Ruby Notes

This will encompass things that I find useful and end up looking up later when I haven’t coded in a while. File Operations Chmod file File.chmod(0600, file) Resource: https://stackoverflow.com/questions/22707040/change-permissions-of-file-in-ruby Move file without fileutils File.rename source_path, target_path Resource: https://stackoverflow.com/questions/403239/how-do-i-move-a-file-with-ruby Fix extensions not built errors Run this command: gem pristine --all Resource: https://stackoverflow.com/questions/48339706/ignoring-gems-because-its-extensions-are-not-built Multiline comments =begin stuff =end Resource: https://stackoverflow.com/questions/2989762/multi-line-comments-in-ruby Install specific version of a gem Install the bcrypt_pbkdf package that came before version 2....

November 30, 2018 · Jayson Grace

Kali Config

This encompasses the various things I do whenever I’m setting up a new Kali VM in Virtualbox. Proxy Configuration Configure proxy (if applicable) by inputting the required values into /etc/environment. It will probably look something like this: http_proxy=www.proxy.com:80 https_proxy=www.proxy.com:80 no_proxy=.proxy.com,localhost,127.0.0.1 Resource: https://askubuntu.com/questions/175172/how-do-i-configure-proxies-without-gui Config apt with proxy (if applicable): touch /etc/apt/apt.conf.d/95proxies Input the required values into this file. It will probably look something like this: Acquire::http::proxy "http://www.proxy.com:80"; Acquire::https::proxy "http://www.proxy.com:80"; Acquire::ftp::proxy "http://www.proxy.com:80"; Restart the server : reboot...

October 3, 2018 · Jayson Grace

PHP Notes

I’m not thrilled that I have to create this cheatsheet, but such is life. Embed HTML in php <?php echo "<p>Stuff</p>"; ?> Resource: https://stackoverflow.com/questions/18140270/how-to-write-html-code-inside-php Setup Debugger with PHP w/ PHPStorm and XAMPP Start out by installing phpstorm and xampp. Follow the process in here: https://www.techflirt.com/install-configure-xdebug-on-xampp-windows-and-mac/ For the above process, don’t forget to install xdebug for the version of php in xampp, and not the OS version: /Applications/XAMPP/bin/php -v Make sure you do everything in here: https://confluence....

September 21, 2018 · Jayson Grace

Burp Notes

Automatically change value of request parameter Go to Proxy -> Options Click Add under Match and Replace Specify the value to match and the value to replace, such as: Match: uid=bob and Replace with: uid=evilbob This can be done with regex if you’d like, for example: Match: ^Host: foo.example.org$ and Replace with: bar.example.org to rewrite the host header. Feel free to add a Comment: to lend it some context. Intruder Extracting useful info from responses Run your attack Find stuff you want to grep out Click Options Go to Grep - Extract Click Add Search for the item you want to grep out, click the > to highlight it Make sure the Start after expression and End at delimiter match a pattern that will consistently get you the data you want Click OK Clear out the other columns you’ll see by clicking the Clear button under Grep - Match Click the Results tab, observe the item you wanted to grep as a column Export output to excel Click Save -> Results table Specify the columns that you want in the document, and click Save Resource: https://security....

August 16, 2018 · Jayson Grace

Apple Notes

Keyboard Shortcuts There are many useful keyboard shortcuts that I’ve come across over time, and I try to include them here so they don’t get forgotten. DevTools keyboard shortcut COMMAND+SHIFT+I Resource: https://developer.chrome.com/docs/devtools/shortcuts/ Open Finder OPTION + COMMAND + SPACE Resource: https://www.howtogeek.com/661251/how-to-open-finder-with-a-keyboard-shortcut-on-mac/#:~:text=Luckily%2C%20you%20can%20open%20Finder,window%20for%20quick%20file%20searches. Open Spotlight COMMAND + SPACE Maximize window COMMAND + TAB to highlight the minimized window you want to maximize. Before releasing the COMMAND button, hit the OPTION button (ALT on a windows keyboard)....

July 28, 2018 · Jayson Grace

Burp Extension Development

Thanks to Al for helping me to compile this. General For debugging (and modularity in general), be sure to separate out your logic from the file with the BurpExtender class, which is what Burp needs for the thing to work. This file should be stripped down to the bare essentials. Jython Install Jython obviously. You’ll find classes you can import from Burp’s extender tab. To import a class, use from burp import <name_here>...

July 19, 2018 · Jayson Grace

Splunk Notes

URI Path for web application If you want to look at the information associated with a specific uri path for a web application: sitetolookat.com sourcetype=<the sourcetype you have for web stuff> url="/uri/path/file.php*" Add image to dashboard <dashboard> <row> <html> <h1>HTML Panel Example</h1> <p>The HTML panel displays inline HTML.</p> <img src="picture.jpg"/> </html> </row> </dashboard> Resource: https://answers.splunk.com/answers/136162/add-picture-to-dashboard.html View internal splunk logs index=_internal source="*.log" Resource: https://answers.splunk.com/answers/575570/where-can-i-find-the-internal-logs-in-the-splunk-5.html tail -f functionality After running a query, be sure to change the Presets for real-time to a window, such as a 5 minute window to show all events that match the input criteria in the past 5 minutes....

July 19, 2018 · Jayson Grace

Metasploit Cheatsheet

Setup the Database service postgresql start kali msfdb init Test it: msfconsole db_status You’ll know it worked if you see [*] postgresql connected to msf. Resource: https://docs.kali.org/general-use/starting-metasploit-framework-in-kali Troubleshooting database connectivity issues Start by restarting the postgres service: service postgresql restart If that doesn’t work, try destroying and recreating the database: msfdb delete msfdb init Then test it: msfconsole db_status Resource: https://stackoverflow.com/questions/32561760/metasploit-cant-use-default-msf3-to-connect Meterpreter Get current user info getuid View running jobs Useful if you’re running something with exploit -j -z...

July 13, 2018 · Jayson Grace

HashiCorp Vault Research

Nice introduction: https://mycodesmells.com/post/introduction-to-vault Fun write-up: https://www.davidbegin.com/cubbyhole-backend-and-response-wrapping/ Token info: https://www.vaultproject.io/docs/concepts/tokens.html Cool dev implementation series with OSX and lastpass: https://blog.alanthatcher.io/fun-and-profit-with-vault-2/ https://blog.alanthatcher.io/fun-and-profit-with-vault-part-2/ https://blog.alanthatcher.io/fun-and-profit-with-vault-part-3/ Single-use implementation: https://www.slalom.com/thinking/managing-secrets-using-hashicorp-vault How-to on Ubuntu: https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04

July 2, 2018 · Jayson Grace

Golang Notes

Installation Ubuntu dl_link='https://dl.google.com/go/go1.15.7.linux-amd64.tar.gz' wget -c $dl_link -O - | sudo tar -xz -C /usr/local echo "" >> ~/.bashrc echo '# Golang exports' >> ~/.bashrc echo 'export PATH="$PATH:$:/usr/local/go/bin"' >> ~/.bashrc echo 'export GOPATH=$HOME/go' >> ~/.bashrc echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc source ~/.bashrc # Test: go version Resource: https://golang.org/doc/install MacOS Install it: brew install golang Add the following to ~/.zshrc: export GOPATH=$HOME/programs/go # Set GOROOT since we're using brew export GOROOT="$(brew --prefix golang)/libexec" # Add go to PATH - so we can run executables from anywhere export PATH="$PATH:${GOPATH}/bin:${GOROOT}/bin" Resource: https://medium....

June 18, 2018 · Jayson Grace