hakk blog

Exploring Python Metaclasses

In this post I will take a look at using the type keyword to create dynamic classes on the fly (metaclasses). I’ll focus on type first and then look at using it as it relates to creating metaclasses. Type The most widely known use of type is to determine the type of an object. Python is an object oriented language which means that everything has a type. Let’s take a look at some examples: Read more...

Building Python on Ubuntu 16.04

For this post I am specifically working on Ubuntu 16.04 but I’m sure it could work on other versions as well, however a little while back I wrote another post about building python on docker. In this post I’m going to look at creating a chroot environment and then setting that up to complete the build. To setup the chroot environment I am going to be following along with this community post Let’s get started by installing the necessary packages Read more...

Creating a FreeBSD bootable USB on OS X

It’s pretty straightforward but I can’t remember some of the commands like I can on Linux. So I’m creating a little post for it so I don’t have to keep searching and thinking what did I do last time every time. Download the installation media Head over to the download page to and download the memstick image that’s right for your architecture, in my case it’s the amd64 image. Note: Make sure to verify the checksum, in order to do this you’ll need to download the checksum file. Read more...

Building Python on OpenBSD 6.2

Note: If there are patches for the software you want available in the ports tree, you probably want to look at the working with ports page. However, if you want to customize your build further read on. At the time of this writing I am in the process of building python 3.6.4. The build process could change in the future, but this is current build process, hopefully this will give someone the jumpstart they need to get going on this. Read more...

Building Python on Ubuntu 14.04

While hunting for the source of a bug earlier, I thought that it might be the cause of a bad binary. To remedy this I thought that I would build python from source and now I’m creating this post for some documentation on the process. During this I was using Ubuntu 14.04 (trusty) running on docker. First, install all the packages that will be needed for the build: # apt-get install build-essential libz-dev libssl-dev # apt-get build-dep python3 Notes: libz-dev is only needed if you want/need zlib support libssl-dev is only needed if you require ssl support. Read more...

Mr Robot - vulnhub write up

After getting this fired up virtualbox, the first thing I did and like to do is run an nmap scan. Huh, only http(s) ports open. PORT STATE SERVICE VERSION 22/tcp closed ssh 80/tcp open http Apache httpd 443/tcp open ssl/http Apache httpd When first visiting the site, I found this in the index source code USER_IP='208.185.115.6' I was hungup on this for quite a while. I kept thinking I could get more access if my ip address matched this but I finally moved on. Read more...

Vulnhub - RickdiculouslyEasy: 1

I had some time to play on the computer this weekend, so I decided that I would look into finding a CTF. After poking around reddit for a bit I finally remembered Vulnhub, how could I have forgotten. Any how, I found this challenge on the first page and thought it looked pretty interesting. Now let’s take a look at solving it. After booting it up on virtualbox it shows the assigned ip address, perfect. Read more...

Protonmail Dark Pattern?

I remember when bing used to do this on their mobile site, it would load then I would go to tap on the search box to focus my cursor and just as I was about to do that it would pop in an ad for their mobile app. Then I would have to close out of the play store and get back to actually searching. Now it seems that protonmail is doing something similar in that I navigate to their mobile site, wait for it to load. Read more...

Popunders In The Wild Technical Analysis

A more in depth look at what I did when checking out the PornHub popunder. I don’t know that I went about things in the right manner it’s what I did. Also, I want to note that I did all the analysis using an ubuntu virtual box with chrome installed. First, I opened the site and clicked around until I experienced a popunder, that didn’t take long but I did notice that it wasn’t showing me another one. Read more...

Finding Popunders In The Wild

What better place to find shady practices that wouldn’t be tolerated on more mainstream websites than porn sites. In this case we’ll check out PornHub and how they use popunders to display ads that may lead to malware? In the cases I found during my research it lead to an android app, I haven’t yet finished my analysis of the app. Also of note, I only looked at the mobile site and using chrome on Android. Read more...