Tech Help

Snooze Words: Documentation      In our quest to automate the dumb stuff, we tend to always leave it a huge pain in the butt to do documentation. Mostly cause some parts of documentation have to be customized and adjusted and trying to automate that we sometimes overengineer it. Without that, we get used to loading up MS Word or similar products and setting up the documents we need. Then along with services like docusign to get signatures for things like our Pentest MSA and Scoping documents, we can also automate the generation of reports. There's several tools out there for this, and I've experimented with making a few myself. For this example though I'm going to go through using obsidian as a grounds for our documentation and jupyter-lab as our pentesting platform.      To start with, I'm definitely gonna want to have a way to make a formalized document. Doc? PDF? Well I'm originally I went the doc route by using the python docx library. It worked, but wa...

 CozyHosting Intro: I went to start another HTB system and figured this would be a good one to write up. I know there are other writeups on this, and from what I've seen, I think I can put together something better to follow. So, lets dig in. Recon: I started with nmap, I have nmap aliased which is basically setting mynmap to "nmap -sS -sV -Pn -p1- --open -sC -oN nmap" which I have setup this way so I can create a folder for the htb challenge, enter the folder, and then nmap from there. saving my file for reference later. This does miss some udp stuff and things like that, so it's not the best scanning, but it's sufficient in most cases to give me an advantage A few other starter things I like to do is start dirb and eyewitness to go grab a picture of the site. Lets not forget to go ahead and get some whatweb detection goodness. So far we've only found login and admin pages, think I'm gonna try to run FFUF to see what else we can find while we investigate ...