Bookmark and Share

:~ that dev domain
Yeah - that dev domain, hosted on my raspberry pi. It's not there anymore. I'm moving things out of the basement to a place with fewer blackout, so just enjoy more formatted ramblings @ http://themonkeyplayground.com/wp

0 comments -- permalink


:~ technical thoughts
I am working to move my tech writing to my .dev domain - https://themonkeyplayground.dev This will be up and down since it's running on a rasp pi in a secret location in the midwest.

Read all out that on the other site https://youat.dev/index.php/2019/03/13/testing-the-site/

0 comments -- permalink


:~ reverse engineering - what i don't know
Reverse Engineering with NSA tools?

This past weekend I attended my first CTF with my friend and colleague. It was an eye opening experience on what we know and what we don't know.

The CTF involved a good number of reverse engineering challenges. Each of them I looked at, smiled, and moved on from. Forensics I am picking up. Programming, I can usually get rather quickly. Web attacks, I am good on a team. Reverse Engineering - left me wondering where to start.

Tuesday rolls around and I see a message on Slack that the NSA has kindly released their internal reverse engineering tool in the wild.

I had a chat with my friend whom I will quote, but will remain nameless unless he wants me share his identity who said - "Want to know how you can distribute and get code execution on the largest number of security researcher's computers? Release a tool by the NSA for free."

So, I bit the bullet, spun up a VM and downloaded the tool. https://ghidra-sre.org/

The website comes with a silent install tutorial that let's you imagine a clandestine operative reading you the instructions. It also makes you wonder why they are using Win 10, but hey.



First run:

Need Java updated. Hate Java. Need jdk11.
Get it and it's dependencies here:
apt install openjdk-11-jdk

Run two.

Program just like the video shows.

I decided to take a challenge from root-me.org to start my learning with this beast.

I follow the directions on creating my project and import the .bin file from the first cracking challenge.

I drag the .bin to the CodeBrowser tool and it opens up a new world to me.

I just took it in for a bit. Looked around at the different areas and what type of data this can show.

I don't want to share how I got the password out of the program (which I did after looking at the code for about 20 minutes) because that's not allowed with the challenges, but the tool now gives me a way to look at the data different.

I will certainly be looking around.

I am intrigued with the Script Manager and what it can do. I will be playing with this to see what it can do.

The best part about this tool is when I verified the challenge I was permitted access to the other ways people go the answer. It opened a my eyes to not just this, but new tools for reverse engineering.

Onward and forward with the learning!

0 comments -- permalink


:~ registering a .dev domain on a raspberry pi
So, you registered a sweet .dev domain and didn't realize you needed to have a cert. Or was that just me?

Seems like a good time to try Let's Encrypt

The steps I took to get things going are below.

I will be hosting my domain at home on my RasperryPi that the boy and I will be putting together so I will need Dynamic DNS.

I moved my DNS to Cloudflare. They have free plans and feel less icky than GoDaddy where I bought the domain as well as you can use Dynamic DNS with their free plan.

Before we do that make sure you have your API key from Cloudflare.
Located under the Overview Section of your domain.

To do this, we need to use DDClient as per Cloudfare instructions:

There are a few missing pieces, which I'll add here to help out.

Download and environment setup is up to date:

cp ddclient /usr/sbin/
mkdir /etc/ddclient
mkdir /var/cache/ddclient
cp sample-etc_ddclient.conf /etc/ddclient/ddclient.conf
vi /etc/ddclient/ddclient.conf

Here is where things go a bit different:

## Cloudflare (cloudflare.com)
[email protected]

Let's edit: /etc/ddclient/ddclient.conf
Above they note ssl=yes under the Cloudfare area.
This is actually in the general config area and should already be uncommented and ready to go
To not have mail sent - comment out the two lines to do with mail

Scroll down a bit
Uncomment use=web, web-checpip.dyndns.org

*** If you are running a VPN connection on the machine - shut it off for this.

Now, search for cloudfare - it's near the end.

User you hostname for the zone and make sure you type in your login correctly.

Run the script with debug to make sure it connects and updates for you.

ddclient -daemon=0 -debug -verbose -noquiet

You may get the following error:

Install the following to get past it:
#sudo apt-get install libdata-validate-ip-perl

On my raspberryPi I received the following error and needed to run the debian install to get things going.

Finally - If all worked well - you will get a success message:

DDClient github documentation shows how to set it up as a daemon

Testing I was able to see that the DNS was pointing to my domain - which I had not yet set up on the Pi with Let'sEncrypt.

Now, it was time to install Apache and Let's Encrypt on my Pi.

I just followed the directions here - https://pimylifeup.com/raspberry-pi-ssl-lets-encrypt/ Really, it was that easy. One could say it was Easy as Pi(e).

And I was up and running...


0 comments -- permalink


:~ snakes
Snakes - the Python kind.

Work = v2.6, 2.7 if I am lucky

Home and play I am trying to work with 3.x.

Installing modules defaults to my 2.7 install. It took a bit, but I learned of the handy dandy python3-pip

%sudo apt install python3-pip

This installed a whole bunch of tools

%python3-pip install pyzbar

%yup nope...

Read a bit more

%pip3 install pyzbar

Voila! I think they say Python is all about simple. Yup

0 comments -- permalink


:~ yup
I understand your problem. I understand you understand your problem.

I understand you think giving you keys to the kingdom will solve your problem. It might.

Thing is, I don't know you. I dole out the keys to the kingdom and I need some info to get you a set of keys. The info is simple. If you don't want to pass it along right now please come back when you do.

I would rather the boss yell at me for not giving the keys and asking in a better way, then to be the security guy who gave the keys away because someone was loud.

0 comments -- permalink


:~ patience
I wish I had the patience of a two year old, even a six year old.

It's odd to think of the words patience and young child in the same sentence, but really, for all their outbursts, inability to sit still, and wanting more more more - the little things have more patience in them for one task then I seem to have all day.

My two year old spent five minutes working her hands to get a large screw in a peg. She didn't scream. She didn't throw anything. She concentrated and worked it through.

My six year old was working to measure out 5mL of water and was pouring back and forth for a good three minutes until he got it just right.

With the small hands, the height disadvantages we have to start giving them more credit.

When 30 seconds in I want to stick my hands in there and help that shows who the impatient one is.

If I just sit back and let it roll time and time again I will learn patience from them, rather then the other way around.

0 comments -- permalink


:~ dilemma
Iím looking at pictures of my kids mulling over how far I want to take the fight with an unreasonable angry boss. Itís a tough call.

0 comments -- permalink


:~ save some time
Maybe I shouldn't be so quick to wipe my OS and start fresh. But I do.

I am refreshing two boxes right now and to make sure I don't lose all the work I am doing studying for the OSCP I did my due diligence and copied over my Kali box to make sure it is good to re-import when I blow away the host for that.

To test though, I needed to put VirtualBox on the other refreshed machine so I can import, test that it boots and runs, then start that new host fresh.

sudo apt install virtualbox runs without a hitch

Import of the OVA --> checkbox number 2

Start HTB up... oh no! I need to install the Extension pack or disable things.

Okay, no biggie here. I did this once so I can do it again I tell myself. I also tell myself this will work well for my documentation talk I am putting together.

There aren't that many drop down menus to go through looking for the choice to install the Extension Pack. Well, I learn that is a leftover from VMWare player - not so lucky.

No biggie. Let's go to the VirtualBox web site https://www.virtualbox.org/wiki/Downloads -- Oh good, they are on V6.

v6 doesn't come with my distro, and doesn't update when I run to upgrade. The extension pack also doesn't roll very well with v5.

Check the USB drive with all the 'important' documents I would need. I guess I didn't think it that important.

Check the downloads folder on the other machine. Viola! It was still there.

Copy over, install, and all is golden.

Now, I will also link to a very important page I found when looking to write this up... The Virtual Box Older Builds page -- with such great things as binaries and Extension packs!


Hopefully this will save someone the 30 minutes I used to get it working.

Now, on to the original for bringing up the box -- to see how easy it is to get into my WifiExtender....

0 comments -- permalink


:~ documentation
I went to my first user group meeting last week. It was good to see (next time I need to meet) and listen to people talk.


It was brought up what talk should happen in the future. To get out of my shell I started to think of some ideas. What has stuck with me is documentation.

I have my way of documenting what I do. I also have my way of pulling out my hair to read my documentation to do things over and over again.

So, I am going to try to wrangle some things together, get my act together and do some documenting on documentation.

0 comments -- permalink


Page 1 of 36 [ > ] [ Last Page ]