Visual Portfolio, Posts & Image Gallery for WordPress
During some recent work, I’ve had the need to automate a large number of Google searches for further analysis. Lamprey is the result of that effort and it is shared here in the hope it might be useful for someone else.
Date 5 years ago
Views 162 Views
Reading Time 2 Mins Read
Player guide for Artificing, a new system which I have developed for the Dark Age Ultima Online shard. This expands the previously existing crafting and magic systems to allow players the ability to customise their gear further, as well as providing long-term incentives in the PvE realm.
Date 5 years ago
Views 168 Views
Reading Time 4 Mins Read
An interesting box sitting on the ELK (ElasticSearch, Logstash & Kibana) stack with a slant for the CTF side, but a very good introduction to those technologies.
Date 5 years ago
Views 179 Views
Reading Time 5 Mins Read
Despite the “Easy” tag, La Casa de Papel was an elaborate box. A vulnerable service leads to an unusual, limited PHP shell which allows us to generate our own signed certificates to access a specific part of the site. From there, a local file inclusion lets us acquire SSH credentials and then escalate to root via a misconfiguration.
Date 5 years ago
Views 168 Views
Reading Time 8 Mins Read
A fairly straightforward machine, Lightweight lets us explore an insuficiently secured LDAP environment, where we intercept credentials by listening in to the network device. It also leads down the path of Linux capabilities, to find an openssl binary which can do far more than it should.
Date 6 years ago
Views 170 Views
Reading Time 3 Mins Read
Motivation With my laptop being more of a coffee table which can be moved rather than a portable device (with a comparable battery life), I was wondering if it was possible to get a Linux distribution running on my Android phone, a Huawei P10 with Oreo 8.0.0. This article tries to unify all the various sources I’ve had to use to get this to work and hopefully it will be of use to someone else, either as-is on a Huawei P10 or as a base for a similar device. Backup the device The process we’ll be undergoing will cause the contents of the phone to be wiped, so ensure that you backup your phone. The Huawei backup is more thorough than Google’s, so grab Huawei’s HiSuite, connect your phone to the computer via a USB cable and perform a backup. We’re about to flash the phone and this is not without risk. Don’t proceed if you’re uncomfortable with this and potentially with voiding your warranty. Setting up the Android Debug Bridge (ADB) On the Huawei P10 Go to the Settings application. From there, go to the System submenu and then to About. Tap the Build number option 7 times to enable the Developer Mode. You’ll get asked for your PIN after the 7th tap. Back in the System submenu, at the bottom, you’ll have a new Developer Options. Ensure these options are on: Enable OEM unlock and USB debugging. When asked, allow USB debugging from the PC you’re connected to. On the PC We will need to download the Android Debug Bridge, which you can get from Google’s repository. Once you extract the ZIP file, open a command line and navigate to the extracted folder. You should see your Huawei P10 listed if you run the following command: adb devices Unlocking the bootloader Before we can root the phone, we need to unlock the bootloader. This used to be fairly straighforward: Huawei provided a webpage where you could request the unlock code. However, the company has changed tack and decided to stop providing these codes (“to provide better user experience and avoid issues caused by ROM flashing”), which makes the whole process considerably more awkward: we’ll have to hit the grey market. Begin by downloading DC-unlocker, which we’ll use to extract the bootloader code. This is unfortunately not free, you will need to buy 4 credits (USD$ 4.00) to be able to do this. You can create your account and purchase the necessary credits from this page. In DC-unlocker, login with your credentials in the Server tab and set Select manufacturer to Huawei phones. Follow the instructions at the bottom of the program to enable the Manufacture mode before performing the automatic model detection. Once the exact phone model has been detected, go to the Unlocking tab and select Read bootloader code. You should see something like: =================================================================== Reading bootloader code… Bootloader code : 8297165235###### =================================================================== Now that you have the bootloader code, it is time to make use of the Android Debug Bridge we’ve set up earlier. From the command line, run the following command and wait for your phone to reboot: adb reboot bootloader Once you’re in the bootloader, you can finally perform the unlock operation: fastboot oem unlock code_you_got_from_dc_unlocker Rooting the device Normally we’d look at getting something like TWRP as a custom bootloader as a step to root our phone, but the Huawei P10 isn’t a supported device. After some trial and error with various experimental bootloaders, I’ve found one which successfully rooted it rather than leaving the phone on a reboot loop. Boot the phone into the bootloader once more via adb reboot bootloader Download FHMate10Tool (made by FunkyHuawei and meant for the Huawei Mate 10, but works just as well with the P10). Extract and launch FHMate10Tool.exe. Choose option 1, Root your Mate 10. This will reboot your phone twice, after which it will be rooted. Your phone’s drive will be wiped in the process. Restore from backup At this point you can restore your previously created backup, getting your Android environment up and running once more. You will also have to disable system updates by going to Settings, then System update and from the top right menu, Update settings. Turn off Auto-download over Wi-fi. Otherwise you will be asked to apply an update which will actually reset your device and strip the root rights, forcing you to go through the rooting (and wiping!) process once more. Installing Kali Start by downloading Linux Deploy from Google Play into your phone. When you launch it, you should see something like this: When you press the bottom right icon (Properties), set the following parameters: Distribution: Kali Linux Installation path: /storage/emulated/0/linux.img Image size (MB): 8gb (can be changed later) User name User password SSH: Enable Then press the top-right icon and select Install. The process should take between 10 and 15 minutes, assuming a good connection. Bringing it all together Now that we have Kali up and running, we can connect to it via SSH, either from a different device or from the mobile phone itself. I’m currently using ConnectBot to connect to Kali. I’ve also purchased a Limxems folding keyboard, which connects to the phone via Bluetooth. Of particular note is that it has an in-built shelf on which the phone can sit, effectively creating a mini-laptop with an excellent battery life. Install tmux and you’re good to go. With the base Kali installed, I recommend against installing any of Kali’s metapackages as these are all sizeable and the Huawei P10’s storage space is limited. Additionally, the metapackages will bring quite a few packages which require a graphical user interface and although it is possible to VNC into Kali, you’ll definitely run into storage issues. Some packages also do not exist for AMRv7, e.g. burpsuite or hashcat. For wireless tools such as aircrack-ng, you’ll need an external wireless device, as the wireless chip in the P10 does not support monitor mode. I’ve only been using this setup for a few days, but I’m using it to tackle some of the boxes in hackthebox.eu and it has been working quite well.
Date 6 years ago
Views 179 Views
Reading Time 4 Mins Read
Work in progress
To top