The Bresleveloper

Background:

We just upgraded from dotnetcore 2.0 to 2.1. Most stations had the build successfully except 1, but that was because he had some dependencies projects of his own, we changed them all to 2.1 and he also had referenced one of them both in Assembly and in Projects, we removes the assembly as suggested in stackoverflow.

Then while trying to publish we got this exception in most stations:

Assets file '(project)\obj\project.assets.json' doesn't have a target for '.NETCoreApp,Version=v2.0'. Ensure that restore has run and that you have included 'netcoreapp2.0' in the TargetFrameworks for your project.
Most answers hiding in github mentioned deleting the bin and obj, and than help a couple of stations.
We then also Clean and Rebuild, but that also helped just a couple more.

Eventually by mistake I played and changed the Publish Configuration Settings, Save, Publish, and back to old configuration and it worked. I guess that it cleaned it own publish conf …

Today a customer showed me a paper (invoice) recipe  he had to write into an excel, and then again into a word "thank you" for printing/emailing.

If you're here for the Copy/Create File errors, jump to the end.

So what we did is to prepare a Form for inputs, and then a Flow that takes that data, use "Insert Row" for excel.

Next was to create the word document. I've tried to create custom properties myself, but didn't manage so I followed Netwoven's tutorial, and the simple steps are:

1 - Create a Sharepoint Document Library and add your custom properties to the library as custom Fields.
2 - Go to Library Settings > Advanced Settings > click Edit Template
3 - The template will open an empty word document, edit it however you want
4 - Wherever you want one of the dynamic custom properties to fit in put your cursor there and click Insert > Quick Parts > Document Property > your custom Fields name
5 - Save the document as a normal .docx in…

The task at hand - a form, when filled, creates a post at [all] social networks, this blog is about twitter and pinterest.

Part 1 - prepare the image Twitter needs "file content" in its media field, while pinterest needs an image url open to the public. So [1st flow] was in OneDrive folder for those uploaded images, sending back the image ID to be used in the form. Can take a few minutes, sent to mail (better to send with the image).
The twitter account will create the public url for the image.
Part 2 - the form Most simple form, Title, Content and image id into [2nd flow] a Sharepoint list. If you're sure you're never going to use more than 255 characters you can just use the title (i dont like to extend title fields characters limit).
Part 3 - to the social media Next [3rd flow] when the SPItem is created, I use OneDrive "Get file content" for the file content and the "Title - Content" for the text, and post a new tweet. I then query tweets as &…

~ This is not a technical post, its a story post.
~ A story to whom just like stories, or to whom like to learn some lessons, and especially to anyone that wants to become a hacker.

Lately (like 6 last months) i'm starting to really go into hacking, it always interested me, but i could never find the time, plus, there was always another challenge @work like the new Angular.

But with time and effort, payment has become bigger, and with it my time.

And the 1st thing was how... from some videos and many SQL injections or XSS, DVWA ect. I didnt feel i'm learning anything other then extra web security.

Finally i found OverTheWire website, and finally i learn some "real" things, linux, php, memory, crypto, ssh, ect., all basics that I, as a web-programmer, had no clue. Only the web-based challenges were "natural" for me.

I can say that there I learned lesson no.1 - LEARNING.
In the world of hacking, you must be a weary-less learner, new things every time again, a…

today we are going to have some fun understanding the full potential of File Inclusion attacks.

my goals for today

1. a few words, Disclaimer, Lab, and links.
2. Web Shells intro with DVWA
3. How to complete the File Inclusion challenge in the new DVWA
4. Metasploit



1. a few words, Disclaimer, Lab, and links.


DISCLAIMER - if you do what i teach you today you WILL go to jail. so dont do this outside of your lab.

Setting up the lab -
For a hacking lab download either VirtualBox or VMWare, or, if you own win10pro, you have Hyper-V. With those you can create virtual machines, and you will need 2 today, one with DVWA, and another as the attacker, which for ease better be kali, download machines from osboxes.

For DVWA you can either download Metasploitable 2 or set up dvwa in some machine.
In my case i just turned them both on an internal network, so they can see each other but no internet (might need to set up DHCP if you dont have any ip).

For basic help about solving dvwa's file inclu…

for anyone trying today to install DVWA, thing changed a little, took me a while to get it working, so here it is:

IMPORTANT - su if you are not root user (i.e. not kali)

1. download the latest version 

to get it working with MariaDB and PHP v7.x

wget https://github.com/ethicalhack3r/DVWA/archive/master.zip && unzip master.zip

unzip under /var/www/html, rename folder to dvwa


2. config file

cd /var/www/html/dvwa/config
cp config.inc.php.dist config.inc.php
gedit config.inc.php

create captcha keys
https://www.google.com/recaptcha/intro/index.html
and set in $_DVWA[ 'recaptcha_public/private_key' ]

start at low difficulty

$_DVWA[ 'default_security_level' ] = 'low';

you need to clean cookies if the dvwa was running

3. set user in MariaDB

sudo service mysql start
mysql -u root -p

db commands...

mysql > create database dvwa;
mysql > CREATE USER dvwa@localhost IDENTIFIED BY 'p@ssw0rd';
mysql > grant all on dvwa.* to dvwa@localhost;
mysql > flush privilege…