A long time ago, I built a computer and have since sparsely used it as a home server. The last time I reinstalled an operating system on it, I installed Ubuntu Desktop Eoan and never remembers to update the machine. This blog post will serve as a record of what I did to setup the machine again after wiping it. Services I installed included ufw ssh ftp Minecraft Samba fileshare While attempting to install samba on the old system, apt update failed.

One of my goals for 2022 is to blog more frequently. I used to try and get a post out weekly when this blog was originally a college project. Weekly turned into monthly posts as my content got more technical and my career took off. Last year I posted once. Now that ends! I’m kicking off this revival with a site refresh. HackerUnderDev is moving away from a WordPress site running on a DigitalOcean droplet for a Hugo site running on Netlify.

There is no get rich quick schemes to maximize your finances. Hacking is not cyber crime. If you think this post is going to be 5 steps to become a millionaire or advice on how to steal money, you’re wrong. This is a collection of advice I’ve picked up in recent years and suggest you follow. I will also admit that I have been blessed. My family is not poor, I grew up in a good area and received a strong education.

4/9/2022 Update: After migrating from WordPress to Hugo, I do not have the ability to password protect blog posts. All content will be public and because of that these decryption instructions are no longer worthwhile for https://hackerunder.dev. I will not be posting content that requires password protection. For example, I previously shared unretired hackthebox machine walkthroughs but required hashes as the password for the post. This decryption method was copied from 0xPrashant and his own blog.

Words of inspiration for many and an explanation to others who only see hackers as problems. Maybe one day I’ll base this manifesto to write my own. First it’s important to dig deep and see what’s going on then find how to put it into one clear document. Copied from Phrack Magazine <pre class="wp-block-preformatted">==Phrack Inc.== Volume One, Issue 7, Phile 3 of 10 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The following was written shortly after my arrest.

I’ve had a love hate relationship with Minecraft since I bought the beta when I was in highschool 2011. Throughout the years I’ve played countless local games, and joined others online in public servers. Over the last decade, I cycled through playing, getting mad at myself for not being productive, and taking a break. Lately I’ve been watching Hermitcraft more than playing or working combined. To convince myself I was being productive, I told myself starting a Minecraft server to play with friends and family would be a worthwhile systems administration and security project.

Another year, maybe decade, has come and gone and it’s time for me to review 2019. I realize I have not blogged consistently and that’s due to a couple different reasons. Work is busy, I burned out while studying, and there are some personal changes in my life. All that said, not much has changed my priorities. I still want to learn to be a better hacker and to give back to the community that gave me so much.

This year seemed to fly by, but looking back a lot has happened. This is a summary of what I did in 2018. Tackling the OSCP If there’s one thing I’m going to struggle with recording on the internet… it’s that I’ve struggled with the OSCP exam three times. With each attempt I have gotten better and better, but I still need to try harder. Looking back, there’s more I need to do in the PWK course.

Like years before, I want to share a summary of what I have accomplished. While there has been months where I feel like I focused on everything except security, my notes for 2017 turned out to be pretty extensive. One of the first things I did this year was go to Shmoocon. I was not able to get a ticket, but that did not stop me from getting on a plane and tagging along with Infosystir (Amanda)!

2016 has been a crazy year, and I’m not talking about celebrities, politics or world news. A lot of security related things have happened for me personally. I wanted to base this post chronologically on what I’ve done. One of the first screenshots from 2016 is a constant reminder for me. What’s the first rule of infosec? Troll first, work later. I’ve come to realize that Twitter is the diving platform everyone needs.

A long long time ago, I wrote a blog post about trying to assemble a new Folger Tech 3D printer. Long story short, I was given a bad Arduino board that started to smoke as soon as it was plugged. I spent weeks trying to get help from Folger to check my wiring, because to the best of my knowledge I had followed their instructions and I didn’t know what was wrong.

In July of 2015, I volunteered to create a web app to score college gymnastics. There’s an old blog post from my original COGSS project. COGSS 2.0 is going to be a place to submit scores and have rankings for a meet. Sounds simple right? Turns out it is not, this project feels like it is turning into a full blown application which ideally would require a dev team… Instead there is me!

2015 has been quite the year for me! For one, I started blogging about information security and software development. I added a category for hardware, but I haven’t been able to dive very deep into those projects (yet). This blog post will be a review of all of the content I’ve blogged about, hopefully it’ll be a good collection of how much I’ve grown. To prove I really am what my tag line says; that I’m better than I was a year ago.

Hey everyone, it’s been a while since I’ve written something about hardware. I’ll share a current project of mine that has taken some interesting turns. Something that is all the age right now is 3D printing. Most assembled printers range from $400 to $800 and that can range on a lot of things from filament type to the hardware in use. Kits generally run cheaper, because you have to assemble them yourself.

If you’ve been following my posts, you’ll know that I do some consulting on the side for some websites. LCORI is the Lake Chemung Outdoor Resort in Howell, Michigan. My grandma has been working on the board for more than a few years. She came to me asking to help fix the navbar on www.lcori.com, and I was happy to help. After getting into the code, I saw that it was a bit of a mess.

If you have tinkered with computer hardware projects before, I hope you have checked out hackaday.com. They are a famous website that re-posts about many kinds of hardware hacks. If you have found a new toy you want to customize or want to be inspired by other hackers or makers, hackaday is a great start and I visit the site frequently. Now, me being the “young, easily misguided, and overly willing kid” I was when I read an article titled Hacking a Cheap Toy Quadcopter to Work with an Arduino my first reaction was “Awesome!

Hey everyone, so at work we’ve had a couple vulnerabilities pop up so I was privileged with writing this up and I wanted to share it with you. I hope you find it interesting! Sorry it’s such a long read. There’s two parts, one for SQL injection and one for Cross Site Scripting. SQL Injection Check out SQL injection on OWASP SQL injection is, simply put, a user adding additional requests to your database calls.

Something pretty basic that I didn’t cover early on is anonymity. Do bank robbers wear masks? Unless you want the police knocking on your door the next day. I suggest you look up the Tor project. It’s a proxy network that divides your data into packets and sends each one randomly through different bots on the network. While some may say Tor isn’t secure. You need to realize that nothing is perfectly secure.

How do you learn to hack? Read a book! Here are the books I have shown: Hacking exposed 6 Violent python The web application Hackers Handbook 2 A bug hunter’s diary

Ok, lets review, we know our basics. We know how to use a computer, we know how to write code, we know what unix systems like Linux are, and we know how to use Unix tools like those provided in Kali. Wait, I still can’t get into my friends Facebook account, what are we really learning anyways? Well giant corporations like Google or Facebook are hard to hack, especially for people new to hacking like us.