Posts

What every Browser knows about you

using this nice tool http://webkay.robinlinus.com/ to see how anon i can get, lets go

table will contain:
method (browser + proxy/vpn), location, OS, browser, plugins (of browser), hardware, prev page, public ip, local ip, ISP, speed.



surfing with just chrome, normal connection, the site i am visiting knows everything about me, that i use chrome (and what version), my location, my OS, my display hardware, the last page i've been, my exact public and local IP, and my download speed, the social media i am currently logged in, and that there is a devices in my network (i think its my printer).



now with tor, normal connection, normal config, leaving tor at its default size, JavaScript Enabled.

proxy's location
proxy's OS
right browser version (FF 52)
proxy's hardware and down-speed
social media not shown logged-in, yet i never logged in with FF or Tor, so i cant tell.
cant scan network




torJavaScript Disabled:
that website does not show any info

what's my ip sites shows proxy



*Note t…

Angular add more html pages

1. ng-build with your index.html set properly with its components. (or conditional app-components)
2. rename and copy the rendered to (for example) /src/search.html
3. in angular.json (angular-cli.json for pre v5) find "assets":

"assets": [ "src/favicon.ico", "src/search.html", "src/assets" ],
browse localhost:4200/search.html
enjoy :)

OverTheWire[.com] Natas Walkthrough - JUST HINT, NO SPOILERS

game portal: http://overthewire.org/wargames/natas/
PASSWORDS for each level are stored in /etc/natas_webpass/natasX

I made this walkthrough for people like me, i needed some help, but didnt want the spoiler, so here i will give you all the information needed to pass each level, yet not the solution.

For levels needed custom web request i made a different post for powershell and javascript with how-to's, since is a piece of learning for itself, and also for those of us that play at work and have only powershell at their hands. Although its not a complete spoiler there, its quite most of the solution so try yourself 1st.

Natas
The Natas game is from basic to advances web hacking. Every few levels is about whole new exploitation (with some harder ones doing comeback later), so a lot of learning.

If you're new, you're the reason i am writing so much even for the 1st level, just please google EVERY topic you see, since in the following levels i assume you know the previous topi…

Natas Powershell and JavaScript Helper (OverTheWire)

I did most of Natas from work, and there i couldn't have anything but Windows PowerShell, or the browser's console for Javascript, so here are examples how to use it for the game for anyone in the same position.

SPOILER ALERT

even though i tried not to have this a the solutions, its kinda the solution.

Level 4: HTTP Headers


# basics for working with .Net WebClient# create a variable with a value$u="http://natas4.natas.labs.overthewire.org"# creating new Object you need to specify the full namespaces and classes route$wc=New-ObjectSystem.Net.WebClient# this is how you send user and pass $c=New-ObjectSystem.Net.NetworkCredential("natas4","............")$wc.Credentials=$c# adding headers.# # adding a cookie is just "cookie", "name=value".$wc.Headers.Add("header-name","header-value")# download the same html you see in "view-source".# you can also more elegantly store this in a variable and print it lik# …

Javascript Event Oriented Programming example on SPSocialFeed

SPSocialFeed is the sharepoint microblog, where you can post your thoughts and reply on yourself and other.

We wanted to add some functionalities for every reply and post added, so i used the new "MutationObserver" and "CustomEvent" new API's in ES6 to create an event-full way to implement solution
// batman is the man in-charge catching the bad guys in the night.// so now he catches the good events in the feedletbatman=(function(){letconfig={childList:true};letbatman=classbatman{constructor(){this.v="2.0.0";//register call to batCave fn. to _spBodyOnLoadFunctionNames, the SP onready_spBodyOnLoadFunctionNames.push('batman.batCave');}batCave(){letfeed=document.getElementById('ms-feedthreadsdiv');//childNodes can be any type of nodes, like text node. children is only HTMLElements childNodes.letposts=feed.children;letevt=newCustomEvent('feedReady',{detail:{feed:feed,posts:posts}});console.log('batman fire feedReady event');…

Javascript Expost Interface Implementation

For some time i've been thinking, how can i export a JS object that will expose only public functions, yet will keep all my million functions "hidden" just to make it less messy..

The point is to create an anonymous function and create the instance within, while returning a new object with members pointing at the instance functions with ".bind" to the instance.

So here it is
letencapsulated=(functionencapsulated_builder(){letencapsulated=classencapsulated{constructor(){this.food='bamba';this.animal='lion';}addFood(f){this.food+=' '+f;}addFoodByAnimal(a){switch(a){case'dog':this.addFood('bone');break;case'cat':this.addFood('fish');break;}}addAnimal(a){this.animal+=' '+a;this.addFoodByAnimal(a);}printFood(){console.log(this.food);}printAnimal(){console.log(this.animal);}}letenc_instance=newencapsulated();return{addAnimal:enc_instance.addAnimal.bind(enc_instance),printFood:enc_instance.printFood.bind(e…

OverTheWire[.com] Leviathan Walkthrough - JUST HINT, NO SPOILERS

game portal: http://overthewire.org/wargames/leviathan/
PASSWORDS for each level are stored in /etc/leviathan_pass/leviathanX

Leviathan
The Leviathan game is about basic debug/hack/trace binary files in linux, and how to exploit them.
The main tool you will be using here is ltrace, so read & google about it. Use it in ALL levels except Level 0, even if i don't mention it.

Another important note is that most of the files have the "s" flag in their permissions, meaning they run in elevated privileges, and that's important to understand the solutions. Go read about that too.


Level 0: Bookmarks

bookmarks.html is the file chrome creates when you export all your bookmarks, people can save sensitive info there.


Level 1: Introduction to "ltrace"

Time to use "ltrace".


Level 2: Exploiting "cat"

Most of the tutorials out there are out of date, exploiting symbolic links, and exploit "cat".
You can still exploit "cat", but it won&#…