A new twitterbot

So I got a little bored the other day and decided I needed something to do. I so happen to see a story about someone creating an amazing twitter bot which would troll the evangelist Joel Osteen. Essentially this bot would get his latest tweet, and re-tweet (under the account Joel Dongsteen) the the post. This is fine and dandy, only it would edit the tweet. It would look for the word “God” and replace them with the words “Your dick”.

After laughing pretty hard for some time, I decided I wanted to make something similar and publish the code, so anyone could troll whomever they wish.

So I created a quick python script (which is still under development) to do just this. I havent fully tested it quite yet, but I am sure it wont take long to get running 100%

Joel Dongsteen’s twitter feed is here
https://twitter.com/JoelDongsteen

The link to my gitub twitter bot is here
https://github.com/jasonbernier/twitterbot

Enjoy!

PHPMailer-Checker python script for the phpmailer exploit

With the new phpmailer exploit, which provides remote code execution, that was released a few days ago, I decided to create a simple python script called phpmailer-chcker. I released this to check for the vulnerable versions of the phpmailer application. I’m sure ill make it easier to use in the future, but its a start for now.

The vulnerability and exploit was discovered by David Golunski

The original full advisory can be located here
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

PoC Video:
https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html

Disclaimer:
For testing purposes only. Do no harm.

It can be found here.
https://github.com/jasonbernier/phpmailer-checker

CompTIA Security+ CEUs

CompTIA Security+ CEUs

A quick overview of the CompTIA Security+ CEU program

So today a coworker was working on getting his administrative accounts setup. Part of the process to get the accounts created by our help desk is that you have to have a current, the keyword being current, Security+ certification offered by CompTIA. My coworker was unaware that CompTIA had changed its program which now requires that certification holders complete CEUs in addition to paying a yearly maintenance fee. After looking at his certification he discovered that he would have to take the exam all over again in order to be compliant to receive his administrative accounts. Was he ever mad. He just assumed that since he has one of the good for life certifications that he would be “good to go”.

This got me thinking that I should probably check my account standing since it has been a while since I have submitted any CEUs. So I head on over to CompTIAs website at https://www.certmetrics.com/comptia/default.aspx and of course I discover I have some catching up I need to do. After logging in I find that I can write a blog of no less than 500 words about the Security+ certification and receive one CEU for this action. Score! So here I am writing about this experience, trying to catch up on CEUs, and of my coworkers experience.

For those that also hold the Offensive Security Certified Professional (OSCP) certification, it does not count for CEUs under CompTIA’s program. I have not reached out to EC-Council yet. Hopefully it does so that I can knock those CEUS for the year out of the way as well.

Some other items you can submit CEUS for are as follows:
(Note that this isn’t a complete list)
Write a book
Publish a blog
Publish a white paper/Article
Work experience (once per year)
College courses
Other certifications.

Since I completed my Master’s degree this year, I was able to add the last two courses I took to get me 20 credits toward my 3 year goal of 50 CEUs. Each one of the graduate courses I finished this year gave me 10 CEUs per class.

So now I am almost half way toward my goal of 50 CEUs. I may have to go and take the CASP exam sometime soon. If you are able to pass an exam equal to or higher in regards to difficulty, it would give you the max amount of CEUs. This means that if you have Security+ and pass the CASP exam, you would be all caught up on CEUs for Security+. However, you would still have to do the CEUs required for the CASP exam, which I believe is a lot more.

The point of this program is to ensure certification holders are staying up to date on security and are staying aware of the latest types of attacks and ways to mitigate those attacks. I do wish that CompTIA would be more accepting of other certifications (like the OSCP) so that the time I spent on that course and exam would also give me CEUs for my other certifications such as Security+ and CEH.

 

Try Harder! My Penetration Testing with Kali Linux OSCP Review and course/lab experience

Try Harder! My Penetration Testing with Kali Linux OSCP Review and course/lab experience — My OSCP Review

Introduction:
Obtaining the OSCP certification is a challenge like no other. After my experience with the OSCP exam and course from Offensive Security, I decided to go ahead and write an OSCP Review. I decided to take the OSCP course and exam in September 2014 after seeing some fellow members of a forum I frequent quite a bit (www.techexams.net) state that they were taking it soon. This is a course and exam I wanted to tackle as I have a passion for IT security. I figured why not sign up as the same time and compare notes etc with like minded people, and make the process easier.

So I signed up, for the 90 days, and a week later, I was sent the introduction email with all the information I needed to connect to the Offensive Security labs via VPN, IRC information, login information, and forum information.

About me:
I have about 20 years of combined IT experience. I have two MCSEs, two MCSAs, MCITP:VA, VCP5, Security+, CEHv7,  RHCSA, a BS in IT security, and I am finishing up my Masters in Applied IT with a concentration in Applied Cyber Security.  I currently work for Lockheed Martin as an Active Directory Engineer on a government contract.

The course:
When I first signed up for the course, I quickly went through the manual and videos that included with the email once you start the course. A lot of the information I was already familiar with as I had to review a lot of it for the CEHv7 certification. As we all know the OSCP exam and course are very technical and very hands on. The CEH is pretty much all about theory and multiple choice questions. I was glad to take a course that not only talked about tools, but how to use them, and why they are used.

So when I first started the course, I was very motivated. The very first day I was in the labs, I was able to knock out 3 servers with very minimal effort. At this point I am thinking to myself, this is too easy! That is, until I met “sufference”. Over the course of the next month or so I was able to get to about 20 servers. As I said in the beginning I was super motivated, but as time goes on, I was losing interest, and just simply didn’t have the time.

Sufference
As I said, I thought I this course was too easy at first, and I was able to knock out server after server. That is until I met sufference. This is where I lost a lot of motivation. I believe I spent 3 weeks alone on this beast of a server. It demotivated me and made me feel like a child who just had his ice cream money stolen by Vic the bully down the street. I spent hours a day on this server alone obsessing over it. I decided to come back to it. So I move on to some other challenging servers and I am able to root them and get some of my confidence back.

I decide to go back and kick sufference right in the teeth after this. I do a lot of googling, AND I MEAN A LOT, and finally I find a way in and get a limited shell! Great! Half the battle has been won! This is not enough for me, I need to make this server my bitch and show it who’s boss. Yeah… not so much. Again I decide to regroup and move on…. maybe the answer will come to me. I pop a few more servers (at this point I am close to my 90 day point. I HAVE TO OWN THIS BEFORE MY LAB TIME IS UP!  One more attempt I tell myself.

I finally come across something that clicks for me, and I have one of those AH-HA! moments. Its something I should have seen sooner… but for some reason I did not, and stayed ignorant. I finally found the answer, and I was able to root sufference after nearly 3 months! My motivation and confidence have been renewed.

/sufference

I decide to extend for another 30 days. I only have about 30 servers owned at this point… and I hadn’t unlocked any of the other networks. I can do better. So I renew and I decide my new goal is to at least get into the admin network. After a lot of time spent in the labs and researching exploits etc, I had finally learned how to pivot into the admin network. Thank you proxy chains! I was able to get all of the servers in the IT network, and all but one in the admin network. My time was almost up in the labs, so I decided to go ahead and book the exam. I felt I was ready and could do this.

The Exam (part 1):
The exam is a 24 hour challenge. This means that you have 24 hours from the time the exam starts to try and compromise the servers assigned to you in the exam. Additionally you have another 24 hours after that to write your report and send it in for grading. You are graded on your report alone, and you HAVE to complete this in order to pass the exam. You are also encouraged to submit a lab report documenting your efforts in the lab. You may get extra points for this should you need them on the exam. This is all explained in the exam email.

I booked my exam for a Saturday evening starting at 5pm.  The email comes right at 5pm. I connect to the network, look at the exam guide that is provided and start working. In the first hour I had managed to root 2 servers. I felt like I was on a roll, and that I was going to end this beast early. Not so much.

After the first two, I didn’t get anything on the next three servers for the next 12 hours. Nothing. Zilch, Nada! I was deflated and dumbfounded. I figured I should take a nap and come back to it. Maybe I am just exhausted and needed some rest. I take a 3 hour nap and come back. This is what I needed. In the next hour or two after that, I had 2 more limited shells. I couldn’t escalate. I tried until the bitter end. At the end, I had two fully compromised hosts, and 2 limited shells. Would this be enough to pass the exam?

Turns out it wasn’t. I got the email Tuesday afternoon stating I hadn’t passed.

I will NOT be defeated!

The Exam (part 2):
I decided to extend my lab time for another 15 days, and book the exam 2 weeks after I had failed. I decided to concentrate on privilege escalations since this is what I was felt I was weak at. I spent the next couple of weeks working on that as well as buffer overflows. I really didn’t too much in the labs, except maybe a few servers I may have missed in the public network. I just really wanted to work on escalations. Turns out this was a smart move on my part.

This time I book the exam for 10AM. Again the email comes, along with the exam guide and instructions to connect in. Away I go. Again, I get the first 2 servers in the first hour. I don’t get a head of myself and just keep plugging away. I start on the next server and it falls in the next hour. By the 5th hour I had 3 full compromises and 3 limited shells. I KNOW I have passed at this point, by the amount of points I will be awarded based on the exam guide. Again… this is not enough for me. I have to prove to myself that I can TRY HARDER!

I do just that.

After 6 hours in the exam, I feel like I am done. 4 full compromises out of 5, and the last server I had a limited shell. This should have been about 90 points. I am satisfied but tired. I was smart enough to document everything as I went, so I only had to spend another hour fixing up my report. I sent my report to the offsec team, and walked away from my computer like a boss.

OSCP Passed!

 

Wrap up:
This is by far the most challenging and rewarding course and certification I have ever taken. I respect anyone else who has the guts to take this on and succeed. It truly shows you know your stuff in this field.

I sent off my report Saturday evening around 4-5PM. I got the response this morning (Monday Feb 23, 2015) that I had passed the exam. I am elated that this challenge is over and I was able to overcome it. I tried harder when it mattered most and I was able to accomplish what I set out to do.

I am now an Offensive Security Certified Professional because I tried harder!

My OSCP Review

I can not say enough good things about the OSCP course and exam. I was challenged and I learned a whole lot more than I thought I would about security and penetration testing. I hope that the OSCP will gain more recognition by companies. The OSCP is the certification I am most proud of by far.

Time to update the old resume to reflect the new OSCP certification!

 

Resources:
Some resources I used for this challenge:
http://www.fuzzysecurity.com/tutorials/16.html
http://pentestmonkey.net/category/cheat-sheet/shell
https://github.com/GDSSecurity/Windows-Exploit-Suggester
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
http://www.offensive-security.com/metasploit-unleashed/Main_Page

I also read the hackers playbook, the Metasploit unleashed book, and the Penetration Testing book by Georgia Weidman.

These are all very good resources.

Thanks to all those who helped me and pushed me when I needed it, especially all the other people who have written an OSCP review to help others.

More information about the OSCP and PWK can be found here:
https://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

Additionally the offsec admins can be contacted via IRC at irc.freenode.net #offsec

If anyone feels wants to talk or has any questions, feel free to connect to irc.osswg.com #oscp
I will not give any hints or answers, but I can try and answer any other questions pertaining to the OSCP. Good luck to anyone wishing to take on the OSCP course and exam. After you pass the exam, write your own OSCP review!

OSCP Challenge

I have decided to take on the OSCP (Offensive Security Certified Professional) course and exam.

I decided to tackle the OSCP exam, and make a project out of it.
This thread will be used to document my experiences with the course leading up to the exam.

Course information:
Penetration Testing with Kali

Penetration Testing with Kali Linux (PWK) is an online training course designed for network administrators and security professionals who need to acquaint themselves with the world of offensive information security. This penetration testing training introduces the latest hacking tools and techniques in the field and includes remote virtual penetration testing labs for practicing the course materials. Penetration Testing with Kali Linux attempts to simulate a full penetration test, from start to finish, by injecting the student into a rich, diverse, and vulnerable network environment.

Penetration Testing with Kali Linux is an entry-level course but still requires students to have certain knowledge prior to attending the class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. This course is not for the faint of heart; it requires practice, testing, and the ability to want to learn in a manner that will grow your career in the information security field and defeat any learning plateau. Offensive Security challenges you to rise above the rest, dive into the fine arts of advanced penetration testing, and to Try Harder™.

Certification information:
OSCP

The Offensive Security Certified Professional (OSCP) is the world’s first completely hands on offensive information security certification. The OSCP challenges the students to prove they have a clear practical understanding of the penetration testing process and lifecycle through an arduous twenty four (24) hour certification exam.

The OSCP exam consists of a dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the examinee submitting an in-depth penetration test report of the OSCP examination network and PWK labs. The coveted OSCP certification is awarded to students who successfully gain administrative access to systems on the vulnerable network.

Completing this course will allow me to validate my knowledge, as well as learn a lot more. This will be one of the toughest courses I have ever taken.

I am positive that I can complete this challenge and concur the exam.

I will do my best to update this fairly regularly to document my experiences and challenges while going through the course and the exam.