shizonic shizonic

Bash Startup Files

# Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs

# Enumerate tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables

# Dump table data
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump

Requirements

Encrypt everthing including /boot and /root
Enter password once
Support UEFI

Installation media setup

Download NixOS minimal iso and copy to USB stick. For example on Mac OSX

$ diskutil list
$ diskutil unmountDisk /dev/disk1 # Make sure you got right device

Using Blind SQL Injections to Retrieve Access Credentials of a Website

In this gist I show how I leveraged a boolean-blind sql injection to gain access to a protected website. The injection allowed me query the website database and retrieve a valid pair username/password. Using the retrieved credentials I was able to login into the protected section of the website.

Software Used

To perform the attack I used:

sqlmap to discover the website was vulnerable to SQL injections.
Burp Suite to forge and send POST requests to the website login page, carrying payloads opportunely crafted with SQL queries.

Time-Based Blind SQL Injection

Indication of a correct query is based on the time the query takes to complete.
This time delay is introduced by using built-in methods such as SLEEP(x) alongside the UNION statement.
The SLEEP() method will only ever get executed upon a successful UNION SELECT statement.

Base query example

/endpoint?query=admin123'

Attack query example

Linux Desktop on Apple Silicon in Practice

I bought M1 MacBook Air. It is the fastest computer I have, and I have been a GNOME/GNU/Linux user for long time. It is obvious conclusion that I need practical Linux desktop environment on Apple Silicon.

Fortunately, Linux already works on Apple Silicon/M1. But how practical is it?

Two native ports exist.

	If you have ever put something in a file like .bashrc and had it not work, or are
	confused by why there are so many different files — .bashrc, .bash_profile, .bash_login,
	.profile etc. — and what they do, this is for you.
	The issue is that Bash sources from a different file based on what kind of shell it thinks
	it is in. For an “interactive non-login shell”, it reads .bashrc, but for an “interactive
	login shell” it reads from the first of .bash_profile, .bash_login and .profile (only).
	There is no sane reason why this should be so; it’s just historical. Follows in more detail.
	For Bash, they work as follows. Read down the appropriate column. Executes A, then B, then C,
	etc. The B1, B2, B3 means it executes only the first of those files found.

	Hi All!

	I've recently launched a tool that wraps many of the commands here with a user interface. This desktop application is currently available for macOS. There's a roadmap outlining planned features for the near future.
	Feel free to request any features you'd like to see, and I'll prioritize them accordingly.
	One of the most important aspects of this application is that every command executed behind the scenes is displayed in a special log section. This allows you to see exactly what’s happening and learn from it.

	Here's the link to the repository: https://github.com/Pulimet/ADBugger

	App Description:
	ADBugger is a desktop tool designed for debugging and QA of Android devices and emulators. It simplifies testing, debugging, and performance analysis by offering device management, automated testing, log analysis, and remote control capabilities. This ensures smooth app performance across various setups.

	session=lxqt
	geometry=1920x1080
	localhost # comment this out to allow connections from anywhere
	alwaysshared