prof_dev4.sh

#!/bin/bash

echo "Humility is a top quality"
echo ""
echo "No individual knows everything and there is a 100% chance that in the past and in the future, we have/will said/say something wrong, incorrect, or abrasive to someone else. In this moment, remember humility."
echo ""
echo "It is OK to be wrong and make mistakes both professionally and personally and in fact, we can use them to our advantage when we admit that we were wrong. As Dale Carnegie says in his book, 'If you are wrong, admit it quickly and emphatically'."
echo ""
echo "For some reason, some people refuse to admit they were wrong. They refuse to admit they are wrong about reports, wages, resumes, and big and small decisions alike. In my experience, the damage comes from hiding, re-framing, or ignoring mistakes; the damage does not come exclusively from making mistakes."
echo ""
echo "You should always strive to be better, make fewer mistakes, and accept responsibility for the mistakes you do make. No matter which mistakes you make, admit you were wrong and be better in the future."
echo ""
echo "Embrace your humility and accept responsibility for your mistakes and definitely your successes!"
echo ""

echo "Try using this tactic this week and let me know how it goes by commenting on this post, or sending me a tweet @anorblet"
echo ""

echo "Check out more posts at professionalhackerdigest.blogspot.com! Hack Responsibly, Hack Professionally"

prof_dev3.sh

#!/bin/bash

echo 'What is in a name?'
echo ""
echo "Interestingly enough, EVERYTHING! People love hearing their own names. It's a sweet note in their ears, soft touch on their skin, and a warm bite of food in their mouths. Everyone loves to hear their own name."
echo ""
echo 'Make a genuine effort to remember peoples names when you meet them because it can and will pay dividends 100x over in the future. Clients will warm up to you faster if you greet them after a week by saying "Hey John, how was the weekend with the in-laws?" rather than "Hello again, lets jump into business".'
echo ""
echo 'When I first learned this trick, I struggled to use it because I thought it was ridiculous. I thought that people would either like you or not like you and that was just the hand you were dealt. Eventually, I combined remembering names with smiling and it was incredible how many MORE people seemed to be genuinely pleased to see me.'
echo ""
echo "This is not a panacea for the jackasses, the jerks, or the rudest people; everyone has to deal with their reputation. This is also not foolproof, not everyone will like you and that is OK. This tip is meant to increase and build upon your desire to develop professionally."
echo ""
echo 'Use this tip regularly until it becomes second nature and watch the scales slowly tip in your favor when meeting and remembering new people, clients, supervisors, investors, friends, or anyone else.'
echo ""
echo "In conclusion, the simple act of remembering names will help you in the future. I can't tell you how, where, or to what end but, I would not doubt for a second its usefulness."
echo ""

echo "Try using this tactic this week and let me know how it goes by commenting on this post, or sending me a tweet @anorblet"
echo ""

echo "Check out more posts at professionalhackerdigest.blogspot.com! Hack Responsibly, Hack Professionally"

prof_dev2.sh

#!/bin/bash

echo 'Three Meeting "Hacks"'
echo ""
echo 'I was lucky enough to participate in a meetings course recently and there were three main points I took away from the course'
echo ""
echo 'Main point 1: Every meeting needs an agenda'
echo 'Main point 2: Every meeting needs an outcome or decision'
echo 'Main point 3: Every meeting needs a parking lot'
echo ""
echo 'Every meeting needs an agenda so both the attendees and the meeting host know how the meeting should be progressing. In addition, it helps keeps everyone accountable for the initial time table set for the meeting.'
echo""
echo 'Every meeting needs an outcome or a decision to be made otherwise, why else would you have a meeting? This outcome or decision can be as simple as "Everyone is informed of a new product" or as complicated as "We will decide on the number of hours, pay rate, and quantity of interns for the next 7 years". This is also how anyone can determine the success or failure of a meeting.'
echo ""
echo 'Lastly, every meeting needs a parking lot. A parking lot is a separate place (paper, whiteboard, notebook, etc) for ideas that aren't directly relevant to the meeting but, shouldn't be forgotten. For example, if you are talking about the budget in a meeting and an idea for a company picnic comes up, put that idea in the parking lot. This keeps the meeting on topic and allows for everyone's ideas to be heard. Don't underestimate the effectiveness of this idea!'
echo ""

echo "Try using this tactic this week and let me know how it goes by commenting on this post, or sending me a tweet @anorblet"

echo ""

echo "Check out more posts at professionalhackerdigest.blogspot.com! Hack Responsibly, Hack Professionally"

prof_dev1.sh

#!/bin/bash

echo "The best way to win arguments, is to avoid them."
echo ""

echo "One thing I see A LOT is arguments where people are just shouting at each other. Sometimes they have differing opinions, and they should be discussing them, and other times they are just yelling to be heard."
echo ""

echo "Everybody wants to be heard."
echo ""

echo "If an argument is unstructured, aggressive, switching from non-personal to personal attacks, or downright silly, see if you can't isolate who is trying to be heard in this argument and what they are trying to have heard."
echo ""

echo 'Quoting How To Win Friends & Influence People and quoting Benjamin Franklin within the book, "If you argue and rankle and contradict, you may achieve a victory sometimes; but it will be an empty victory because you will never get your opponents good will."'

echo ""

echo "Look for ways to agree, hear your opponent, acknowledge what they are saying but, most importantly, avoid arguments in the first place."

echo ""

echo "Try using this tactic this week and let me know how it goes by commenting on this post, or sending me a tweet @anorblet"
echo ""

echo "Check out more posts at professionalhackerdigest.blogspot.com! Hack Responsibly, Hack Professionally"

Shell Scripting Professional Development Tips

Good afternoon everyone,

This week I decided to release a daily shell script/blog post with a professional development tip. The idea is that you can read the blog post here and you can copy the text and run it as a shell script on your linux distro as a reminder. Set it as a cron job or run it when you need it. Show it to your friends and coworkers! 

I will be releasing the first one today immediately after posting this and they follow the naming pattern of prof_dev{number}.sh. Enjoy all week long and check back often to see updates!

-Hack Responsibly, Hack Professionally

My OSCP Story

Good evening,

I'm going to deviate from my normal professional development and technical discussions to talk about an accomplishment I'm rather proud of, I passed the OSCP test! For those of you who don't know what OSCP is, check out the website here: https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

First I want to say that this blog is completely my own opinion and does not accurately reflect the views of any past, present, or future employees nor does it represent the views of the Offensive-Security team.

I started the course, Penetrating Testing with Kali Linux (or PWK), at the end of July with 60 days access to the lab. I think, given my background, this was sufficient time but, the amount of time you should purchase DEFINITELY depends on your background. Do not let the price tag fool you, the extra time you spend studying and learning will definitely help you pass the exam. The lab is full of machines with many different configurations, operating systems, and vulnerabilities that you, as the student, need to figure out how to exploit. Some exploits will land you on a root shell immediately and some will only land you with a low-privilege shell. If you have a low privilege shell then you need to escalate your privileges to root or Administrator (Linux vs Windows).

There are something like 50 virtual machines in this practice lab and the learning opportunities are figuratively unlimited; there is typically more than one way to exploit most systems. Rumor has it that if you are able to exploit every box in the public network (there are other hidden networks) except for Pain, Sufference, and Humble then you're good to go for the exam BUT there is no proof to this and the amount of learning required to pass the exam is different for everyone.

The exam consists of 5 boxes of varying points values and students need 70/100 points to pass the exam. So now I'll give my experience with the labs and exam.

My PERSONAL experience with the labs was awesome. I loved exploiting every single box and with every successful exploit I felt like I understood the process, exploits, and methodology just slightly better. I think I ended up exploiting around 30-35 of the available boxes (life got in the way of the rest of them) but, the most important thing for me was to understand the methodology. I really started to understand how Remote File Inclusion/Local File Inclusion (RFI/LFI) exploits were used, I really understood what to look for with privilege escalations. I became more familiar with metasploit. I was able to understand and modify exploits for my own use when necessary. These and other skills are explained in the course material but, its up to you to take those examples, do them, understand them, experiment with them, and master them to be used during the lab and on the exam. I can't believe it took this long to mention it but, you will learn to "Try Harder" in this course. One common misconception, in my opinion, is that the course material is everything you need to pass the exam. This is both true and not true. It is true that you have every tool you need to exploit any machine. It is not true that you know how to use each and every tool exactly as necessary to exploit any machine. When you are frustrated, angry, and all the admins will say is "Try Harder", take it to heart and try harder. You will be so glad you did.

Now, for my exam story. I thought I had scheduled my exam for Friday Sept 30th at 5am. When I woke up to take the exam, I never got the email so I contacted support. They had no record of my registration and even though I was frustrated, I scheduled my ACTUAL exam for October 3rd at noon. I spent the weekend playing around with virtual machines from VulnHub just to whet my appetite for the OSCP exam. Monday comes around and I get up, get ready, and at noon I get the exam email with my connection details. I spun up my PWK virtual machine and it would not connect to the internet. WHAT. I tried to configure the virtual machine adapters and it wasn't working. So, after 15 minutes, I got my laptop, which was conveniently also running Kali Linux, and I was able to connect to the exam network and start my exam. I looked at the point values for the machines and started with the lowest valued machine to get in the swing of things. I was able to exploit the first machine in about an hour. BOOM 1/5. I then moved onto the next machine and after about three hours I got the second machine completely. BOOM 2/5. I worked on the third box and after another three hours or so, I got the next box. BOOM 3/5. I was feeling really good but I didn't want to get cocky or disheartened; I wanted to maintain a level, calm, focused attitude. So, at this point, it's about 7-8pm and I continued on the fourth and fifth machines and by 2am, I had a low privilege shell on the fourth machine. I slept from 2am to 6am and got up, took a swig of mountain dew, and brewed some coffee and got back to work. Well, little did I know, my laptop had updated and crashed and would not boot into the graphical UI. So I switched back to my desktop and spun up a new Kali virtual machine and was able to continue the exam. I had a low privilege shell on the fourth machine and I could not figure out how to escalate. I searched and searched until I finally was going through the output of a tool and saw something I had missed before. It basically said, in a very inconspicuous way, "you might want to check this out?" Well THANK YOU output. Way to not draw attention to something I'm looking for. Anyways, I was able to use this to finally escalate my privileges on the fourth box and get proof.txt. Thus, I had four out of five boxes completely compromised with one hour left in the exam. I tinkered with the last box and found a vulnerability but could not even get a low privilege shell. 4/5. Not bad at all. According to the scores I believed I had passed but ultimately Offsec had the final say. I contacted the admins and told them of my technical difficulties and they were willing to work with me but, I was able to get the screenshots and data off my laptop using recovery mode and then I wrote up the report.

Well, today I got the email! "We are happy to inform you..." I had successfully completed the exam and I am officially OSCP certified. I laughed and cheered and told my family and friends that I had passed that 'super hard, 24-hour, hacker exam'. The best part about this exam was the hard work. This exam meant so much to me because of how much effort I put into this course and exam. I spent over 100 hours learning and practicing this material. I don't regret one single minute of it and I can't wait to start the Cracking The Perimeter course and get the OSCE next.

A Pretty Cewl Post

Hello everyone,

I have been MIA for quite awhile so as a welcome back post, let's talk about a CEWL tool. Cewl is a custom wordlist generator that comes standard with Kali. The idea is to use this tool to create a wordlist from a website that could be used for cracking passwords. In addition, this tool can also grab email addresses to be used as usernames. So, let's walk through this tool!

Before we start, this post is for educational purposes only and I, as the author, do not condone the usage of this tool for any malicious purposes. In addition, this post does not reflect the views of any of the author's past, present, or future employers. 

The basic usage of Cewl looks like this:

Just from typing in www.google.com, cewl produced a list of interesting words that could be used as passwords. So what else can we do? We could rank the most commonly found words.

Let's see what cewl can really do...let's see the counts of words, let's write the results to a file, let's find any emails lying around, and let's parse any metadata for www.sans.org (Google didn't return any interesting results...lame).

As you can see I had to try a couple times to get a good example to show you guys but, from this information we can see some keywords usable for passwords (although not very good in my opinion but, there are better ones further down in the list). We also got some emails; we can use these to seed reconnaissance searches, or use as 'from' addresses for a phishing campaign. Lastly, we know someone named 'Lynn' worked with some of the documents Cewl was able to find.

Reconnaissance is not a sexy part of hacking but, the more information we can gather the better campaign we will have. When gathering information make sure you are professional; some information when gathered and put together can be quite sensitive to people, companies, or other concerned parties.