WSR: #7: January 31st - Feburary 6th 2022

SANS Masters, Domain Transfers, and Home Lab Shenanigans

Published: February 6, 2022

| Reading Time: 5 minutes

This Week’s Recap

This week was fairly light compared to last week (I really wanted to finish Spoofing Youtube For Fun And Profit: An Examination Of Punycode For Phishing). The most important thing I did this week was probably begin my masters program! Other than I’m planning on getting some of the backlog of blogs I’ve half written out the door at some point soon so be on the lookout for those.

1/31/2022

2/1/2022

  • Completed new student orientation for my masters SANS.
    • The new student orientation was much more informative than any college class I’ve ever taken. It answered all of my questions I had going into the program.
  • Its looking like the first class I’ll be taking is the GAIC Certified incident handler (GCIH)
    • Very excited to start this, will probably do a separate roundup at the end of each “block” to give my thoughts on the program.

2/2/2022

  • Heard back from Google that they did indeed want the domain used in Spoofing Youtube For Fun And Profit: An Examination Of Punycode For Phishing.
  • Went through the process to start transferring the the domain.
    • This is not something I’ve done before but it is fairly easy. Essentially you login to your registrar (route53), disable privacy guard, allow the domain to be transferred and wait a week

2/3/2022

  • Switched up my I3 workflow to include stacking mode
    • I3 Is a tiling window manager for Linux that allows you to do all window management via the keyboard. This is extremely efficient.
  • Stacking mode allows you to stack windows vertically and access them by pressing alt + j or alt + d. This way you can have multiple full screen applications without having to switch workspaces.
  • I might do a blog on I3 and detail my workflow after using it for about two years.

2/4/2022

  • Set up a remote VM for opening documents I don’t fully trust.
    • Ended up installing XFCE on a small EC2 instance that I can easily deploy whenever someone wants me to review their resume or has some other file they want me to open. Paranoid? Probably.
  • Started listening to Cult of the Dead Cow again. Started this last year but never finished it for some reason
  • Started creating my own enumeration scripts. Not nearly as useful as something such as linpeas, but satisfying to create your own.
    • I’ll post the full scripts on github when I’m done, but here is a quick sample
 1#! /bin/bash
 2
 3# Frontmatter 
 4black='\033[0;30m'        # Black
 5red='\033[0;31m'          # Red
 6green='\033[0;32m'        # Green
 7yellow='\033[0;33m'       # Yellow
 8blue='\033[0;34m'         # Blue
 9purple='\033[0;35m'       # Purple
10cyan='\033[0;36m'         # Cyan
11white='\033[0;37m'        # White
12nocolor='\033[0m'         # Text Reset
13blink='\E[5m'             # Blink
14halfline="${green}------------------${nocolor}"
15newline="${green}------------------------------------${nocolor}"
16
17# Get Arguments
18while getopts ":a:" opt; do
19    case $opt in
20        a)
21            echo -e ${red}${blink}"All Scripts are going to be run when enumeration is finished...${nocolor}"
22            sleep 5 
23            all=1
24            ;;
25        \?)
26            echo "Invalid options: -$OPTARG" >&2
27            exit 1
28            ;;
29        :)
30            echo "Option -$OPTARG requires an argument." >&2
31            exit 1
32            ;;
33        esac
34done
35
36
37
38clear
39# Grab basic system info
40echo -e $halfline${purple} Grabbing basic system info $halfline
41echo -e "${green}> whoami${nocolor}"
42whoami
43
44echo -e "${green}> Who is logged in?${nocolor}"
45w
46
47echo -e "${green}> Last 10 logins${nocolor}"
48last -n 10 | sed '/^wtmp/d' | sed '/^[[:space:]]*$/d'
49
50echo -e "${green}> System information${nocolor}"
51lsb_release -a 2>/dev/null
52
53echo -e "${green}> IP Information${nocolor}"
54ip a | egrep -A3 "^[0-9]" | awk {'print $2'}
55
56# Check history
57echo -e "${green}> Last 10 zsh commands${nocolor}"
58cat ~/.zsh_history| tail -n 10 | cut -d\; -f2
59
60        echo -e "${green}> Last 10 bash commands${nocolor}"
61        cat ~/.bash_history | tail -n 10 
62
63        echo -e "${green}> Checking for SSH commands in bash and ZSH history${nocolor}"
64        cat ~/.zsh_history | egrep "^ssh" | cut -d\; -f3
65        cat ~/.bash_history| egrep "^ssh" 
66
67        echo -e "${green}> Got anything to hide?${nocolor}"
68        cat ~/.bash_history | tail -n 100| egrep "rm "
69        cat ~/.zsh_history | tail -n 100 | egrep "rm " | cut -d\; -f3
70
71# Check users
72#echo -e "${green}> Users in system${nocolor}"
73#cat /etc/passwd | cut -d: -f1,7
74
75# Enumerate folders
76echo -e $halfline${purple} Getting home folders $halfline
77echo -ne ${yellow} ; ls /home/ ; echo -ne ${nocolor}
78
79echo -e "$halfline${purple} Last edited files in current user's home directory $halfline"
80ls $HOME -ch -lt -r | tail -n 10
81
82echo -e "$halfline${purple} Looking for backup files $halfline"
83find / -type f -name "*.bak" 2>/dev/null
84
85# check listening ports
86echo -e $halfline${purple} "Getting ports listening (non root)" $halfline
87lsof -nP -iTCP -sTCP:LISTEN
88
89echo -e $halfline${purple} "Checking /etc/hosts" $halfline
90cat /etc/hosts
91
92# Run aggressive scripts from -a
93if [[ $all -eq 1 ]]
94then
95            echo -e $halfline${purple}"Running ${red}ALL${purple} scripts"$halfline
96
97fi

2/5/2022

  • Redeployed linkding after borking my previous configuration.
  • Set up a 3TB fileshare onto my homelab that I can dump stuff onto as well as share files between my Linux/Windows OSs.
  • Helped a friend with their resume and set up linkedin. Might dedicate a short blog to this because its kind of confusing to newcomers.

2/6/2022

  • Published this blog :)
  • Installed a new NIC and CPU cooler so I can actually put the side onto my server case…
  • Giving away some PPA courses for free later tonight.

Have any questions

Do you have any questions? Feel free to reach out to me on twitter. See you next Sunday. :)