[blog] Python CMD and Argparse Part 1
The CMD Module The cmd module is a really cool tool for Python development - it provides a lightweight wrapper for an interactive command-line interface. It’s quick and easy to add basic commands to your program, and you can give help messages using nothing more than function docstrings. Here’s an example:
from cmd import Cmd class Shell(Cmd): prompt = "\nshell > " def do_exit(self, _) -> bool: """Exits the cmdloop.""" return True def do_print(self, arg: str): """Prints your message.
[blog] Creating A Hugo Site
Installing Hugo If you’re running Debian or Ubuntu, you can just install the hugo package with apt. Check the link to determine exactly which version this will install - it varies based on Sass/SCSS support. I’ll be installing from source, which requires Go version 1.11+.
To install, it’s as simple as cloning the repository and installing it via Go.
git clone https://github.com/gohugoio/hugo.git cd hugo go install –tags extended Creating a Site To create a new site, use the command hugo new site <name>.
[writeups] TyphoonCon 2021 Impasse
Description: When I was doing a pentest on a given target, I found this page. I think it’s vulnerable, but I’m not good at PHP, are you?
Difficulty: Easy
Recon When you visit the site for the challenge it brings you to a page titled “Printer”, with an input bar and a checkbox for a debug option.
When I enter input and submit the form, it runs an HTTP GET request with echo ‘{my-input}’ as the value for the print parameter.
[writeups] Admirer
Admirer required lots of enumeration, and was more challenging than most other easy boxes for this reason. I explored several services before arriving at the vulnerability in Adminer, a web-based database management system. I abused the local file read vulnerability to get credentials for a user on the box, and was able to SSH as that user. I then found a vulnerability in the sudoers configuration, which allowed me to build a malicious shared library and execute it with another command as sudo.
[writeups] Remote
Remote was an easy Windows box that involved some research into the Umbraco CMS, and abusing access to an NFS share. Escalating privileges required enumerating services on the box and modifying settings to inject commands. I went the standard route using common tools such as Nishang and PowerSploit for PowerShell.