineers curse its name when they’re forced to hunt through disorganised pages or wrestle with broken permissions. But even in our disdain, there is a kind of grim acceptance. Confluence, for all its flaws, is a familiar beast—predictable in its chaos, manageable with enough effort and has some features that we come to enjoy like markdown support and embedded graphs. What engineers often forget, however, is the immutable law of systems: there is always something worse out there. ...

Introduction We all hate advertisements on the internet. But sadly advertising is a very big portion of revenue of internet companies and is it just me or are they getting more predatory as time goes on? Think we can all agree they aren’t great. You could add an ad blocker to your browser but that only works on the browser you install it on, plus its lame. Do you ever browse on your phone? Did you know you could block all ads on your network? What if i told you there was a way to block Ads at a lower level then just your browser. Stop the facet at the source, diverting that stream of bullshit into a hole never to be seen again! I present to you the Pi Hole. ...

I would be lying if I said I posted this Hack the Box Greenhorn writeup within the same week of me exploiting it. In truth life happened. I did a SANs and a couple of late nights out. But here it is, my greenhorn writeup. Enumeration Lets start as we always do after booting up the box and have a look at what ports are available to us with an nmap. ...

Introduction I recently completed the SANS 540 course in person, and what an intense and rewarding journey it was! As a Product Security Engineer, I’m no stranger to pipelines and the intricacies of implementing security controls and tools. However, building everything from scratch, end-to-end, was an eye-opening experience. The course pushed me out of my comfort zone, especially the full day dedicated to Kubernetes, which completely fried my brain and reminded me just how much there is to learn in this field. ...

Introduction In an era where streaming platforms are increasingly introducing ads, looking at you Amazon Prime & Disney+ even Netflix are getting their feet wet. Setting up your own Plex server on a Raspberry Pi offers an ad-free viewing experience for your movies and series. With this guide, you’ll create a Plex server on your local network, ensuring that your media is always accessible without interruptions, all while keeping your content secure within your home network. ...

I woke up this morning breathed in that sweet morning air. I could feel it, to days the day ima hack a box and come to the sun setting I had pwned this box by getting an AI model to execute a reverse shell that got me root! Here we go Enumeration What can nmap tell us about this target └─$ nmap -A -p- 10.10.11.19 -oN nmap.scan # Nmap 7.94SVN scan initiated Sat Aug 10 11:14:11 2024 as: nmap -A -p- -oN nmap.scan 10.10.11.19 Nmap scan report for 10.10.11.19 Host is up (0.046s latency). Not shown: 65533 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0) | ssh-hostkey: | 3072 3e:21:d5:dc:2e:61:eb:8f:a6:3b:24:2a:b7:1c:05:d3 (RSA) | 256 39:11:42:3f:0c:25:00:08:d7:2f:1b:51:e0:43:9d:85 (ECDSA) |_ 256 b0:6f:a0:0a:9e:df:b1:7a:49:78:86:b2:35:40:ec:95 (ED25519) 80/tcp open http nginx 1.18.0 |_http-server-header: nginx/1.18.0 |_http-title: Did not follow redirect to <http://app.blurry.htb/> Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at <https://nmap.org/submit/> . # Nmap done at Sat Aug 10 11:14:36 2024 -- 1 IP address (1 host up) scanned in 25.45 seconds Lets add app.blurry.htb to our hosts file and run some subdomain enumeration tool to see what else is out there ...

Introduction This guide outlines the steps required to install docker on a headless Raspberry Pi. Reason I’m putting this together is the generally found official documentation doesn’t work for the Headless variant of the Raspbian OS. By following its guidance you can find yourself running into the following errors root@pi:/ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx- ... E: Package 'docker-ce' has no installation candidate E: Package 'docker-ce-cli' has no installation candidate E: Unable to locate package containerd.io E: Couldn't find any package by glob 'containerd.io' E: Couldn't find any package by regex 'containerd.io' E: Unable to locate package docker-buildx-plugin E: Unable to locate package docker-compose-plugin The solution is a pretty easy one, find it below. But first!!! ...

This evening I felt like cutting my teeth a little bit more. So lets spin up this box and give it a poke. Enumeration Kicking off this baby with an nmap In doing so we find port 22 and 80 are the only ones open. I did a full port scan after to the avail of no extra dice Browsing the website we don’t find much. All links are get requests to the server so nothing there. We do get the website URL however Board.htb that we can add to our hosts file. ...

I’ve been messing with retired boxes on Hack the box and thought i would finally try my hand on one of the active ones! Enumeration So as per lets start with an nmap scan. # Nmap 7.94SVN scan initiated Sat Jul 27 09:05:17 2024 as: nmap -sV -p- -o nmap.scan 10.10.11.23 Nmap scan report for permx.htb (10.10.11.23) Host is up (0.062s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.52 Service Info: Host: 127.0.0.1; OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at <https://nmap.org/submit/> . # Nmap done at Sat Jul 27 09:06:05 2024 -- 1 IP address (1 host up) scanned in 48.48 seconds In doing so we find ports 22, 80 open. Both versions seem secure so lets have a look at the website. ...

Introduction You ever look at your achievements page on X Y or Z website and think “I would love to show this whole page and not just piece meal my Linkedin account resulting in just unprofessional noise on my public profile”… No? Maybe it’s just me… Anyway Ima build my own achievements page, with blackjack and hookers, using a web scrapping bot that extracts all the essential details and outputs this webpage for my site. Here is how I did it. ...

Introduction A couple of years ago I bought a Raspberry Pi 4 and have used it in several ways from a Pi-Hole to a full bitcoin node using a number of prebuilt OS packages. Anyhow today I thought I would tear it all down and start building a system suite from scratch again starting with a generic base. Taking the knowledge I have gained from the past few years. Here’s how I set up my Raspberry Pi 4 with a headless OS for my future projects. ...

So you want to deploy a PostgreSQL database in a private vnet and link it to your custom application in Azure. You have developed this awesome app thrown it into a container image and now you need to build the infrastructure to host your beautiful code. You could click around the disgusting Azure GUI like a pleb or you can be cool and deploy your infrastructure using code. With Terraform being your poison of choice to achieve this don’t worry, you have come to the right place. ...

Introduction This is my first Hack the Box machine pwned and it’s called Analytics. Here is a mock write-up of the lab because as we all know. It’s great being able to pwn things but if we can’t communicate the remediations to what we have done then there is no benefit past that juicy dopamine hit when you get root 😀 Executive summary The attacker achieved an initial foothold by abusing a pre-authentication remote code execution exploit to achieve a reverse shell. User credentials we then found in the environment variables and used to establish a user shell. This can be prevented by upgrading Metabase to the latest version and removing the environment variables with user account details if possible as a secondary objective. ...

Introduction I’ve recently moved in with some mates. As with all things moving you need to setup debit orders and subscriptions with your respective utility providers and whatever monthly things you all want to add to the expenses docket. I’ve been toying with the idea of automating my finances more. Many banks provide ways for you to do this through scheduling payments, direct debits etc. Some new digital banks even expose their APIs for you to use directly in whatever way you choose. My bank has this functionality available to me. So why not put together a fun little project to automate the expensing? ...

So I’m visiting my family back in my home country which is currently experiencing daily power cuts, FUN! And as much as i love my chonky desktop there is not a flying fuck im lugging it all the way home. That is what we have laptops for! Saddly my desktop is x10 more powerful than my cafe warrior of a laptop so any cheeky hacking i might want to do will be severly limited… ...

This was my first proving grounds lab of my OSCP. Took longer than I would have liked but I was able to pwn it in the end with a joyful fist pump and woop from my side. Any advice or comments on how I could improve this write-up would be appreciated. Executive summary The attacker was able to achieve privileged remote code execution on the target box. Issues found can be easily remediated by updating the software Booked Scheduler to V3.7.9 and restricting write permissions of a scheduled cron job. ...

Enumeration Lets kick off with a port scan to get a better idea of our target. There are a couple of interesting finds here. So lets start digging! FTP - port 21 FTP Exploit attempt FTP allows for anonymous login but nothing seems to be in the hosted file server Looking into the detected software vsftpd 2.3.4 with searchsploit reviles these two known exploits These however, when I try to execute the exploit, don’t seem to execute successfully. Which is a bummer but lets move on to the other ports. ...

Because running ~21km sounds tough but in truth, IT’S FUCKING EASY. I have walked that in a day, so running it will be a breeze right?! The difficulty doesn’t come from setting your goal. The difficulty comes with following through on them! Let me rewind a bit. How did I, an avid NON-RUNNER get roped into this? It all started one early morning, I was brewing my morning coffee at the office machine and my colleague Julia asked me if I wanted to sign up for the London half marathon as she had. Without too much thought, I blurted “Ye sure sounds like a great idea” and before the day was up I was registered… No going back now.w ...

A family recipe that was passed down through the generations. Thank you for this one granny ^^ Enjoy, this recipe is super flexible. In my family this recipe is known as the kitchen sink bread , go wild! Ingredients 500g Nutty wheat flour (or combination of any flours) 500ml Butter milk (or equivalent yoghurt, milk and a squeeze of lemon) 1tbsp honey in a little hot water depending on how dry mixture is 1tsp Salt 1tsp Bicarbonate soda 1tsp Cream of tartar Plus these additions (Options are flexible) ...

So my uncle forgot his keys to his roof rack… Ok when you have just left home. Not so ok when you at 5 hours from it! He was travelling with his family to the Kruger National Park. His trip takes him passed Johannesburg where I live so they all stayed the night, catching up with family, leaving the last 4 hours of the trip for the next day. When they arrived he realised that he had forgotten the key to the roof mounted carrier probably 5 hours away at their home. Thing is all their overnight gear was stored in the roof top carrier. Toothbrushes, Underwear, Cables you know all overnight essentials!!! I have never picked this type of lock before… Well no time like the present. I grab my picking set and get to work. The first attempt was partly successful but not completely unlocked successful… RESEARCH TIME! ...