timnott-it

You have found your next IT professional

Month: March 2022

I HACKED my wife’s web browser

March 13, 2022 / / 0 Comments

My write up of NetworkChuck’s video on BeEF

BeEF – The Browser Exploitation Framework

(DISCLAIMER – DO NOT USE THIS TO ATTACK ANY COMPUTER OF ANY DESCRIPTION UNLESS YOU HAVE PERMISSION TO DO SO. IT’S COMPLETELY ILLEGAL)

What do you need?

  • Linux Server
  • BeEF
  • Victim (friends, family or even your own computer)

Linode sponsors NetworkChuck’s video and they are a good place to rent servers. They offer a minimalist server for $5 dollars a month and they also have an introductory offer of a certain amount of free credit when you sign up to an account. 

Setting up the BeEf Server

  • Go to Linode.com and set up an new account
  • Go to the Marketplace tab
  • Select BeEF
  • Go to BeEF options
  • Enter a password 
  • Enter an email address
  • Create a limited sudo user with password
  • Choose a region close to you
  • Select plan – go cheap
  • Label box
  • Password for root user (will be used for SSH)
  • Click ‘Create Linode’

The server will take a while to provision which basically means that the server is setting itself up with the BeEF software. Once that is done look for the Access panel and specifically the SSH Access option. There is a clipboard icon to the right which you can click to copy to the clipboard.

Open the Command Line (Windows) or Terminal (Mac/Linux) and paste the SHH command. It’s going to ask you if you want to continue, type yes and then give the root password.

So now you are in your BeEF server. Next enter cat /root/beef.info and it should come up with 

#BEEF INSTALLATION COMPLETE#

Below should be: Endpoint and then a URL. This is a legitimate SSL website. Grab this URL, copy and paste into notepad and then into a browser and there it is, the BeEF server!

User: beef

Password is the password you entered in the setup process under BeEF options.

This will take you to the Getting Started page. Notice on the left there are ‘Hooked Browsers’ where browsers that have been successfully attacked will be listed. To hook your first browser copy the ‘advanced version’ link. This is the link that you would send to your victim in the hope that they will click on it and then the browser they use will then be ‘hooked’ by your BeEF server! You can then go back to the BeEF console and you will see it listed under the hooked browsers. 

Attack!

To begin with, try this out on a dummy browser on your own computer. Once the browser is listed in the console then click on it and you will be given a page with various tabs available, go to Details and there is a whole list of information on the browser that has been hooked. Next go to Commands and this is where the fun begins. Let’s try:

Browser > Create Alert Dialog – enter “You just got hacked!!” in the ‘Alert text’ box. Click Execute and your victims browser will alert the user to this unfortunate fact.

Social Engineering > Google Phishing Page – this will create a fake google sign in page in the victim’s browser. Their google login details will then be captured by your BeEF server.

Social Engineering > Fake LastPass – this will create a LastPass pop up in their browser which will also capture their login details. In this case it will capture each keystroke so if they stop half way through because they get suspicious or something then you will still get some information.

Network > Identify LAN subnets, Ping Sweep, Get HTTP Servers, Fingerprint Local Network – various commands that will scan, map and log the victims network and systems.

Browser > Redirect Browser (RickRoll) – as the name suggests, will redirect their browser to a RickRoll video. Har har.

These are just a few of the many things that BeEF can do so go ahead and try some stuff out but only hack computers that you have permission for.  ETHICAL HACKING ONLY

If you are not already a follower of NetworkChuck then please go to his YouTube channel or website. He makes engaging and relevant IT videos.

Simple ASCII Converter

March 6, 2022 / / 0 Comments 
while True:
    x = (input("Enter character or ASCII value for conversion or q to quit: "))
    if x == "q":
        break
    if len(x) > 1 and not x.isdigit():
        print("not applicable: fail")
        break
    elif x.isdigit():
        print(chr(int(x)))
    else:
        print(ord(x))

So you are relatively new to programming, like me, and you have got a few concepts under your belt. Probably you are bored of print(“Hello world!”). You are looking for a basic program to write. Something that is actually relevant to IT.

While I was going over notes from the Programming Expert course, I was messing around with a while loop and ASCII conversion functions ord and chr. If you are not familiar with ASCII then just know that it is a numerical value given to each symbol/character we use in computing. So a = 97, A = 65, # = 35 and so on.

The Crux of the Matter

print(ord(x))

will print the ASCII value of the variable x

print(chr(x))

will print the character of the variable x

These are the active ingredients of this little program. Let’s look at the rest of it:

Line 1: Creates an infinite loop. In which we will put our block of code.

Line 2: Asks the user to input a number or character and puts this in the variable x. It also gives the user the option to quit the infinite loop.

Line 3+4: Enables the quit feature.

Line 5+6+7: Input validation. The ord and char functions are a bit fussy and will only take an integer or a single character respectively. So this if statement effectively says that if the length of the input is greater than one character and is not a digit then it’s no good and the user is told as much. (Note that even if a float is entered then this will be more than one character and will fail too.)

Line 8/9: The next part of the if statement is an elif which asks if x is a digit then print the character associated with the value. It has been converted from the string the user entered, to an integer which the function can read.

Line 10/11: Anything else must be a single character and is then converted to a value.

And there you have it. Admittedly this is a simple converter which only accepts one input at a time and can’t deal with [DELETE] for example but it’s still pretty neat. I am finding it’s important to gain confidence at coding by experimenting with small programs.

Programming Expert

March 4, 2022 / / 0 Comments

Recently started a new course called Programming Expert.

Coding is not essential for an IT career but it sure as helps and although intimidating it is also fascinating. Getting a program to work for the first time is a buzz. If you intend to go into Cyber Security then you definitely need some coding skills and Python is a great language for this and also is beginner friendly.

I tried the usual YouTube offerings:

(too name just a few) for learning to code and no doubt this is absolutely a viable option but it is hard to get a structure to your learning going this way. So I signed up to an official course from a group of programmers including Tim Ruscica.

It was $59 for a year from the videos I’ve watched on his YT channel his style came across as easy to follow and he clearly knows what he’s talking about. In my opinion if you are going to be listening the same person for hours while they try and teach you to code, surely a experience which will get you frustrated at times, then you need to get on with their general style.

More importantly this course boasts the following features:

  • Streamlined Platform
  • A Comprehensive Curriculum
  • Designed By Experts. Taught By Experts
  • High-Quality Videos
  • Hundreds Of Practice Questions
  • Practical Programming Projects
  • Feature-Rich Coding Workspace
  • Certificate Of Completion

These add up to an experience which is on another level compared with trying to learn from a “Learn Python in 6 Hours” video. For example on the more challenging Practice Questions (most of them) there’s not just the solutions revealed but also a separate video to explain how to solve the problem.

I am halfway through the fundamentals stage and will post updates as I go.

Individual IT Certs OR Full Course?

March 4, 2022 / / 0 Comments
Is it better to take individual IT certificates or enrol in a full course? 

I am looking at changing my career to something on the IT > Cyber Security spectrum. There is a world of choice out there and without having a degree the common consensus appears to be ‘get some certs’.

CompTIA is the most prominent organisation in terms of ‘industry standard’ certificates but there are many others like CISCO, AWS, ORACLE and more. On top of this you can find organisations who offer training for these courses: Codecademy, Esme Learning, TheKnowledgeAcademy, TheTrainingRoom etc

OR you can go down the university route with part-time/full-time diplomas, certificates and fast tracked MSCs (if you already have a degree or work experience) but these will cost you a lot more.

Looking at the official CompTIA website the pricing for the exams themselves you are looking at the £200 mark. TheTrainingRoom offer a course, amongst others, called Cyber Security Technologist which includes: ITF, A+, Network +, Security +, and a choice of CySA+ or PenTest+ for a total of £2995.

So roughly £2000 extra. For this you get structured learning, a tutor and after completion guaranteed job interviews with a Career Support Officer. It’s well worth noting that in this course you will only take one exam for the final certificate which, assuming you pass, then gives you the certificates for all the subjects. This is just one example of a training organisation but I think it gives a good idea of what the difference is between taking individual certs and a full course.

Attempting to do A+ off your own back is a reasonable prospect in my opinion but when you get into Security+ and CySA+ then I think you would be really struggling to learn effectively and continuously. However there are other options for tuition than an organisation such as TheTrainingRoom for example an online enterprise called ITProTv and they cover all the certificates in question here, and many many more. 

Their training model is primarily video based although they do have Job Resources and Learning Coach listed in the Resources menu. I enquired about the Learning Coach and it transpires that it’s not the same thing as a tutor, which TheTrainingRoom provide but simply someone who guides you through the learning process rather than the actual course content. This is a big difference if you have any tricky parts of the course which you are struggling to understand. ITProTV do provide a forum which is constantly monitored and replied to by their IT professionals. It’s up to the individual to decide which system they would prefer for the money.

The Premium Plan at ITProTV is $499 (£361) a year. This should be plenty of time for most people to complete the five certificates so you effectively spend £1634 for a tutor and the post completion job interviews that TheTrainingRoom provides. Seems like a lot.

To summarise, the best option for most people would be to buy the CompTIA exams individually and pay for separate online training. It saves you money and keeps your options open should you complete the first certificate(s) and then decide that you want to head in a different direction with your learning.

© 2025 timnott-it

Theme by Anders NorénUp ↑