life status == good to go despite OSCP

Sharing a little bit of Canada

So I thought, if you read my blog, you must care a little about the blog/or me in some way.
As such i thought I would share some really great news for me. I will give a little background on my life so that you can gain some insight into how awesome this news is for me.

I grew up in a town in Australia, my Mother had came from England when she was around 14ish. Her parents having living through the bombing of London decided it would be a great idea to move somewhere else.

As such I have grown up with no traditions or culture except catching up with family for birthdays. Huge hey! No pasta days or Chinese New year traditions. As such I have never felt a need to travel to England let alone around the world. So I have never been to a German Oktober Fest **I have been told off by the missus that it is in actually fact in October... ah well** , which I have learnt is not actually in October… The first time I went overseas, the first time I actually left Australia was with my partner. We visited her home country of Canada, it was amazing, I realised there was another world out there and was like hmm this is actually fun, prior when people went overseas I was like “meh.

and the news is

Now I am at a company that is global, the missus is moving back to Canada to finish postgraduate study, and and… I have the chance to transfer to the Canadian office! Mind you Canada is a bit bloody big, So to the West side of Canada! How awesome is that!
I have just submitted my working holiday visa, it takes about 8 weeks, but hopefully, fingers crossed and all they accept it!!
I am moving to Canada !! woooo.. thanks to my beautiful partner wanting me to come with her! hahaha

Update on OSCP

So if you follow me on twitter (if not add me yo, its on the right) you will know that I have begun OSCP.
I am not very far in, 2 days. But I have already got up at 6am two days in a row to do an hour of the coursework prior to work! I can say its a b!tch to get up at that time, I spent 15mins trying to focus on the screen, but it is fun and so worth wild! I feel like an athlete forcing them to do something for their future fitness, but its for my future brain and career!

I cannot comment on the labs yet, as I have only connected and run and nmap scan and followed some of the bash scripting from the course work. Sorry, but I think they will be awesome!
I have been following the videos, and they are great, easy to follow. I have since learnt from my friend Riley (do not have twitter so cannot @ you/him) that the pdf has exercises I need to complete. So I will go back and do them!

In conclusion

Life is pretty good right now aye! I will keep you all update on if that changes, hope not! I mean.. Updated on OSCP cause that’s all you peeps want hey!

Catch,

Live Writer + Visual Studio + Python Module + Blogger == win

print "hello this module is working"

print "hello this module is working"

Dragging myself kicking and screaming through OSCP

So hi, I am one of those that have signed up for the Penetration Testing with Backtrack Course, which allows one to attempt to pass and exam in the hopes of gaining the OSCP certification…

 

Many try, many fail, many more fail I think… But don’t let that scare you off, I am sure you can Google enough information to defer your enrolment that bit longer.

Putting off and putting off

So I can put my hand up and say I was one of those people. I have put off OSCP for about 6months. I have read so much on what I need to do in order to prepare/be ready/be able to pass OSCP.

I had a massive list:

• Python scripting
• Bash scripting (fluent)
• exploitation knowledge
• metasploitable unleashed tutorials
• web app experience
• network experience
• Everything theory…

I even looked at other cheaper courses, a cert to help me get  a cert >.<

 

How did I drop the cash and sign up

I had many an excuse to keep putting off the course. The biggest one being that my work had not given approval for it, so I had to pay for it. I did a little chasing for approval, but inside I didn’t push it as much as I could have.

I was lucky enough to attend the only security conference in Australia that deals with ‘hacking’. Yay me!

There i met some cool dudes that are slightly skilled. @troyhunt @TheColonial @justinsteven @radac_ . I have probably missed others, if so and you are reading.. my bad!

2 of those people have the OSCP cert and 1 has done the labs but too lazy to sit the exam.

Any how, the important point is that these guys all give everything a shot, whether it be OSCP, web development, work or running. They eventually convinced me that I will keep putting it off and never actually sign up, unless I actually sign up. They gave tips and tricks while I was at Ruxcon and basically said OSCP is not impossible it just requires the time and attention it deserves, aka not f@cking easy.

If I can  sign up, so can you!

Finally Enrolled

So I enrolled and am starting 1st December, very very soon. I am crapping my pants scared that I will not be able to do it, I guess that means not putting in the time to do it… Oh why can’t I just have the information downloaded into my brain like they did in the Matrix.

I will keep this blog updated with my learning, frustration and love hate relationship with OSCP.

 

Check this blog out to be further scared of OSCP.

http://needsec.com/offensive-security-pwb-oscp-the-offsec-labs-are-no-joke/

 

:) happy hunting

Nmap && Testing syntax Highlighter

Hi All,

A friend of mine wrote  a bash script for nmap. I stole it and modified it.

 

So here they are, will explain what they do and hopefully

the syntax works.

#!/bin/bash

#add IPs
#discovery script

IPs=('x.x.x.x')

totalIPs=${#IPs[@]}



for (( i=0; i < totalIPs; i++)); do

    echo "[+] Testing $(($i+1)) / $totalIPs"

    nmap  -p1-65535 -vv --max-rate 1000 -Pn -oA –-script discovery ${IPs[$i]} ${IPs[$i]}

    #nmap -T2 -F -vv -Pn -oA ${IPs[$i]} ${IPs[$i]}

done

echo "[+] Scan complete"

Tested: and it works. really annoying to have to go to source add the tags :(.

Any how: explanation of the syntax:

Effectively it takes IP addresses and places them into nmap. It creates nmap output individually for each IP.

 

It searches all ports, assumes they are up (-Pn), ouputs to all formats and runs the script discovery.

 

I have more but for now its to test the syntax Highlighting.

 

Am currently downloading Visual Studio express as  @troyhunt linked http://plugins.live.com/writer/detail/paste-from-visual-studio. This allows copy paste direct from VS.

 

Hopefully it works as intended with the Blogger infrastructure underneath Live writer… eep!

Another thing, spell checker wants to spell check the code :( :(!

 

Cheers

 

Wish me luck

Trying out Microsoft Live Writer

Hey all, new post.

Its a been so long! I have been lazy, but only with posting, I have still been up to stuff!

This post is to test out live writer.

I am already noticing a benefit as I did not have to go to Blogger, create page etc etc. It isn’t much I know, but if you are blogging heaps I could see it being an unnecessary waste of time.

I was informed about Live writer via Troy Hunt, who is a seriously hardcore blogger and internet security researcher. So the advice came with weight behind it aye. He can be found here @troyhunt. <- and on that not it is so much quicker to do a hyper link.

 

So if this posts, live writer is working well for me.

 

BUT BUT BUT!! To get installed was one big ass mofo.

When live writer wants to hook up to your blogger it asks for your blogger URL, username and password. Sound easy right?

 

1 Blogger URL: easy

2 username: easy

3 password: not accepting… wtf why, what am I d0o0oing wrong.

 

So after much googling I found out that the password is not your username password, as your username is your email password. It would be bad security to ask to give your email password, so it requires the Google ‘Application Specific Password”. Which in hindsight makes sense, its an application connection to blogger which uses your gmail account… *facepalm, at the time it was not making sense.

 

A quick rundown on ASP’s can be found here.

I do need to find a good python syntax highlighter for my blog.

So that is my blog so far.

Cheers

test

<?php
$example = range(0, 9);
foreach ($example as $value)
{
echo $value;
}

a = 5
b= 3
a + b = c
print c

python client notes

Hi all, these are my personal notes.

So I can print them out and sticky tape them to my wall.

Please note: A fantastic tutorial I reference from is BinaryTides. Found here 

I am breaking this tutorial up into my own notes, to jog my memory. So it is not a tutorial for others to follow, however if it is useful, its useful ! :)


Now "haydn" (aka me), python network programming requires a socket.



test


Now we need to get an IP address of a remote host/url
as such we connect to google

Note to self: Copy pasting looks way better than creating via Gist, saves time too!!

host = 'www.google.com'

try:

    remote_ip = socket.gethostbyname( host )

except socket.gaierror:

    #could not resolve

    print 'Hostname could not be resolved. Exiting'

    sys.exit()

     

print 'Ip address of ' + host + ' is ' + remote_ip








Now we have the IP address we can connect to it on a certain port
simply use s.connect

#Connect to remote server

s.connect((remote_ip , port))

print 'Socket Connected to ' + host + ' on ip ' + remote_ip











But we need to add the port we wish to connect to


host = 'www.google.com'

port = 80




Thats making a socket and connecting to a server.

To Send data we do 

sendall(message) 




message = "GET / HTTP/1.1\r\n\r\n"

try :

    #Set the whole string

    s.sendall(message)

except socket.error:

    #Send failed

    print 'Send failed'

    sys.exit()

print 'Message send successfully'







To receive data:
s.recv(4096) 




#Now receive data

reply = s.recv(4096)

print reply










Closing a socket
s.close()