Generating Shellcode and Getting Root in Heath Adam’s Practical Ethical Hacking course on Udemy.
1.5 hours of work on the Scoring Poker Hands project in Simply Scheme. Produced functions to deal with hands produced by matching ranks. Next session I plan to develop a function to sort the ranks into appropriate order and then score flush hands. Finally I can produce a master function that will be able to determine the value of any given hand.
Reread Chapter 2 of Simply Scheme for review.
I was being driven crazy by the system beep tone whenever I accidently
entered an invalid keysequence or tried to tab to a file that didn’t
exist. I am running Kali Linux with the XFCE desktop. To turn it off, you
can open a terminal and enter:
xset -b. To permanently turn off the tone
I created a startup program by going to Settings Manager -> Session and
Startup -> Application Autostart ->
+ Add With the settings:
Name PC Speaker Off
Trigger: on login
vim command of the day:
% is used to jump to a matching parenthesis,
square bracket, or curly brace, the start or end of a C-style comment,
as well as other matching keywords/conditionals if they are specified in
freeCodeCamp’s Responsive Web Design Certification Adjust the Margin of an Element → Improve Compatibility with Browser Fallbacks
Worked through HTB: Lame without metasploit as OSCP practice. I ended up writing my own python script for, though it looks a lot like other available ones, though I wrote it for python 3.
A few further notes. An important part of the script is assignment of the shellcode with the call:
userID = "/=` nohup " + buf + "`"
There are two important things about this. The first does not actually
directly relate to this call itself but rather the msfvenom payload
buf. You need to be sure to delete the
b at the
beginning of each line that will tell python that it is byte code. By
removing this, python reads the line as a string and can therefore
concatenate it with the other strings you have supplied. The second is the
nohup which is a linux command for “no hookup”. As best I can
tell, this is because we are trying to run our code between entering the
logon userID(which is what contains our code) and the system asking for
a password. To get the required time, we provide this command, which then
lets our other code run in the background. I will also include a few
resources that I read through after running through the box as much on my
own as I could: