Captured The Flag

Along with my friend eth3real (and some pitching in from our new friend Brian), we teamed up as DefCon828 and won the Capture the Flag contest at BSides Asheville today. The loot was some cool WiFi Pineapple gear.

Last month, Jess and I won 1st and 2nd place respectively at BlueRidgeCon. I do feel bad about missing out on the lectures, talks, and socialization at these awesome conferences, but I can’t stay away from the CTFs. It’s bad.

Using IFTTT to connect Reddit to Discord

I spent far too long this morning trying to get posts from a particular subreddit to show up in a particular channel on a Discord server I belong to. There was a lot of bad and wrong information out there on how to do this, and finding the correct way took me down many incorrect pathways.

The goal here is to set up the workflow like this:

Reddit post in /r/yoursubreddit > IFTTT applet > Discord webhook > posted to your Discord channel

Essentially, the Discord webhook is a very simple Discord bot that is fed content by IFTTT when someone posts to the subreddit of interest. The webhook takes that content and feeds it to the channel you desire.

For the record, this is the way to do it.

Prerequisites

  • A sufficient user role to edit the channel settings on Discord of the channel you want to post your Reddit content to.
  • Webhooks capability enabled for your Discord user role *and* for the channel you want to use. See here for more info on how to enable Webhooks.
  • An If This Then That (IFTTT) account.
  • Optional: an image/icon for the webhook. This will show up for the account that will be posting the Reddit post to your Discord channel. I used this one.

The Setup

Let me preface this by saying that these instructions were created using the desktop version of Discord and a desktop web browser. It may be a little more tricky on mobile, and what you see may be a little different, but perhaps not.

Create a webhook for your Discord Channel.

1. Go to the Discord channel you want to use and click the gear icon to Edit Channel:

 

 

 

2. Click Webhooks in the left-side menu, then click the blue Create Webhook button on the right.

3. Give your webhook bot a name such as “Reddit post bot” and select the channel you are having it post to.

4. This is where you can optionally upload an icon for this bot. This will show up as the user icon when this bot posts to Discord.

5. Copy the Webhook URL, or keep it handy, so that you can paste it elsewhere in a few steps.

6. Click Save.

Create an IFTTT recipe

8. Open your IFTTT account, go to My Applets, then click New Applet.

9. Click the blue “+this” to add the first action.

10. Use “Search services” to search for Reddit, and choose the “Any new post in subreddit” trigger

11. For the “Subreddit” field, enter the subreddit you want to use without the “/r/” in front of it. For example:

12. Click Create Trigger.

13. Now you should see something like the following:

 

 

Click the “+that” link.

14. This time, under “Search services,” search for “webhooks.” Select the result and click “Make a web request.”

15. Now you can paste the Webhook URL you created in Step 5 above into the URL field here.

16. For “Method” choose POST and for Application Type choose “application/json”

17. Here’s the crucial part. Under “Body” copy and paste this entire line of json code exactly as-is EXCEPT, change YOUR BOT’S NAME to the name you want to give this bot (such as “Reddit Feed Bot” or “Fred”):

Optionally, you can change the “I have received a new post!” text to anything you want to show up any time there is a new post to Discord from this bot. Leave all the rest of the code as-is.

18. Click Save.

That’s it! Any new posts in the subreddit you chose should now show up in the Discord channel you chose. Keep in mind that it isn’t instant. It usually take about 15 to 30 minutes for new posts to show up for me, for whatever reason. If anyone knows how to speed that up, please feel free to post the solution in the comments section below.

Enjoy!

Ghostery’s GDPR Privacy Fail

I guess, somewhere along the way, I had registered an account with Ghostery when I was using their privacy plugin.

Today, I got a GDPR update notification from them, along with a ton of other users. The thing is, they failed to use the BCC field when they sent the email, so everyone’s names and email addresses were exposed to everyone else.

I suppose they better practice their GDPR habits a bit harder.


 

What Note Taking App is Best for PWK and OSCP?

A very common question in OSCP student chat rooms and channels I hang out in is “should I be using something other than Keepnote?”

It is a fair question considering Keepnote is recommended in the PWK course materials. However, you may notice that it hasn’t been updated in over 6 years, and has actually been dropped from recent Kali versions. I have heard tales of OSCP students’ notes getting corrupted and lost, which is not a good situation to face when you are paying for limited time to complete the coursework (and exam).

If you are starting down the PWK/OSCP path, you will soon realize that you will need to take a lot of notes. Not just on the course materials, but on every exercise you do and every machine in the lab that you work on. This includes screenshots, copy-pasted output from nmap and other tools, and the specific steps you took to conquer a box (and hopefully the steps that didn’t work, from which you can reference in the future).

It adds up quickly, and it’s a challenge to keep straight as you hack away at box after box in the lab. Being a person that has kept a keen eye on note taking apps in general, long before I got my OSCP, I have some recommendations, with pros and cons of each.

In no particular order (see my Recommendations at the bottom):

CherryTree

Learn more and download CherryTree here.

The Good

  • Hierarchical (pretty much unlimited depth)
  • Free, open-source software for Linux and Windows. You *can* get this to run on a Mac, but it’s buggy
  • Highly customizable through preferences and templates
  • Imports notes from tons of places, does some good exporting too

The Bad

  • Can’t paste images from the clipboard directly into notes
  • Not the greatest at embedding files in general
  • Not easily synced between devices/VMs
  • No Mac or mobile device support

CherryTree is like KeepNote in many ways, but it is has many more features and is actively maintained. If you are going to be solely storing and referencing your notes on one machine (your host or Kali VM), use this tool. The template feature is really awesome, and it lets you create a new note based on a template of your design. This means you could create a template for Lab VMs that you can quickly populate with data as you work on a given machine. You could do something similar for PWK exercises. It should make reporting much easier.

Evernote

Download Evernote here.

The Good

  • Feature rich app, integrates with Web Clipper browser extension
  • Windows, Mac, iPhone, Android native clients with web version for Linux
  • Is modern and hip, if that matters to you

The Bad

  • Costs $ if you want it to be any good. Free features seem to be waning as they push people into paying for the service
  • Lacks true hierarchical organization (uses tags instead of folders)

My struggles with Evernote have been well documented on this blog in the past, but some people still swear by it, so I thought I’d mention it here. They do make ease-of-access a priority, and you can get to your Evernote stuff from just about anywhere. Using it is easy until you need to organize things with any complexity, and for the PWK labs, you’d have to be OK with using the #tags instead of folders.

Microsoft Onenote

Download Onenote from Microsoft here.

The Good

  • Feature rich app, integrates with Onenote Clipper browser extension
  • Free Windows, Mac, iPhone, Android native clients with web version for Linux
  • Free version is not feature limited (just space, which hasn’t been a problem for me)
  • Excellent hierarchical organization via notebooks > sections > pages > sub-pages

The Bad

  • Some people feel it has a bloated interface
  • Exporting notes can pose challenges with formatting if you stray outside the pre-made lines

After many trials and tribulations, I ended up going all-in with Onenote for PWK/OSCP, and life in general. The ability to create multiple, separate notebooks (and choose which ones you want to see on which devices) has been my favorite feature. I can separate work from life from projects from shared stuff this way, and I still have a good amount of hierarchical ability to organize things.

Your Favorite Markdown Editor

I see people profess their undying devotion to markdown when the note-taking discussion comes up in various OSCP forums/chats, and I respect their decision and desire for simplicity. However, the one feature I used most, and I can’t imagine living without in the OSCP course, is the ability to paste a screenshot into a note. I did this so much that it would have driven me crazy to have to do anything else, and with markdown, you have to do some form of “save image/reference image via text in the note/embed via some other mechanism”. There are extra steps involved, and you can’t easily do the copy/paste thing.

Clippers/Screenshot Tools

Speaking of screenshots and the need to embed them in your notes, there are several options I would recommend depending on your choice of note taking apps and the platforms upon which you use them. Here are my top three:

  • Snap ‘n Drag Pro (Mac only). Awesome customization options, ability to edit captures (add arrows/highlight/blurs), automatically adds to clipboard.
  • Skitch – If you use Evernote, use this (unless you are on a Mac, see above)
  • Shutter – Native Linux screenshot app

For PWK, I found the Evernote and Onenote clipper browser extensions to be limiting in that they only let you clip things from your web browser, when I needed to clip terminal output most frequently.

My Recommendations

Because I am primarily a Mac user, I need good support for screenshot pasting, and I prefer hierarchical note structure for organization, I went with Onenote and Snap ‘n Drag Pro for my PWK and OSCP work. I continue to use these two tools in my personal and professional life, too.

If I were not a Mac user, I’d go with CherryTree and Skitch.

Have any opinions or additional input about all of this? Let me know in the comments.

Windows Privilege Escalation (privesc) Resources

I have obtained a standard user account on Windows. Now what?

This is a common question I see people inquire about frequently on the Discord/Slack/Mattermost servers I hang out on. This includes people working on CTF exercises (Hack the Box), OSCP/PWK studies, and just pentesting in general. The answer, of course, is that you need to enumerate the system and find a way to become Admin.

The methodology for how you actually do this depends on a lot, all depending on your specific environment and circumstances.

Windows Privilege Escalation to the Rescue

Here are some useful resources on what to do next in your given situation, after you have succesfully exploited your way onto a Windows box, but before you have the system administrator role. I collected these links, snippets, and exploits during my OSCP studies, saving them in this massive OneNote notebook. Rather than letting them sit there where no one but me can access them, I thought I’d share.

Some of these get pretty detailed, and some of them have links to yet even more resources on this topic.

Have fun…this rabbit hole runs deep!

Privesc Resources

Elevating privileges by exploiting weak folder permissions
http://www.greyhathacker.net/?p=738/

Encyclopedia of Windows Privesc (video)
https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be

Windows Privesc Fundamentals
http://www.fuzzysecurity.com/tutorials/16.html

Windows Privesc Cheatsheet
https://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html

Windows Privesc Check
A script that automates the checking of common vulnerabilities that can be exploited to escalate your privileges:
http://pentestmonkey.net/tools/windows-privesc-check

Common Windows Privesc Vectors
https://www.toshellandback.com/2015/11/24/ms-priv-esc/

Windows Post-Exploitation Command List
http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf

WCE and Mimikatz in Memory over Meterpreter
https://justinelze.wordpress.com/2013/03/25/wce-and-mimikatz-in-memory-over-meterpreter/

Windows Privesc – includes tips and more resource links, on Github
https://github.com/togie6/Windows-Privesc

Do you have any Windows Privesc resources you think should go here? Comment below and I will add them.

Facebook, Privacy, and Staying Safe Online

Care about your privacy in the wake of all the Facebook news?

Switch to Mozilla Firefox as your main browser. It is now faster than Chrome or Internet Explorer, it uses less memory, and it goes a lot further to care for your privacy online and keep you safe. https://www.mozilla.org/en-US/firefox/new/

Use Facebook in a restricted container to prevent it from tracking you when you are not on Facebook: https://blog.mozilla.org/fire…/facebook-container-extension/

Install the uBlock Origin add-on for Firefox to prevent trackers, ads (which are in and of themselves trackers), malware, and other nasties from harming you online. https://addons.mozilla.org/en-…/firefox/addon/ublock-origin/

Install EFF’s Privacy Badger add-on for Firefox to prevent even more tracking that uBlock doesn’t necessarily cover. https://addons.mozilla.org/…/firef…/addon/privacy-badger17/…

This setup will not only help you keep Facebook at arm’s length, it will help you in general to avoid malicious advertisements, malware, ransomware, and various types of web browser hijacking while surfing the Internet. Of course, you can always choose to leave Facebook altogether with these alternatives.

Enjoy, and stay safe!