tag:or1equals1.posthaven.com,2013:/posts ' OR 1=1 -- 2014-04-29T16:58:51Z Moonwalk Cowboy tag:or1equals1.posthaven.com,2013:Post/684000 2014-04-29T16:58:51Z 2014-04-29T16:58:51Z Git tip #1: Removing a directory

I work with git fairly regularly for my day job. I was in need of removing a directory that the CMS uses for caching objects for which there was no need to version control. I discovered that the best way to accomplish the task is the following command: 

The -r command removes the directory in question. Specifying --cached ensure that you don't remove your working copy. Instead it removes the directory from git's index. Without that flag set, git would flat out remove the directory/file from the system entirely. 

Ryan Bentz
tag:or1equals1.posthaven.com,2013:Post/610158 2013-10-17T23:42:22Z 2013-10-18T16:23:01Z Passed the CEH exam yesterday

Yesterday, I passed the CEH certification exam. 

Big woop, right?

Well, it was for me. Mainly because I'm not a sysadmin. Nor am I an IT guy. My college degree was in journalism (public relations, actually) and for my day job I'm a web designer, developer and marketer (if that's even a thing). And for that, I was self-taught. Friends of mine in college decided they didn't want to help a local business with their website anymore and asked if I was interested in helping. To which I (ignorantly) said yes and proceeded to teach myself how to do it. I've been doing that ever since.

I became interested in all things "cyber" at a job I held a while back. I was the webmaster for a Seattle-based security company. Even though I'm just the web guy, I really like to get to know the subject matter and the audiences that are consuming the information. As I started down the security rabbit hole, I realized that it was a subject area that I could be passionate about. 

As many infosec professionals do, I began building my pen testing lab at home, playing with firewalls, participating in CTF events, playing war games just to get my hands dirty and to learn. That's how I learned web development. Why not security? 

And then a project came along that was tangentially related to the stuff I had started doing as a hobby. I had the opportunity to help on a project for DARPA around Plan X.  

So I started devouring every book, blog post, Linux image, article, CVE and tweet that I could. Learning more about this world and how the sausage was made. I know I'm barely at the tip of the iceberg at this point, but that's okay. I'm excited to continue on. 

The CEH exam

The exam itself wasn't very difficult. 150 questions, 4 hours, passing score of 70%. I didn't have any trouble passing, even though I was entirely self-study. My main focus going forward will likely be in the world of web app security, mainly because I have a head start on that already being a web dev so it seems to be a natural fit. However, I've heard that, regardless of what are of security you're planning to go, the CEH is a good cert to get when you are early in your security career.

For preparation I used the following:

I have to say that I felt like the test covered a fraction of what I studied and did in my labs. But if the function of a test is to get you to learn lots of different things that may or may not be in the actual exam, then it worked just fine. 

What it did cover (that I can recall anyway):

  • Ports & protocols
  • Botnets
  • SQLi
  • MAC flooding
  • ARP spoofing
  • Outsider/insider affiliates/associates
  • Multi-factor authentication
  • MAC spoofing
  • Snort rules
  • Wireshark filters (based off hex, what tcp flags are they looking at?)
  • Three-step handshake
  • TCP/UDP per protocol
  • SQLi
  • Buffer overflows
  • Malware encoding
  • Steganography
  • Encryption and its relation to wireless
  • XSS
  • SQLi

Probably my #1 gripe with the test is that the quality of the writing/proofreading (translations??) left something to be desired. Sometimes I wasn't sure if they meant to word one of the choices differently or if there was actually a typo in the question... I was left scratching my head on more than one occasion. If there are misspelled or questions with typos in them and then you ask a question about code syntax, how do I know if the syntax was intentionally incorrect or if it was just a typing mistake?

I've heard this from other CEH candidates as well. 

Nonetheless, I'm pleased with my certification and look forward to the next step. GCIH, anyone? 

Ryan Bentz
tag:or1equals1.posthaven.com,2013:Post/618877 2013-08-12T21:18:12Z 2013-11-12T22:18:24Z Bandit Level 7 - OverTheWire

More file attributes to use with find. Again, pretty straight forward. Just have to know which flags to set.

You can see that there's a snazzy little 2>/dev/null at the end of the line. This isn't specific to the find command. The 2 represents the Linux error stream. Basically we're telling it to take any errors that might result from the command and make them disappear into the /dev/null ether. Try the command without it and you'll see a bunch of permission denied errors. You just have to wade through those to find the file you're looking for.

Ryan Bentz
tag:or1equals1.posthaven.com,2013:Post/618873 2013-08-12T21:00:10Z 2013-11-12T22:00:29Z Bandit Level 6 - OverTheWire

This one is fairly similar to the previous example. The file size is the dead giveaway though as we run a find through all of the subdirectories. 

Moving on...

Ryan Bentz
tag:or1equals1.posthaven.com,2013:Post/618856 2013-08-12T20:21:51Z 2013-11-12T21:28:25Z Bandit Level 5 - OverTheWire

Time to pick up a new command! Turns out in this wargame, the password is in the only human readable file in the directory inhere. No problem, if you know how to use file. It goes like 

Note that I used the -i parameter to display the full mime-type. This makes the output a little more verbose than without providing you with the charset and mime-type. 

We have our password. Now on to the next level.

Ryan Bentz
tag:or1equals1.posthaven.com,2013:Post/618854 2013-08-12T20:03:32Z 2013-11-12T21:30:47Z Bandit Level 4 - OverTheWire

The password is in a hidden file in the inhere directory. 

And that's it. The key here is to use the -al parameters for the ls command. The a tells the command to not ignore file names beginning with a period(.). The l tells it to use the long list format. I find that I like this format by default most of the time because it reveals permissions, ownership and whether or not we're dealing with files or directories (among other things). 

And now for the next level.

Ryan Bentz
tag:or1equals1.posthaven.com,2013:Post/618850 2013-08-12T19:55:17Z 2013-11-12T21:31:54Z Bandit Level 3 - OverTheWire

The password is located in a file called "spaces in this filename" in the home directory. This is a trivial problem if you know about tab complete. I remember years and years ago when I first learned about tab complete when I just started working with the command line. It's a life saver. The resultant output from this solution ends up looking something like this:

How you get there is entirely up to you. You can either chose to type out the entire file name with the escape backslashes character by character. Or you can simply type "cat spa" and then just hit TAB. Voila.

On to the next level...

Ryan Bentz
tag:or1equals1.posthaven.com,2013:Post/618363 2013-08-11T20:42:35Z 2013-11-12T21:38:50Z Bandit Level 2 - OverTheWire

Level 2 introduces you to dealing with dashed filenames. Since command parameters are often denoted with a - or -- trying to follow the usual pattern of <command> <file_name> when <file_name> is a - will only yield issues. So here's the quick and dirty way to deal with it.

 And we've done it. Moving on to Level 3.

Ryan Bentz
tag:or1equals1.posthaven.com,2013:Post/618354 2013-08-11T20:35:04Z 2013-11-12T21:39:26Z Bandit Level 1 - OverTheWire

I love wargames. They're a great way to learn independently and give you the chance to try things out in a guided/organized way instead of just fumbling around in your own lab at home. 

OverTheWire's Bandit is basically their entry level set of wargames to get you familiar with basic commands and concepts when it comes to ethical hacking. 

Over the next while I'll be posting solutions for each of the levels to Bandit. I'll also move on to the other wargames after. Some of them I've done. Others, I have not. So I'll be learning at the same time. 

Level 0 → Level 1

The first task is straight forward. It's essentially a matter of ssh'ing into the box and reading the password in plain text. 

 We have the password. Time to move on to Level 2.

Ryan Bentz