37.3 F
High Point
Home Blog

How to Retouch Corporate Portraits

0

How to Retouch Corporate Portraits

TypeScript Experimental Decorator Error in Visual Studio/Code

TypeScript Experimental Decorator Error in Visual Studio/Code

I ran into this issue in Visual Studio 2019 while working on a .NET Core/Angular 8 project. It seems like every new component I created displayed an error or a warning for experimental decorators. After doing a bunch of research this issue seems more prominent in Visual Studio Code so I thought I would share what I found online in hopes of helping others.

The Unresolvable Strange experimentalDecorator Error

Verify TypeScript Configuration

It’s important to make sure experimentalDecorator is enabled and set to true in the tsconfig.json settings file.

Visual Studio (2019) Solution

In order to fix this issue, you will need to add the code below to the .csproj file of the web app in Visual Studio. In Visual Studio 2019 you can edit the .csproj file by double-clicking on the project name. In older versions you will have to right-click the project and select “Unload” and then you can select “Edit csproj file”.

Visual Studio Code Solution

You will need to add a setting to the file located at .vscode\settings.json.

CTFs I’ve Completed

0

CTFs I’ve Completed

Beginner

Me and My Girlfriend

Intermediate

PWNLab Init

Advanced

Pinkys Palace

Command Line MySQL for Hackers

0

Command Line MySQL for Hackers

Learning to connect to a MySQL server via command line is extremely useful in many situations especially for penetration testing. It’s quick, easy to learn and the fastest way to get in.

General MySQL CLI

Connect to the Database

This command will log you into the MySQL server with user “user” on host address 192.168.0.26.

┌─[✗]─[user@parrot]─[~]
└──╼ $ nmap -sV 127.0.0.1

Enter password: <br> Welcome to the MariaDB monitor. Commands end with ; or \g.<br><br> Your MySQL connection id is 4 <br> <br> Server version: 5.7.28-0ubuntu0.16.04.2 (Ubuntu) <br><br> <br> Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. <br><br> <br> Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement. <br><br> <br> MySQL [(none)]>

View and Connect to a Database

To see what databases are available to the user you’ve logged in with type the “show” command. To start viewing information about the database use the “use” command.”.

Table Viewing and Manipulation

The two most important things you should know is how to see the tables of a database and view the definition.

To see information about a table such as the schema use the “describe” command.

Advanced MySQL Commands for Hackers

Creating Local Database

Importing data from a SQL file is easy…

Ex-filtrating Database Schema

The user is “root” and the password is “plbkac”.. Yes, there isn’t a space between “-p” and the password. That is the way you do it…

If you just want one table with no data… try this…

Ex-filtrating Data

Reading Data

It is possible to read sensitive files using MySQL commands.

Create Backdoor PHP Script

This will create a PHP backdoor script that will execute commands against the system. You can easily call home with a reverse shell.

WordPress Privilege Escalation

You can create a new user with administrative access very easily using SQL. There are 2 tables and 3 sets of data the must be inserted to accomplish this. If you don’t want to create a new user and have compromised a low privileged user you can use SQL to elevate your privileges by updating the wp_usermeta table. Adjusting the meta_value for the meta_keys “wp_capabilities” and “wp_user_level” will elevate access if done correctly.

This script isn’t 100% accurate. WordPress no longer users MD5 hashes for passwords. There’s a script that adds a salt in WordPress. You’ll have to reset your password or copy in a known user’s password.

The key thing about WordPress is understanding how data is saved. Some of the data in WordPress is saved in composite JSON strings.

 a:1:{s:6:"author";b:1;}

You can’t just change “author” to “administrator”. The “s” stands for string and the 6 means it is 6 characters long. You must update the entire JSON string to make this work.

 a:1:{s:13:"administrator";s:1:"1";}

You will need to find the TOP value for the ID. This will not work if the ID already exists.

Upgrading Firmware on a Ubiquiti Edgerouter Lite with SSH

Ubiquiti Edgerouter Lite

Upgrading Firmware on a Ubiquiti Edgerouter Lite with SSH

The Ubiquiti Edgerouter Lite provides the ability to create a virtual LAN (vLAN) for $129 dollars. This is a quality VPN solution that was highly recommend from someone who owns a data center. Seriously… well worth the money.

Upgrading my router from firmware version 1.2 was difficult because there is a bug in the CURL library that causes it to fail when upgrading through the Web UI.

Version 1.2 has a bug in the curl library so uploading the firmware through the Web UI is not possible.

Connect to Ubiquiti Edgerouter

In this tutorial I will be connecting to the router through an Ethernet cable that is directly plugged into my laptop. Before I can access the administrative panel I must manually set my IP address on my Ethernet card to an IP in the subnet of the router or it will not connect.

Router Administrative URL

http://192.168.1.1/

Default Login Credentials for Ubiquiti Edgerouter Lite

Login: ubnt

Pasword: ubnt

Upgrading Ubiquiti Edgerouter Lite’s firmware using SSH

At this point I assumed you’ve tried to update the firmware through the UI and it has failed.

Download firmware here: https://www.ui.com/download/edgemax/edgerouter-lite

The trick is to use SSH to update the firmware from version 1.2 to 1.3 to get past the CURL bug.

I wasn’t able to upgrade to any other versions of the firmware. I was only able to upgrade to 1.3. After I upgrade to 1.3 I didn’t have any issues upgrading to 1.97 using the web UI.

See link for more information about the issue I experienced

https://community.ui.com/questions/EdgeRouter-Lit-Firmware-v1-2-0-Update-Error-Need-Help/a397bc61-f089-440f-acd0-40baa76703cf

Connecting to Router with SSH

You can easily connect to the router using SSH. The login is your administrative account and password. Confirm you have access using the below SSH command to connect.

Secure Copy your image to the router’s /tmp/ folder

If this was successful then connect to the router to add the system image.

Voila! Your firmware has been upgraded.

The router will need to reboot shortly after the firmware has been updated. When it comes back up from the upgrade from version 1.2 to 1.3 you can log in and use the Web UI to upgrade to any version you like. I read that version 2 had bugs in it so I went with version 1.97.

Useful Links

https://help.ubnt.com/hc/en-us/articles/205146110-EdgeRouter-Upgrading-EdgeOS-firmware

Ethical Hacking Interview Questions

0

Ethical Hacking Interview Questions

My friend, and primary organizer of the GSO InfoSec meetup is currently trying to break into a Cyber Security career as a penetration tester. I’ve asked him to let me know what kind of questions they ask during interviews. I’ll be posting those here…

Q: How would you use nmap (or an equivalent tool) to scan a class A, class B, and/or class C network?

LinuxHint.com – nmap scan ip ranges

Q: Say you are assessing an AWS environment and notice several unecnrypted EBS volumes. When is it okay, and not okay, for these volumes to be unencrypted?

Q: A client has not permitted the use of any tools to be used against their network. They are only allowing you to use standard Windows signed executables and PowerShell. What can you access against the environment?

Varconis.com – PowerShell for Pen Testers

PSNmap PowerShell Module

Packet Sniffing with PowerShell

Senior Consultant Expectations

Becoming a senior consultant means having years of experience and advanced, deep knowledge in the below.

Programming Languages

  • Perl
  • Python
  • Ruby
  • bash
  • C/C++

Penetration Testing Suites

  • Nessus
  • Metasploit
  • Burp Suite Pro
  • Cobalt Strike
  • Empire

Best Practicies and Methodologies

  • OWASP
  • Cyber Kill Chain
  • MITRE ATT&CK Framework

Expert Knowledge

  • Networking
  • Software
  • Web Development
  • Server Configuration
  • Windows / Linux / MacOS / Mobile

Certifications

  • OSCP
  • GPEN
  • OSCE
  • GCIH
  • GXPN

Deep Shaw: Power Blast

0

Deep Shah: Paint Color Splash Affect

0

Deep Shaw: Stencil Graffiti

0

Deep Shah: Brush and Splatter Affect

0

If you’re not following Deep Shah, you should be.

Software Developer, Designer, WordPress, XRM, InfoSec, DevOps, Hapkidoist and Explorer

WEATHER

High Point
light rain
37.3 ° F
41 °
34 °
100 %
1.3mph
90 %
Sun
49 °
Mon
37 °
Tue
35 °
Wed
43 °
Thu
34 °

POPULAR ARTICLES