I spent far too long trying to enumerate this one… But I learned a good deal about a system I’ve never touched before which is always a good thing. Once I got a foot hold the rest was fairly quick to fall into place. Overall I liked it. Will be putting together a walk through video of this one for sure.
Hacking things is an amazingly fun past time. But also maddening sometimes. It’s now hours 8 of trying to crack “Postman” on HTB. I know what I need, but can I figure out how to get that thing? Nope. But, like most of the things I do, I’ll keep going because I know at the end it will be worth it. That feeling of accomplishment is like nothing else. This thing isn’t going to solve itself so back to work!
So I’m working on a VM that looks to be exploitable via image upload.
It’s running apache and php, and has a custom made “upload image” form that leaves the images in a gallery. Should be easy enough, even for someone as inexperienced as me.
Well, today I learned not to use _halt_compiler() in an image based reverse shell attempt when I accidentally crashed PHP. Once the image was uploaded it instantly crashed all pages that load that image. DOH. As an upshot, I suppose this proves the PHP code is working though. Back to it.
If you’d like to try an attack like this, there’s currently on on Hack The Box I believe.
In this tutorial we will cover installing i3-gaps, the urxvt terminal emulator, feh, wal, and rofi. It’s assumed you went through part 1. If not, you may want to go read that now.
I’m not a fan of re-inventing the wheel. There’s a wonderful how-to for installing i3-gaps on Ubuntu that works well for Kali. Head over and follow it, then come back… Done? Great. Now reboot. At the log in screen enter the username, then after hitting next you’ll see a gear.
You’re now logged into the i3 window manager. This is a different world than most window managers. You will be very VERY well served by learning the basic commands and what they do. Take a few minutes to go over the i3 Reference Card and learn how to open up new terminal windows.
So you have probably noticed the ugly red error message by now. That’s a result of the I3 Status bar being referenced, but not installed. There are several options available for status bars (the i3 bar, polybarm lemon bar, etc.) in this series will just add the basic status bar for now. Maybe the polybar later. We’ll see.
So go ahead and open a terminal window with (usually by hitting [alt] + [enter]) and entering the following command: apt install i3status. Once that’s done log out ([alt] + [shift] + [e]) and back in. You should now see the red/white/green status bar. i3 is now ready to go in its most basic form.
Replace the default console app with URXVT
The default terminal doesn’t offer much flexibility so I like to replace it. My terminal of choice is URXVT. Install the URXVT terminal by running apt install rxvt-unicode.
Take a Snapshot!
Things are about to start getting messy. Snapshot now or proceed at your own peril. 😉
Make i3 the default terminal
I’ll assume you know how to edit text files in Linux. If not, here’s a link to using vi. I won’t lie though, if you are trying to Rice Kali Linux, and you don’t know how to edit a text file, I genuinely wonder how you ended up here. 😉
Anyway, edit the i3 config file which is ~/.i3/config. In there, find the line “bindsym Mod1+Return exec i3-sensible-terminal” and replace it with “bindsym Mod1+Return exec /usr/bin/urxvt”. Once it’s saved exit out of all terminal windows and reload the i3 config by pressing [alt]+[shift]+[r].
Remove the URXVT Scroll Bars and Apply Transparency
Create the file ~/.Xdefaults, and in it enter the following line to get rid of the scrollbar and apply transparency:
URxvt*scrollBar: false (NOTE THE CAPITAL “B”!!!)
Install feh to Add a Wallpaper
Download a wallpaper you like, and save it somewhere easy to access.
(I’ll leave how you download it up to you…) I usually put it in /wallpapers and name it wallpaper.png or something similar. Install feh by running “apt install feh” Once it’s done edit your ~/.i3/config file to add the line exec –no-startup-id feh –bg-scale ‘/wallpapers/wallpaper.jpeg’ You now have a scaled background each time you log in. That said, the text is kind of an odd color. Let’s fix that.
Install and Configure PyWal
Running feh without pywal can make for some ugly (and possibly unusable) color schemes for the terminal. To fix that we use PyWal. Install Python3-pip by running “apt install install python3-pip”, then install pywal running “pip3 install pywal”. Once that’s done, add the following lines at the end of your .bashrc (according to the documentation you should put this in the .i3/config file but it NEVER LAUNCHES FOR ME!!!)
wal -i /wallpapers/wallpaper.jpeg
Tighten up Those Gaps!
The tutorial is good, but I prefer a smaller gap.
So edit your ~/.i3/config file and update the following lines:
gaps inner 10
gaps outer 0
We made some serious progress here. We installed i3, the i3 status bar, URXVT, feh, and PyWal. We also configured some transparency and colors. Stay tuned for Part 3 where we’ll dig a little deeper and install rofi, polybar, and other fun stuff!
Spent a few hours addressing some odds and ends today. Got the “enter” key working from CLI entry textbox. It now actually runs the command when you hit enter, then clears the entry textbox. I also added a CLI command to display the LCD Address. SHOW-LCDADDRESS is working as expected.
I made the LCD settings variables. (address, total rows, total columns). This was done just as a best practice to facilitate easier use of different LCD’s later.
The functions in the Arduino code were moved around into a more logical sequence. Doesn’t affect code flow, but does affect readability.
So as this project has grown I’ve started to see memory warnings in the IDE. “Low memory available, stability problems may occur.” Didn’t think too much about it until today when I kept running into weird issues where stable code just wouldn’t run correctly. For example, the printNextline() would only print half the output of the line (WTF?) and the parseAndExecuteCommands(). After spending an embarrassingly long time picking through the code looking for the problem I decided to actually the shiny new Mega 2560 I bought the first time I saw the command and put that baby into production.
Learned the Mega is not a straight pin-for-pin match of the Uno. Mega has a SDA/SDC pins (Sweet), and for whatever reason the LCD2004 has a difference address on the Mega than on the Uno. 0x37 and 0x3f respectively. That said, after I got the conversion done it’s running smoothly again.
Badstore was quick and easy. Just as expected. But I’ve pretty much exhausted all the things to find/do. Time for another box to play with.
I found a couple of nice ones by ismailonderkaya: BTRsys v1 v2.1. We’ll see where this takes me.
It’s one thing to intellectually understand that the world is constantly attacking every address on the internet. It’s another to actually be able to visualize the data and see it. For fun I have been forwarding all of my inbound traffic logs to Graylog, and have enabled the Geolocation features. I never expected Seychelles to be one of the top sources of inbound traffic, but it is. Of course the usual suspects show up. Russia, southeast Asia, etc. But there is SO MUCH traffic from that tiny little island. Just an interesting observation.
Just playing around with some basic stuff. BadStore is ludicrously old, but it’s like playing the original Mario. Still fun. There’s just to many little things to play with. MySQL, XSS, form validation failure, SQL injection. I recently set up a retropie box for similar reasons. Having fun.
Spent this morning trying to get the Inject_CA module to work properly (or at least properly as I see fit). It is successfully inserting the key in to the registry, and reports success, but the actual certificate isn’t showing up in the Certs MMC. If I don’t see it there, then I have to assume it’s no actually loading properly. Nothing useful from Google so far. Well persistence will hopefully pay off, because this one is too useful to pass up.