OSCP: level up irl, and other drivel

Long-ass fucking time. Quite honestly, I’ve been busy. Still am.

Quick update:

The electric death adder has been complete for some time, and is every bit as dangerous as one would expect. It can hit 20mph with very minimal effort on the riders part, and if you work for it, you know like if you were riding a fucking bike, you can hit 30mph.

Yea, death. More details on the beast in another post.

Zombie head, on indefinite pause, although I think about it from time to time, especially when I think about the Nvidia Jetson TK1 I got and booted twice. Fuck. $150 just sitting there depreciating. That board could be used for other interesting things though.. it’s basically a dumb computer strapped onto a decent video chip. Other things like, say, password cracking.

Yes, password cracking, which brings me to the latest endeavor that’s been a humongous source of effort and stress: The premier penetration testers training (hacking) and certification The OSCP.

The Meat:

The courses motto is “Try Harder”, and you better fucking believe it. I haven’t been this challenged by a subject in some time. Maybe ever.

As part of the course materials, you receive some training on exploit development on windows and linux (not in depth per-se, but you still have to manage register pointers in a debugger), sql injection, cross-compiling payloads and exploits, privilege escalation, service enumeration and identification, it goes on and on. It’s A LOT to take in. The saying ‘drinking from a fire-hose’ is aptly applied to the situation.

There’s lots of guys (and girls) out there that manage to get through the 3 months of lab time, crack all the boxes and get the cert in one go… but most of them seem to have already done a lot of work in the security arena already. Me, I started with a general interest in security I’m 6 months in and still don’t really expect myself to pass the exam this Sunday.

It’s very easy to see why, time. I just don’t/haven’t spent enough time in the labs working on this shit. Which, obviously, fucking of course, you need to do. Like anything, you gotta do it to do it.

I started out all fucking gung-ho and quickly realized the sheer scope of taking this on. You really learn about how operating system work, shit you never really thought about before, shit that’s critically important for security but is so often fucked up.

Update:

I attempted the exam, with worse than expected results. My inadequacies were brought into ultra-fine detail… I did not expect to pass, but I was not prepared for just how unprepared I really was.

Out of 100 points, 70 are required to pass and achieve the much coveted OSCP certification. I estimate, best case scenario, I got 20. Yea.

The upside though, I had a bit of a paradigm shift. Now it’s possible that through better habits and other shit I could have reached this new perspective, but then again, I don’t know. To reach a certain point you just have to go through the fuckery, gain experience and when the time is right the pieces that you’ve gathered can finally come together.

“Well, what the hell is that supposed to mean, Aaron? What the actual fuck does that vague platitudery supposed to mean?”, you might ask, and with good reason. Up until it was too late, I had been approaching the pentest, the systems in a certian way, with a certian mindset, focusing on the tools, frantically rabbiting around, bouncing around like a kid trying to do all the rides at the fair at the same time. OK, not that spastic, I had some method to my madness, but it lacked a process. I would forget to look at the big picture and end up in a rabbit hole. It is talked about a lot in the forums, and it is very easy to do, and can be hard to recognize when it’s happening. I would forget to take a step back and perceive the whole picture and enumerate. it’s an investigation, if you don’t have a good process for it, your data will be lacking and therefore the options.

Good shit.

I’ll be getting back into the fray yet again in a couple more weeks. A break has been very, very nice. Despite the definite burnout, this has gotten into my bones. I do this shit for fun now.

Don’t believe me? I started Diablo up the other night for some old fashioned monster killing, and ended up losing interest trying instead to get hashcat  working on the TK1 I picked up for the fucking zombie head. It was a smoking disaster of failed dependencies, sure, but I did that shit for fun. That little bastard WILL do hashes for me.

What did I learn about going into this again? Here’s my thoughts:

Fails:

  1. I over used the automated tools: metasploit, sqlmap. Good useful shit, but I need to go deeper, to.
  2. I moved too fast. Haste makes waste, your fucking grandma knows that.
  3. Shitty habits. I need more structured study times, better breaks, better rest.

Next time:

  1. Focusing on making or compiling each exploit. Making will endow a better understanding. Try harder.
  2. Priv-esc. This hurt me on the exam, try harder.
  3. Build out the local test tools. Set up a collection of linux and windows VMs for testing.
  4. Loot and collect from each machine. Where to look, what matters.
  5. Re-organize. My organization for an engagement can be better. It needs to be better than the fucking junk drawer in the kitchen.
  6. Better habits: Schedule study time and keep to it, regular breaks, meditate, exercise, no more fucking sleep deprivation.
Advertisements

THE DEATH ADDAH: aka The Bike Build

Death Adder?

So, I’ve got an Australian buddy who I met through work too many fucking years ago to admit, that started calling my bike “The Death Adder” (sounds like “death addah”). It started something like this:

“You always ride your death addah to work, mate?”

“Death adder?”

“Yea, your bike, man, even in this shit weathah?”

“Fuck yea, I always ride. It’s Seattle, the weathers the weather. What do you mean death adder, dude? That’s hilarious”

“Yea, well, that’s what me dad always called ’em. He was a cop, right? He said the best way to get proper fucked was to pedal around like an asshole on a bike and get hit by a cah. Death addah. Adds death. Or somethin’, fuck if I know mate. The Death Addah!”

IMG_20150409_214742
This POS.

“Work’s for me. The Fuckin Death Addah!”

I’ve had this bike for even longer than I’ve known my buddy. It has been a sturdy and reliable steed. Believe it or not, the first time I trained for the STP I did it on that fucker (with a set of slicks, of course). I mean 50-60 mile rides. It moves better than you’d think.

Clip shoes? Skinny tires? Special seat? Disk brakes? Poly-carbonate fairy-cocoon-silk frame? Get fucked man, this is the death adder.

So what?

So since having a kid, switching jobs, and buying a house in the shifty north end of Seattle colloquially called  Lake City, it had become unfeasible to pedal my fat ass to work everyday. Yea, I could do it, been wanting to honestly, but that ride will eat up AT LEAST 2 hours a day.

So what?

Well, I’m a selfish prick (sic). Since I really, truly, profoundly enjoy spending time with my kid (and wife, but she’s up late), I want to do it as much as possible. I really do. This includes time in the morning and time at night. And, since I am also a very lucky prick (job wise), I can. so I do.

Jesus! So. The. Fuck. What?!?!

OK, so I’m building an electric bike. The WHY being two things.

  1. I really miss riding my bike to work (and sorely need regular exercise)
  2. I need a short commute

I started researching a couple of months ago into the whole thing, and was pretty put off pretty quickly. Top speeds. Range. The sweet-baby-moses prices. None of it very encouraging.

The gig is, I’m looking at a 10-15 mile ride (routes need to be variable) one way, and right now, if I’m fucking on I can average 15 mph sucking water and power bars. Most of what I was seeing topped out at 15mph. Might make me sweat less, but the flat out fact is I need to be faster. And not spend 5k.

Honestly, mine is not a new story, just go to endless sphere and take a gander. Nah, you know what? Bullshit. The death-adder IS a new story. I’ll just be climbing up and over all the blood, sweat, tears, chemical fires, wasted money and sold souls of those before me. Hopefully.

I intend to, I am (the bulk of the parts are here already), going to change The Death Adder over to an electrified bicycle.

This is already happening. Money’s been spent. Fingers have been burnt.

A FEW WORDS

This should have been my first post, but I wanted to make sure I captured the current state of affairs, such as they are.

A friend and I were talking a few months ago when the idea of making an animatronic / robotic zombie head came about.

Well, really, it was Dan’s idea, but I was all over it.

Dan’s got a lot of artistic talent, so much so he pays his rent by “drawin real purdy”. I’ve seen some of the sculptures he’s done, and they are flat out amazing. Halloween is a major gig.

I’ve got a background in electronics and some coding skills, so together our overlap should make for one hell of a display.

What we’re aiming for:

  • Full motion head
  • Tracks peoples faces (looks at you)
  • Proximity sensor
  • Moans, groans, and other zombie sounds

I’ve already got a 16 servo control board for the project, so based on our progress we might include:

  • Moving jaw
  • moving tongue
  • moving eye(s)
  • head tilt

We’re hoping to have this bastard ready for Halloween, and with 6.5 months to go I’ve got a fair amount of confidence. (knock on wood)

Stay tuned, and hopefully through all the swears, complaining, and (yes) tears, something glorious should be birthed.

OpenCV sounds better, asshole

So after ordering the Pi2 I ran across a very nice walk through on getting OpenCV up and working on the Pi2 and the Pi1.

Click here for the gory details.

It’s a bit to read through,  but after reading it switching to OpenCV is the only way to go. Sure it takes about 12 fucking hours to compile on a Pi (whut? much quicker on a pi2), and using OpenCV increases the complexity of the code a bit, but holy shit, it runs fast.

Adrian over 3-17-2015 2-59-15 PMat pyimagesearch is getting 32FPS with facial detection on the Pi 2. Kickass. Going to the trouble of getting it working on a Pi1 seems like an unnecessary exercise in self flagellation so I’ll probably just wait for the new pi.

It got me thinking though, with that kind upfront cost getting the software going wouldn’t it be faster (and more edifying) just to figure out how to do it in a VM? I could fire up the latest pi image in a vm and crush the bits on my desktop…

http://www.raspberrypi.org/forums/viewtopic.php?f=5&t=5743

http://cronicasredux.blogspot.com/2011/09/installing-and-running-debian-armel-on.html

http://raspberrypi.stackexchange.com/questions/344/emulation-on-a-windows-pc

…and it actually doesn’t seem too god-awful. (the links are for getting this going in windows).

Famous last words.

With any luck the Pi will be here today and I can skip the unnecessary flagellation. The scrotal flagellation shall continue however.

Now that I’ve got some directions on getting the Pi software going in a VM, I’m just too damned curious to not try it out. It could be very handy in the future. You know, build up a custom Pi image on something with horsepower, then image it off to an SD card. We’ll see, we’ll see.

Raspberry Pi and SimpleVC

So I had to take a couple whacks at it, but it’s finally working. This all goes much smoother if you limit your alcohol intake prior to starting, BTW, but where’s the fun in that?

Anyways, the instructions they provide are close, but missing a simple (possible obvious) but crucial step. After following the instructions here, you *have* to runs apt-get update. Otherwise your fucked, and it won’t work.

To simplify:

  1. sudo apt-get install ipython python-opencv python-scipy python-numpy python-setuptools python-pip
  2. sudo pip install https://github.com/sightmachine/SimpleCV/zipball/master
  3. sudo apt-get update

That’s it. They really really do a good job of making this simple

Now I’m using a raspberry pi 1 B+, one of the first to roll off the line years ago, so the specs are what they are. The start time for the script is really long, and the frame rate (runningx) is pretty atrocious, like 1FPS atrocious.

Now granted, when this zombie head build is done, the board will be running headless, no desktop so we’ll save on some precious resources, but I’m very skeptical that even saving that will give us the speed needed to realistically track people. The thing would look like it’s a having a seizure. Like a poorly executed, hilariously botched, weak ass attempt. Probably be better off just leaving it a latex head.

Now, I’m just talking about grabbing a fucking picture from the camera… once I got the face tracking working the performance went to REAL shit. Like at least 10 seconds to process a single frame for a face.

Just, no. There is no fixing that. I love the Pi, but this is not gonna work.

Perhaps the Pi 2 will work. Faster procs, 4 cores and 1gig of Ram could really jazz the speed up. I’ll need to do multithreading anyways, definitely for sound, possibly for control (That remains to be seen).

It’s only $40 with shipping, so it’s worth a try. Worst case scenario I have 2 Pi’s collecting dust on my desk. If it’s unacceptable, it’d be time to really look around.

 I still do have a fair amount to learn about the computer vision stuff, how to tweak resolution, mess with color, etc. That all might have significant impacts on performance… maybe not.