Posts

Narnia 1 - OverTheWire - Updated Walktrough

Narnia 1 is about teaching you to write, inject and use ShellCode. *NOTE - this tutorial is for programmers like me, that just learn some web programming, maybe having fun with some hacking ect., no idea about c or assembler. If you're a computer science deg. this might be wwaayy over simplifying, and therefor its not for you. The main purpose of this tutorial is not HOW to solve narnia1, but to UNDERSTAND how to solve it a-z. What's ShellCode? Its a crafted piece of code, usually meant for a shell, usually binary code (in hex representation, called Object Code) So as stated there are 3 stages here, -write, -inject, -run. I'll start from the last. RUN YOUR SHELLCODE Well, in order to run your shellcode, you need to know where is the exploit, and adapt the code to that, so lets open narnia and lets see the exlpoit in " narnia1.c ":     ret = getenv("EGG");     ret(); Well, whats " ret "? It is defined " int (*ret)(); "

CTF365 Security Shepherd Walkthrough - No Spoilers Just Hints

hopefully, lets try to do all of the  CTF365 Security Shepherd  lessons and challenges, and help everybody with all they need but no spoilers. that doens't meant you don't need to do your learning, if i didn't write something, that means (a) learn the topic (b) read instructions. simple way to work through is installing burp-suite CE and make it work with ssl, but i'll try to also teach, where possible, you can use other tools. LESSONS *any lession with a asterisk [*] in its name means that it would have been easier with burp, just altering the request. [need to install cert. etc.] Broken Session Management* the session is managed via cookies, can be changed via Chrome Dev Tools (F12) -> Application tab -> Storage -> Cookies. (maybe you must click the button 1st) Cross-Site Request Forgery after putting a value in the box and submitting, right-click and Inspect-Element the image. you must put a full url i.e. https://..... try put a funny image

Copy SharePoint Online List with Data (with list items) to another site

 We have PNP!!! Using this post , and upgrading it with to the new PNP , this is the results 1. Make variable $listName = "listTitle" (hebrew works :)) $listName = "קריאות לבאטמן" 2. Make variable $templateName = "c:\template\HR-listTemplate" (or another path) $templateName = "c:\template\BAT-listTemplate" 3. Connect to SiteA Connect-PnPOnline -Url "https://tenant.sharepoint.com/sites/SiteX/SiteA" 4. Get list template Get-PnPSiteTemplate -Handlers Lists -ListsToExtract $listName -Out ("{0}.xml" -f $templateName) 5. Get items to that same file (peep to the xml file) Add-PnPDataRowsToSiteTemplate -path ("{0}.xml" -f $templateName) -List $listName -Query '<view></view>' 6. Connect to SiteB Connect-PnPOnline -Url "https://amymetom1.sharepoint.com/sites/AmyPortal2" 7. Provision the list Invoke-PnPSiteTemplate -Path ("{0}.xml" -f $templateName)  8. Go to site content and be pr

SharePoint Modern Site copy/save Theme to another site

In case you Provisioned a beautiful site with the PNP services of SharePoint LookBook , and you liked it, but wanted to take it out to another site... Well, MS did not yet gave us a way to save/copy a Theme... just a lot of ways to upload ones... I tried so mush downloading a site template with Get-PnPProvisioningTemplate Get-PnPSiteTemplate Invoke-PnPSiteTemplate All failed for so many reasons... BTW (1) dont change the name of the .pnp file, and if you get some "access denied" error, either become global admin, or use "-ExcludeHandlers" (i needed  Fields, Files, Lists, Pages ) Anyways... how I got it working 1. I used this endpoint to get the actual palette https://tenant.sharepoint.com/sites/NewEmployeeOnboardingNew/_api/SP.Web.GetContextWebThemeData 2. And extraced the data accroding to this MS article  while converting the RGB to HEX code made in html/js in the end 3. I uploaded the theme to the Tenant With SPO services, for some reason, you can't connec

CPanel - WHM - change sending email via server to email Relay (email supplier SMTP) (mailgun)

Following this article https://www.smtp2go.com/setupguide/exim_whm_cpanel/ While choosing mailgun as my supplier, and the help of one of GNS experts, here is what you need to do.  NOTICE this is for SMTP. Open your WHM, in the left search for "Exim" and click "Exim Configuration Manager". Within the new window opened there are some tabs, choose "Advanced Editor". Its Highly recommended that you save the old values for each place you make a change. 1. Find the area under begin authenticators Section: AUTH   and paste these values: mailgun_login:  driver = plaintext  public_name = LOGIN  hide client_send = : postmaster@mydomain.co.il:9b7. ...e3 change the last line to your email account name and your password 2. Find the area under Section: ROUTERSTART and paste these values: mailgun:  driver = manualroute  domains = ! +local_domains  transport = mailgun_transport  route_list = "* smtp.eu.mailgun.org::587 byname"  host_find_failed = defer  no_more

SPFx gulp bundle --ship Error - 'undefined' errored after "orchestration aborted"

 Using SPFx fro Application Customizer for SharePoint 2019. Did gulp bundle --ship. Error - 'undefined' errored after orchestration aborted" Resolve: move out the TS Type [] Problem:      public   MegaMenuListData :[] = []; Solution:      public   MegaMenuListData  = [];

Correct way to set Sharepoint calculated field for Month

 - the bad solution "if(Month(TODAY())=Month([ Created]))" The good solution FIELD "start the month"- returns this date:  =DATE(YEAR([Created]), MONTH([Created]),1)  FIELD " end the month"- returns this    =DATE(YEAR([Created]),MONTH([ Created])+1,1)-1