First Week of School

Hello World!

I am officially a sophomore! When I request jobs and research positions, I no longer have to try to pretend I’m older than I am, which is nice. I will miss being able to impress people by doing neat things as a freshman though. Oh well!

Kobe

In two weeks, the cybersecurity team will be going to a competition at Stanford, so we met in the basement of Kobe Mini Mart to train for it. We generally choose Kobe because it’s a very small store so people don’t monitor the wifi, and see all the mildly suspicious stuff we are doing. None of the things we are doing are illegal or harmful, but they use tools that are often used for things that are illegal and harmful, so somebody might be alarmed. Also, it’s got a nice sized basement with a bunch of tables, and nobody ejects us from the premises when we stay there all day without buying anything. But if you think that’s the only reason we chose the place, you have clearly never entered the wondrous weaboo paradise that is Kobe Mini Mart.

Kobe

The upstairs area of Kobe is a simple general store style room with various sorts of Japanese food and merchandise. Nothing all that unusual, and kind of like the things you would see in any Japanese style store. Poke Sticks, Ramune, Hi-Chews, and other things. The food is so processed that sometimes my friends and I compete to see who can get the food with the fewest recognizable ingredients — one time I won with a drink that was literally called lemon-lime flavored beverage. It was quite tasty!

When you go downstairs into hallowed basement of Kobe Mini Mart however, you enter a different world. It is a land where individuals can spend their entire day reading the enormous collections of manga, observing the gorgeous piles of pusheens and other plushies, trying out the bizarre anime themed hats and shirts, and geeking out in general. For those with more adult tastes there are instructions on how to play the poke stick kissing game, as well as mildly smutty anime posters. There are retro video games, ping pong, foosball, and white boards to do schoolwork on. There is a water boiler for heating up instant ramen, and equipment for making boba tea. It is a safe haven for otakus away from the harsh environment of the outside world.

kobe
kobe
kobe
kobe
kobe
kobe
kobe

Once I was within the protective embrace of the Kobe Mini Mart basement, I met up with four other members of the cybersecurity club, and under the exquisite leadership of Grayson and Kevin, the two best hackers in all of UC Davis, we began to train for the Stanford Cybersecurity competition. Unfortunately, none of us had downloaded the files that Grayson told us to download, and the wifi was very slow. So it took us a bit to get set up. After that, Grayson showed me how to escalate privileges using Hack The Box penetration testing labs, which is a fairly mainstream suite of pentesting challenges. Escalating privileges is when you get into a webserver, and trick it into thinking you are a user. From there, you can trick it into thinking you are root. Sometimes there are more than three layers, but in this case there was only visitor, user, and root. There was a sample website that mimicked a very simple photo uploading site, that you had to get root access on. While it seemed to be a complex endeavor, it actually turned out to be very doable.

hack the box

First, I used dirbuster to identify all the pages in the website. Lets say you have a website called http://www.foo.com. If there is a webpage in it called bar.html, you can navigate to it by typing http://www.foo.com/bar.html. Sometimes, the website designers want to you access bar.html, and they will put a link on their main page directing you towards it. Sometimes, however, it will be a webpage that stores the backup in case the website crashes, or a webpage that stores information useful to the programmer, but not the user. In that case, dirbuster is very helpful. It goes through all the common extensions, and sees if they exist. In this case, it found a /backup folder. In the backup folder there were various files such as index.php, photos.php, and others. From this, I could tell two things. One, the site’s back end was written in php. Two, since it was a backup folder, there were likely also the same files in the main folder. So I navigated to the main folder, and added /index.php, and sure enough there was a file!

hack the box

So this is a web server you can upload things to. That makes it fairly easy to hack — just upload a photo that is actually a back door. Like in most websites, the way you find a photo was to navigate to the photos folder, and add a /whatever_your_photo_name_is.jpg to see it. In our case, we put in a web shell, which would allow us to type commands into that page and have them executed. So I used a simple web shell that Kevin wrote, and put a .gif after it so that the site thought it was a gif and accepted it. It was then uploaded, and when I went to the uploads folder I had access to a web shell and could manipulate the web server. I moved around in the server a bit, and found that there was a user, who had user privileges, named Guly. So I then escalated my privileges to be Guly. That was fairly difficult, and I needed a good amount of help from Grayson and Kevin. But basically what I did was use a script that Guly had written, and since he had written it had user privileges. The script took in data that the user gave it, and if the user gave it data that looked like a command, the command would be run. So I used the script to upload a reverse shell into Guly’s folder. A reverse shell is when you type commands into your own command line, and they are executed by the website.

We had to split this session up among two days, and by this time it was noon of day two. The first day we just bought some 1.50$ ramen from upstairs, but this time we decided to go out to lunch. Kevin is from China, so he took us to a very authentic Chinese food place, which is rare in Davis. They spoke to him in Mandarin and we had him order for us, and the food was very good! They weren’t so good at translating the foods into English, so sometimes Kevin would translate for us. One time they translated ‘sugar’ into ‘cane sheets’ which was a bit odd. We ate directly off the communal plates, except for the fried rice which we put in our individual rice bowls. It was very interesting! Apparently this was the place that all the international students from China went to when they wanted decent authentic Chinese food.

Then we went to T4, got some boba, and I escalated my privileges to root on my own. When you have root, you can do almost anything. In our case, the root had written a script that ran another script every three minutes. You could alter that script that was run every three minutes, and it would be run by root. So you just had to make the script elevate you to root, because that script had root privileges. So I just had to use some command injection to inject the command ‘sudo bash’ which allowed me to type bash directly from the root directory. It was my first successful server hack! Hopefully I’ll learn enough to do well by the time the competition comes.

Some of the Hyperloop folks met up in Chevron lab on Friday to clean up the place so that when the fire marshal comes by to do an inspection, they aren’t alarmed by anything they see. The place was in fairly good shape fire-wise, but it definitely needed some cleaning. There was a bunch of stuff there that was either junk, or needs to be sold to some other team. I also got prepped for what I need to do for Hyperloop this year!

d20

I played three games of D&D this week! Some may say that three games, each lasting around four hours, it a bit excessive, but I disagree! And they were all during the two days before school started so there was time. The first game was with my original D&D group, and I was playing Carxes Caryinax, my extremely arrogant Trition Paladin. His father just died, so he is now calling himself King Carxes II of house Caryinax, much to the irritation of the other players. We were so loud that somebody came over from a few doors down because they could tell we were playing D&D and wanted to watch! It was fantastic. The second one was the fourth and last session of what was supposed to be a one session game. The Dungeon Master had never led a game before, so he wasn’t super accurate in measuring how fast we would go. I tested out my new Kenku Sorcerer, Mavet, and she’s turning out quite nicely. She is very focused on the balance between life and death, and plays a lute (which I represent with my electric guitar). The end of the campaign was based off Five Nights at Freddys, and it included a character Bo Silvertounge, played by a very enigmatic friend of mine, who has not yet given me permission to say his name in my blog. He is a linguistics major, pole vaulter, masseuse (he will not tell us how he learned to give massages), artist (he drew the house Cannis posters I showed you in my last post) and is apparently a fan of the spin laundry lounge. Every time I meet him he seems to have learned something new and I sometimes wonder if he is a Martian in disguise. Bo Silvertounge had three nameless child servants, who he appeared to care about despite the creepiness of essentially owning children. In the end, he named them Ufo Strong, Ufo Brave, and Ufo Goodboy, and then they died. Then the night before school started, we, the five dwellers of the 248 apartment played the first D&D game of our apartment campaign. It’s just the five of us, and for one person it’s the first time they’ve played D&D. The Dungeon Master was wearing his Navy Girlfriend shirt, which he got by being in the Naval branch of ROTC, but he somehow managed to transcend that absurdity and create one of the best games I’ve ever played. I’m playing Mavet the Kenku Grave Sorcerer, and will likely keep you posted on how the game goes.

bag

This model is cheaper so I bought it, but it’s less stable so it makes noise when I hit it. Since we have a porch in the apartment, I could put my punching bag up there and I’ve been getting back into practice with MMA! It’s only standup, no grappling, but the standup is more important anyways because if you’re short like me, you have a serious disadvantage on the ground. Many people say that ground technique depends mostly on skill, and maybe that’s true for the extremely skilled, but from what I’ve seen it’s usually the bigger person that wins. When you’re on your feet though, skill is much more important, so I can fight reasonably well so long as I’m on my feet. I’ve been practicing the standard MMA punches, and have started mixing some kicks in, and I think by the end of the year I should be back up to where I was before I left for college.

This site’s been getting more viewers lately, so any and all comments about how I could make this site any better would be much appreciated.

May you be ever victorious in your future endeavors!
M.E.W