No.1813
I need a place where I can share stuff I'm learning, even if talking to the walls, anyone is welcome to talk, its important to keep on technology but I guess we can escape a bit, no? Came here from hikarich.
I'll start:
I'm at the end of a long journey through some extensive material for a certification I have to get, the HTB CPTS. Being a wagie is tough, but I'm enjoying the material, though sometimes it's just a grind. I'm finishing the Windows privilege escalation module and also following some esoteric blog posts I found from security researchers.
What infuriates me is the damn ACLs, just look at this:
[code]
sc.exe sdshow DNS
D:(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;RPWP;;;S-1-5-21-669053619-2741956077-1013132368-1109)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
[/code]
The number of times I've had to consult the MS documentation just to not get lost is absurd. Meanwhile, in Linux, as far as I know, you just use ls -l, you get the permissions, and you're done. The objects Windows uses for every single file make this model a living hell.
And the worst part is, there's no escaping it. Just take that string I threw up there from sdshow DNS. At first glance, it looks like a messed-up hash, but it's a damn list of permissions. The so-called SDDL.
After burning a few hours in the documentation, the thing starts to make a twisted kind of sense. The D: at the beginning is the DACL, the list that says who can do what. Each (…) is a rule. You glance at it and you can already spot the usual suspects: SY (System), BA (Built-in Admins)… and right in the middle of it, our opening: (A;;RPWP;;;S-1-5-21-…). Translating from Microsoft-ese: A (Allow) the user with that giant SID to have RPWP (Read and Write Property) permissions, which is ultimately what lets us stop and start the service.
That's when it clicks. The problem isn't just the syntax. The problem is that in Windows, everything is a "securable object." It's not just files and folders. It's the service, it's the registry key, it's the process in memory. For each of these things, there's an ACL with super specific permissions that have nothing to do with rwx. It's WriteDACL, WriteOwner, GenericAll, CreateChild… an alphabet soup that defines exactly which tiny piece of the system you can or cannot touch.
While in Linux we worry about a find / -perm -u=s -type f 2>/dev/null to find a SUID and escalate, in Windows, we have to hunt for a weak write permission on a random registry key or an obscure service.
No.1815
>>1813How hard would be to recreate this?
https://www.0xc2.io/I know zero % of position independent code, i wonder what evasion tactics he applied. Soon I will fucking get this shitty ass certification and will be able to do relevant stuff, I want to implement the use of io_uring in erlang BEAM soon as I'm able, not a single retard did this yet
No.1816
OP here, I can use icacls to check permissions on a file, the verbosity of windows grinds my gears, they can't fucking decide what pattern they use for their system applications.
No.1818
>>1817Remember, knowledge is a process for yourself, it doesnt need to be the main objetive and treated as a product, being productive for being simply productive kills your soul unironically
No.1819
>>1818I don't have any fancy reason for doing stuff. I just have nothing better to do, like computers, and hate how much software and my favorite entertainment (anime and video games) have regressed.
Anyway, I can't seem to find where I got stuck on George Chrystal's Algebra, but while skimming the text I noticed that I seem to be understanding stuff I didn't even notice previously, so I'm reading it from the start.
No.1820
Did this have to be a tech thread? I wish there was one for humanities but then I'm reminded of lainchan /hum/ and what a shitfest that has become.
No.1821
>>1820It helps me maintain focus, and its dead here, guess theres no problem getting a bit out of the way.
I just woke up, 02:30, made some sandwiches and drank a bit of energy drink, study session will begin now.
No.1823
I'm almost done with research, I WILL END THIS FUCKING SHIT TODAY, windows escalation is hell on earth what the fuck man.
No.1825
Yesterday the urge to look into Android development was too strong. I spent a long time researching which between Kotlin and Scala is better or at least less bad. I also did some exercises and read a little bit of Algebra, but I couldn't do much because I didn't have power for a while.
I ended up choosing Kotlin and it was the right choice, it's the worse language, but Android has migrated from Java to Kotlin and Java is now a second class citizen that doesn't get new APIs, and there's no FFI between Kotlin and Scala unless you write Java ABI bindings in Kotlin.
Had to spend a long-ass time fixing some Gradle nonsense because of course it doesn't work.
I knew Android, Java, and the JVM were bad, but I didn't know they were this bad.
An empty Kotlin program on the desktop already uses ~400MiB of RAM on startup, too.
I know the Android JVM is better than this at least, but I'm certain that if Android apps had a machine code entrypoint and its APIs were all available in C ABI, memory usage and startup costs would fall massively for all programs not written in a JVM language, and it would make development easier because of how bad the entire Java ecosystem is and how much better e.g. the C ecosystem is.
No.1826
>>1825Why algebra? My experience with android development was horrible, the worst i've ever had in my life and I wish to never touch it again, gradle, maven, tons of little finnicky fuckety things so you can run a bloated POS.
Also that idea of yours for using C, wont that cause only to be able to run in a single and specific architecture? I once maintained an application that had C and was when there was no smartphone had biometric capabilities like nowadays, it was horrible
No.1827
>>1826>Why algebra? Because I was a bad student in school and didn't pay attention to class, so now I don't know it, and I think a good programmer needs to know algebra.
I'm also at a point where the only multithreading books more advanced than what I already know are full of math. And if I learn a little algebra and trigonometry I should be able to do graphics programming.
>Also that idea of yours for using C, wont that cause only to be able to run in a single and specific architecture?It will cause an individual compilation of the program to only run in a single and specific architecture. I can compile it for each supported Android architecture. Bad C code can definitely break when compiled for a different architecture, but my programs don't have that issue.
My target device for Android programming is a Galaxy SII from 2011 running Android 7. I intend to write as much as possible in a performant language like C because I think an operating system and day to day tasks on it should be able to run on a Windows 98-era machine like they did back in the day, which is impossible with the JVM, but I can't avoid the JVM on Android, so I'll just use it the least I can, and I already have an existing desktop program that is written in C and could work as an Android app.
No.1829
>>1828I will start studying in a few hours, AD enumeration and attacks, I pretend to finish at least all of these today, as I want to spend until the end of october or until the first half of november doing ctfs related to my certification.
After all this ends I'll take a look at some of this content.
https://ost2.fyi/Learning-Paths.htmlI got an offer for a role, application security consultant, from a big company, but man, i'm really sure if i accept i'll be a wageslave fucking suffering then dumped, I guess I wont accept, my job is too comfy and I'll change roles inside the company anyways.
You did the kotlin tour from their their site?
No.1830
>>1829>You did the kotlin tour from their their site?Yes, I read this and did all the exercises:
https://kotlinlang.org/docs/kotlin-tour-hello-world.htmlNow I'm doing the last exercise of chapter 4 of
https://kotlinlang.org/docs/kotlin-tour-intermediate-extension-functions.html
>https://ost2.fyi/Learning-Paths.htmlI'm wary of what that website claims to teach, the completion hours are too short.
e.g. The Art of Software Security Assessment by John McDonald, Justin Schuh, and Mark Dowd is 1200 pages long, that's going to take 2 months at 20 pages per day, likely way more because it's not a novel that you can go through as fast as you can read. I'm a bad reader who would take a year to go through such a book.
No.1831
>>1830Ah, this book you mentioned was, if not the first, then certainly the one I read very slowly to introduce myself to AppSec. Of course, I didn't finish it. In shitzil, cuntzil, retardzil, a physical copy is 1200 BRL, an entire minimum wage. Thank God I got a tablet.
The last book I "touched" was
https://pages.cs.wisc.edu/~remzi/OSTEP/It's one of the best; they introduce you to the xv6 kernel so you can practice and implement what is taught. I used C3 for the extensions because Kutepov (Tsoding, you might know him) was shilling it in 2023, iirc. It was one of the best times of my learning life. Sadly, I had to stop at the second implementation because being a poor wagie fucking sucks, and moving out is even worse. Hopefully, in January, I'll have time to dedicate myself to learning/my interests again, as I used to, been years I don't program something interesting.
No.1832
God, I went checking BR imageboards again, actually just one that I really used to like, the rein derivates, 2020 it was really good, nowadays some retard bought the domain from the original one and its horrendous, really sad. Maybe i'll try to improve the content as boards are able to be created by users.