Matthew learns Pentesting/EH

 Here are my notes from the functions lesson of the PEH. I think this was a fairly easy lesson to follow along with. My biggest take away I think is the importance of the indentation. As well as the fact that you can have single or multiple parameters. And as a reminder the '#' on the right-hand side of the code are my notes for later. I have always like keeping shorthand reminders that call back things rather than long drawn-out notes. But if you need any clarification please comment or message me on my social medias and I will try and elaborate.  Remember feel free to contact me on  LinkedIn  or  Twitter

 In here we learn a few different things, now this is not a developer course so when I say advanced, I am meaning like advanced beginner. We are not trying to code whole programs. We are simply trying to get exposure to some more advanced techniques that may come in handy while trying to find vulnerabilities in a system for a client. Here we see how to pull letters from a word, pull a word from a sentence split a sentence, join that sentence (and yes I know I spelled it wrong in the program....still worked in the end lol), how to section off part of your sentence to be able to put quotation marks in your sentence, we learn how to search for a letter in a word but also how to look for the letter no matter if its upper or lower case and how to insert a word into a sentence.  Please reach out on  LinkedIn  or  Twitter

 Looping was pretty self-explanatory and very similar to what we did in bash. So we did for loops, now if we remember and for loop runs from the start to finish of a loop. But we also did a while loop, which continues to execute as long as something is true. Now I got a little ahead of myself and I am going to show you and then I will post the finished correct loop. This is a pretty simple one where it printed the name of the veggies.                             Now can you see the mistake here? I wanted it to print 1,2,3,4,... to10. But I told it to print 1. Now what I thought was worth noting and interesting is that it still only counted to 10 and then stopped. SO just because I had messed up and it didn't print the correct numbers it still ran properly. And this is the correct way, this ended with it printing 1,2,3,4,... As always feel free to reach out on  LinkedIn  or  Twitter

 Today we spent a little time but not much on both Tuples and Imports and since they were such small lessons, instead of making 2 smaller posts I decided to combine them. The instructor said there was more to learn on tuples but we only needed to be able to recognize them.  Important take aways are: They are similar to lists but with () instead of [] They cannot be changed like list can.  Now as far as imports the important thing I took away is that there are certain things in which you might need such as date/time, system information, or different libraries that need to be imported and you can do this with the regular command or you can add an alias so its easier to type. Feel free to reach out on  LinkedIn  or  Twitter

 This was a fairly simple exercise. Important parts not in the pictures are Lists are always in brackets "[]" and numbering starts at 0. So be mindful your first item in a list is 0 not 1  Feel free to contact me on  LinkedIn  or  Twitter

 Here we learned about we learned about conditional statements. So, like with everything in computers its almost exactly what it sounds like. If this is true, then return this and if this or this is true then return that. the important ones are just what I said;  if"" return ""  elif (which stands for else if) return  Important to remember indentation here  Also, on this one I showed what was printed with the final script so we can see how the output of each statement correlates    Feel free to contact me at  LinkedIn  or  Twitter  

In this one we learned about relational and boolean operators. And for me much or what it is, is exactly what the name states. How are 2 statements in relation to each other, and we are talking about what we learned in the last lesson boolean statments (so true or false) So what I mean can be best described by truth table. I am putting one I found on google on here. Mind you this is not my table nor could I find the authors name. But I thought it had alot of great information, so if you do happen to know who it is please let me know so I can give credit  As you can see some of its cut off but 0 ==1 is False and 0 ==0 is true. And here is the script I wrote: Feel  free to contact me on  LinkedIn  or  Twitter

 So in this episode... jk. We learned variables and methods today and I found it interesting all the different ways you could achieve the same thing. But what it seems to me is as long as you define what that variable is in the proper way really the variables can be anything you want. Does anyone know if that is true or not? I hearing my son get up so I am going to finish this hear and come back later to edit it. 

 This lesson was short and sweet and easy to understand. So, a Boolean expression is just an expression of true and false. Which my understanding is that it comes in handy later on when you call functions like, if such and such is true then do blah. Please find me on  LinkedIn  or  Twitter

Today was pretty fun. It was a simple lesson but one I think will be handy. I am a huge math geek. My 3 year old and I randomly add the numbers we see on the street and he is getting to the point he can do his multplication tables up to 10 already. So learning that python can do math by scripting it makes sense but I can also see how that might be handy in the future when I am writing more advanced scripts for vulnerabilities in a system. As I am sure I have said pentesting isnt where I want to stop. I want to go full red team and overall I want to be good at as much in cyber as possible. I mean the goal is to do as much good with this knowledge as possible so learning scripting on all angles would make me more effective but anyways, we did some simple scripting for math and it sounded like we will get to the more advanced in a later lesson.  Check it out and if you know of some simple scripts I can add to my math knowledge let me know I would love to give it a try. Feel free to re...

 In this one I learned how to write out some python. This is my first lesson in it but it was cool to learn the different ways you can add lines, Be it double quote, single quote, multi-line or concatenate. Also, it's nice you can leave notes for yourself. I don't know about you guys, but I love taking notes because then I don't have to try and remember every single thing. I can leave a key word or phrase that I know will jog my memory Yeah I know I did it again. I promise I will start double checking my work earlier I know these are very basic but basic is where I am at and I am sure some of you are too so lets enjoy that journey. The pursuit of knowledge should be what we are striving for. Its fun learning new things, or even refreshing what you might not have seen for a while now.   

 I first want to apologize for the couple days I have been off. I had some personal things to take care of and then lost everything from my PEH course so had to get everything back in order.  So today we learned to script in bash. We were running an IP sweep which I had another little symbol slip past me. I think in the first 3 photos you can see it. If you see it leave a comment. I did end up getting it fixed and running it.  This picture here ^ I actually tried to run the program getting an error message This ^ is where I figured out my mistake and fixed it  And this ^ was how we cleaned it up a little more to make it function and look a little better I had fun with this one. I have played around in Linux and ran a few commands, but this is the first time I scripted something and actually ran it.  I would love to hear from you guys with any constructive feedback or maybe some other scripts I should try as a newbie.  You can also connect with me on LinkedI...

 Ok so today's is one of those things where I am not proud it took so long but I am proud that I finally came up with a solution.  On pentesterlab I have been trying for a couple hours to use burp repeater to do a file upload injection but for some reason it wouldn't work. So, I decided to switch to using OWASP Zap to try on that tool and it didn't work.  I started getting frustrated and decided I would step back and try and think about a different way to do things. Then I realized all I was trying to do was rename a file from test.php to test.php3 and upload it and repeater was just stopping me from having to rewrite the file on my desktop. SO, I figured I had already written the php code, so I went in copied what was in the file and created a new file with the test.php3 name and uploaded it the regular way. Now I know this is not the way pentesterlab has it set up BUT.... I would argue this. I spent probably 3 hours trying to do it their way. And time and again in the l...

 So, I have stated that when I am stuck, I take a step back for a few minutes, but I wanted to explain that I don't just go and do nothing.  True there are times when I go play with my son or cook my family lunch, or whatever. But for me my learning right now is to a point that I feel like I need it for my sanity. But on the same hand when I get stuck on something that, maybe I think I shouldn't it drives me nuts, LOL. I have high expectations of myself, so I can get hard on myself when I don't immediately get something. But back to the topic. Let's take this morning for example, I was working through what should have been an easy task on  PentesterLab , but one of my computers is down so I am working on the one I never installed VIM on, which this exercise called for. I thought no problem how hard can it be to install VIM on Windows. And I was correct it wasn't that hard. I started going through the task and it wasn't working, and I couldn't tell why. So, I...

 So today I was working on the exercise "Server Side Template Injection 01" on  Pentesterlab . I try and do all my exercises on both laptops at the same time. This does 2 thing for me; 1) I get to see how it works on 2 different systems a windows in the Edge browser and a Chromebook in the Chrome browser. I got this idea after I had to switch on one exercise and noticed subtle differences. While this seems like common sense for some reason it was something I never thought about before. So from that point forward I thought more exposure is good so I solve all the exercises on both.  2) I can solve on one while watching the walk through video on the other. For me it is easier and clicks in my head better if I don't have to watch, pause, execute, watch, pause, execute. But back to my point while watching the video I kept getting frustrated cause I thought I was doing exactly what he was doing. I switched back and forth between computers, restarted 3x's, stepped away and ...

 So let me first say thank you for joining me in this journey. I wanted to take a minute to introduce myself. First and foremost, I am not an English major, and this blog will not be perfect grammar. This will  act more like a journal entry style blog.  My name is Matthew and I am an Army veteran, a former barber, former motorcycle mechanic, a dad, husband, and recently I am finding a love for cyber red team activities. I have been interested in cyber passively for some time, but never ally took it seriously. Then when we were quarantined for COVID I ended up losing my barbering business and kinda was thrown for a loop. For the better part of 2 decades barbering has been all I have known. Heck in most circles no one even knew my name, I was simply "The Barber." Now the next part is something that I am only going to share because it is relevant to my decision to explore cyber security as a career.  As a veteran I have been diagnosed, like many, with PTSD. Being quaran...