IOS Pentesting Cheatsheet

Jailbreaking At the time of this writing, only up to version 12.1.2 of iOS can be jailbroken. While it is theoretically possible to downgrade the version, it is a giant hassle and I was not able to find a fully working solution over the span of several hours of research. Save yourself some time and just get a phone with an older version of iOS. Jailbreak using Chimera Following the instructions on here: https://cydia-app....

September 7, 2019 · Jayson Grace

VSCode Notes

Symbols to keep in mind ⌘ is the command key aka the windows key ⇧ is the shift key ⌃ is the control key ⌥ is the alt key Switch between windows On Mac: ⌘ tab number For example: ⌘2 Resource: Markdown This extension is great, install it: Show preview of MD file On Mac: ⌘⇧V On Windows and Linux: Ctrl Shift V Extensions via command line List existing extensions:...

August 23, 2019 · Jayson Grace

Chef Notes

Chef Server Download On Centos 8: CHEF_SERVER_DL= INSTALL_DIR=/home/admin wget $CHEF_SERVER_DL -P $INSTALL_DIR Installation sudo dnf localinstall -y $INSTALL_DIR/chef-server-core-14.1.0-1.el7.x86_64.rpm Configuration Start by setting the following variables to correspond with the commands below: USERNAME="chefadmin" FIRST_NAME="Chef" LAST_NAME="Administrator" EMAIL="" KEY_PATH="${HOME}/chefadmin.pem" ORG_NAME="myorg" ORG_FULL_NAME="Organization Inc." VALIDATION_KEY_PATH="/etc/chef/myorg-validator.pem" Install Chef server and automatically accept the license: sudo chef-server-ctl reconfigure --chef-license=accept Show status of server sudo chef-server-ctl status Create new user The key at ${KEY_PATH} will be used by a workstation at a later time....

July 18, 2019 · Jayson Grace

Frida Cheatsheet

IOS List running applications: frida-ps -Ua Run a script on a plugged in phone (and spawn the application): frida -U -l <script>.js --no-pause -f <application>

July 16, 2019 · Jayson Grace

Google Dorks

Find instances of a string in a site intext:"penetration" Find all pdfs in a site filetype:pdf Resource: Search for emails in xlsx files intext:@<domain> filetype:xlsx Search for subdomain takeover reports on h1 intext:"subdomain takeover"

May 24, 2019 · Jayson Grace

Google Search Analytic on a Ghost blog

Add google site verification Go to register your site Easy way: Go to /ghost/##/settings/code-injection, and paste the code you’re given from the google site into the Site Header, click Save. Hard way: Go to your theme Open default.hbs Paste the code you’ve been given under the <head> area Add google search analytics Go to to register your site Easy way: Go to /ghost/##/settings/code-injection, and paste the code you’re given from the google site into the Site Header, click Save....

March 1, 2019 · Jayson Grace

GDB Notes

Compile This will compile in debug mode and include symbols gcc -ggdb cprog.c -o cprog Load exec in gdb gdb ./exec Set breakpoint on main b main Show instructions for main function disassemble Show all functions info functions Show all variables This will only work if the program is compiled in debug mode (with symbols) info variables List breakpoints i b Break on a specific memory address b *0x8048417 Show register values i r Show multiple register values i r ebp esp View value for a particular register String value:...

February 26, 2019 · Jayson Grace

Puppet Notes

Modules Install module on Puppet master /opt/puppetlabs/bin/puppet module install <name of module> Uninstall module on Puppet master /opt/puppetlabs/bin/puppet module uninstall <name of module> Resource: List installed Modules puppet module list Resource: Show module path Run this on the puppet master: puppet config print modulepath Resource: Change module install path By default, puppet module install installs modules into the first directory in the Puppet modulepath, which defaults to $codedir/environments/production/modules....

February 18, 2019 · Jayson Grace

Packer notes

Installation on Ubuntu 20.04 curl -fsSL | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install packer # Verify it works packer Resource: File transfer This snippet will move a directory called scripts into the /tmp directory of the AMI being built. It will then run an ls -l on /tmp from within the AMI being built so that we can see that the directory transferred as we expected it to....

December 14, 2018 · Jayson Grace

Ansible Notes

Installation on Centos 8 sudo dnf makecache sudo dnf install -y epel-releasesudo dnf makecache sudo dnf install -y ansible Resource: Build Control Node I used an Ubuntu 20.04 instance for this. While I do provide installation instructions for Red Hat, everything is focused around Ubuntu. If you want to use another OS, you’ll just need to change the commands for installing and the username (ubuntu). Create SSH key for management ssh-keygen -b 4096 -f ~/....

December 7, 2018 · Jayson Grace