I sent an email to a vendor asking for a document and when the vendor replied to my email with the document attached, the document was password protected.  He said as much and he also said that I could probably crack it.  He is correct.  

    I've probably cracked a PDF once or twice.  I've probably also cracked a few ZIP files, RAR files, and various other files with passwords but I think you get the point.  Essentially, most of these types of files will all crack the same way -- John the Ripper.  

    There are a couple of John the Ripper versions but somewhere along the way, I discovered that the Jumbo John package is the one to use for cracking ZIPs and RAR files.  I don't know whether PDFs fall under that some umbrella but that's where I went.  


    I was working on a project and while looking at the randint function, I suddenly thought about blackjack.  It makes sense -- you have a function, randint, that generates a random number.  So I open a terminal and after a little side deviation, I'm generating a couple of cards.  I realize a few things I'm missing and I build it out a bit further.  Then even further.  Each time realizing that there's more to this little game project than I had anticipated.  I finally decide to stop at this version you see below.

    There are a couple of things to note here -- first, my dealer cheats.  That's intentional.  The second thing to note is that I didn't take into account that an Ace can be worth one or 11.  I could go back in an assign values to variables but then this would grow further and that wasn't really my point.  

    As always, my Python is pretty weak so don't critique me.  I don't use it for much other than single functions hence the very small hacky scripts you see here.  One day I'll build something... one day...


    As I mentioned previously, I've been spending time on HackTheBox.  I've gone through about 12 machines in both the Active and Inactive areas.  A lot of what I'm finding so far is more along the lines of situations you wouldn't find in the real world.  That said, it's a great way to add technical chops and acquire more critical thinking skills.  Which is another way of saying I do a lot of head banging and Googling.  

    The other day, I stumbled across Cronos which is a retired box and there several reasons why I decided to write about it.  Rather than spoil, I will mention those reasons when I get to them but let me summarize by saying that it's a bit more real world than what you typically see.


    I go back and forth between working on various problems and when a hard problem wears me down, I work on something easier.  That's where Blocky comes into play. 

    It seems they move boxes in and out of the Retired section of HTB because I don't even recall its name.  I do know that I was working on another box, went through the weekend without touching it, and when I went back to it that following Monday, it was inactive.  

    Anyway, so Blocky went from Nmap scan to root in no time purely because of a solid guess.  I sometimes just poke at something for the sake of covering all of my bases but it doesn't normally bear fruit.  This time it did and I was completely taken aback.  More on that in a bit.

    First we kickoff an Nmap scan:


    We deal with small to medium-sized businesses which means we might not have a budget for a thousand plus dollar Active Directory auditing tool. But maybe we only want a subset of those tools and we can script some of those tools in PowerShell.  For example, assuming you have a lockout policy setup in Active Directory (you should!), the point is to stop someone from guessing passwords on your accounts.  Wouldn't you like to know if someone is attempting to guess passwords on your accounts?

    This script can be added to the Task Scheduler and I would setup its frequency based on your lockout duration. 

    A few things to note about this script --


    © 2020 sevenlayers.com