Break restricted Environments. Spawn a shell, Evade common detections.

So Usually while solving CTF or doing some pentesting project you stuck on getting a shell because of some restricted shell environment or some detection tools.

While searching on this topic I came to this amazing link https://gtfobins.github.io/#+shell

The list on the website contains an awesome comprehensive list of some daily or uncommon bin exe which can help you to break free restriction in restricted environments. Usage of the Environment variable and how to elevate privilege is also mentioned out there. Few of the binary usages are quite uncommon could easily be used for malicious purposes. All n all a great information.

I tried my hands on a few of them.

Writing Chrome Extension. The javascript Journey.

So it has been many years that I m coding python now its time to turn to javascript as it is going everywhere. Although my first love will be python sometimes you gotta have options. That is what the economy says so let’s not get philosophical.

I need a framework that is easy to learn and it is fun to work upon so I choose google chrome extension to learn javascript.

The framework can be broken into different components easily

1. The first is manifest.json

manifest.json: as the name suggests it is the manifesto of the application. It is a synopsis kind of thing what an application going to perform it generally looks like this

for more information please refer to https://developer.chrome.com/extensions/getstarted

2.background scripts

Background scripts: These are the cron job kinda scripts which can be controlled via event generation mechanism. Mainly remains in listening mode

3. Front End scripts or Content scripts. They operate on the front end with the front HTML just like a normal script. They also provide events to the background scripts

3.Options page: if you want a separate tab for your extension that is what you are looking for.

Here is the complete architectural view.