In this writeup, I am going to be taking a look at ZeroLogon. At a high level, ZeroLogon comes from an implementation error with Microsoft’s MS-NRPC. I used the exploit that was located here. The only issue that I had with the exploit, is that I was running Impacket v0.9.21. Although this version is stated in the requirements.txt of the GitHub repo, I was having an issue that stated that a function inside of the exploit’s function script was not found in the installed Impacket version. ...

Hey all, in this short post I’m going to walk you through how to set up your very own Gitea instance, which is essentially like a self-hosted Github. You can host Gitea in a Docker container, virtual machine, or anywhere that can run Golang. You can even host it on a Raspberry Pi! First, on any debian-based Linux machine (Ubuntu, Mint, Debian, etc.), run the following command to update your apt cache: ...

Hey all, I thought I would give a synopsis of my foray into homelabbing. It has been something that always interested me, as I run a lot of virtual machines, and I found it annoying to constantly have to suspend / power off the machines. Also, there was always an image in the back of my mind, that the whole datacenter scene was like it’s own world, and that I was missing out on something cool. ...

Although this is a reasonable list, the list of ‘good’ tools seemingly changes every month. As of late 2019, this is a decent list of tools that can be used to aid in privilege escalation. Linux Linux Smart Enumeration File type: Shell Script Download: Here “This script will show relevant information about the security of the local Linux system. It has 3 levels of verbosity so you can control how much information you see. ...

TL;DR: Mount a easy to find directory as the _/data_ directory on your Docker container unless you want to go down the rabbit hole of “Why isn’t it easier to find my container’s files?” Hey all, with my recent entry into the whole homelabbing scene, one of the key technologies that I wanted to learn more and try out was containerization. With all the tech buzz words that are out in the world, containerization has to be one of the most often used. Sure the word itself containerization lends itself to how the technology operates at a high level, but how does it work at a lower level? Will it replace VMs? How easy is it really to make changes to a “container” and then send it to someone? Who is this aimed at? Why are there socks at the end of my bed? ...