· 5 min read

Kalifornication

A Decorative Image

You know how you make a resolution, and then go ahead and tell the whole world because you think it will make you more committed?

A Decorative Image

Some Fluff (skip for content)

Almost a year ago, amidst war and unemployment, I was diagnosed with breast cancer. Initially I thought it will NOT stop me. I had plans, gosh darn it, I had all that free time being plugged to an IV drip, I was going to make life take those lemons back, I mean, it’s just cancer, not like it’s life-threatening or anything. And you know what, at first I realy did manage to keep it up. Started learning Kotlin, enrolled in a HackTheBox course, even managed to post some content. After a while, though, the meds, they got to me. The first thing to go was the blog: the learning part was difficult enough without turning it into content, it was too meta for me to handle. Then I put the hacking stuff on a backburner, and focused on Kotlin. After a while I noticed that taking a break of more than a couple of days, which was pretty common post-chemo, would flush my short-term memory completely, as if I hadn’t been studying at all. I’d look at my own notes and had no memory of making them.

A Decorative Image

Then there was surgery, recovery, radiation treatments, injections, meds… Meds to deal with the cancer, meds to deal with the meds dealing with the cancer, meds to help me eat and sleep and cope with the abundance of side effects. If the mind is like a sheet of paper, mine was being torn to tiny pieces, and I could only focus on things that would fit on the tiniest shred (read: lots of YouTube shorts). I had some productive days and even weeks, but they were few and far between. The hardest part was realising that I, the one who was always On Top Of Things, was now forgetful and confused. My mental health was plummeting.

But then, almost imperceptibly, things started to just get… better. My concentration was improving, my memory was lasting longer, I was able to follow my husbands’ fast-paced Balatro sessions (to his infinite delight). I traded some coping mechanisms of the ahem medicinal persuasion for holistic ones. I bought a bike. I started dancing. And now, I AM HERE! Hello! It’s good to be back!

A Decorative Image

Back to Hacking Boxes

As I may have mentioned in an older post, my career started in QA, which is basically trying to break things. There were many things about that profession I didn’t like, but the breaking things part wasn’t one of them. So, I enrolled in HackTheBox academy and started with the Bug Bounty job role path, because why break one product for one company if I can learn to break all of ’em?

HTB academy has a very nice setup. Every module has dedicated targets for practise attacks, and a student can spawn a PawnBox VM right in the browser, complete with all the necessary tools and programs. If I want to play around with the tools, however, let alone continue using them as part of some sort of (gasp!) career, I should have my own environment, tooled to my liking.

My daily driver is a Macbook Pro, running on Apple silicon. I really enjoy the simplicity of a unix-based system, and installing tools using Homebrew is pure bliss compared to the clunky Windows installers. As I was going through the modules, I was installing every tool mentioned - Burpsuite and OWASP ZAP, various crawlers and fuzzers, wordlist libraries and such.

Pictured: a fuzzy crawlie
Pictured: a fuzzy crawlie

Sometimes it really was as simple as brew install literally-anything, other times I had to wrestle a bit with python venvs. Then I tried installing a tool called Nikto, a web server scanner. Nikto is written in perl. No problem, I’ll install perl. Then, Nikto wouldn’t run due to missing modules, which of course can’t be installed using brew but rather something called cpan. After some faffing about, Nikto was able to run successfully! Then I noticed it wasn’t able to run TLS/SSL, making it somewhat useless. Installing the relevant SSL library led me down another rabbit hole, at the end of which Nikto was completely broken and wouldn’t run at all.

At this point, I could continue wrestling perl modules and versions to make it work locally, or throwing in the towel and using the HTB Academy PawnBox. But there was a third option…

Kali linux

I was curious about getting a Kali VM to do my dirty work, not only for the sake of separation and protection of my own env, but for the abundance of pre-installed tools, updates and documentation.

There are no free virtualization solutions for Mac, however. I toyed with the idea of splurging on an AWS VM, and maybe I will do so in the future if I really want a GUI, but for now, I figured I’d give kali-docker a chance.

Installing it was easy as heck. First, you make sure you have docker installed. Then, you go the the Kali website and follow the instructions for installing and using Kali Linux Docker images. I went with their recommendation, and installed the kali-rolling image. It is important to note that the image doesn’t come with anything pre-installed, so the first thing I did was installing the kali-linux-headless metapackage. There are plenty of various mepatackages for different uses (fuzzing, OSINT etc.), but you can also easily install additional tools using apt.

Now, time for some personalization. One thing I can’t go without is a good shell that can cover for my lightly-fried brain. I use Zsh with the autosuggestions and syntax-highlighting plugins (and also git because why use many words when few words do trick?). To use zsh in the docker, install it (apt install zsh) and then enter the zsh shell by typing zsh, et voila!

My setup isn’t ideal yet. Some tools (Burp/Zap, browser devtools/extensions) I still only use locally, which means I often get kerfuffled over which /etc/hosts file I need to update to do the HTB Academy exercises. Still, it is already better than using an in-browser VM, or struggling with perl libraries. Stay tuned for future improvements, how-to’s and other shenanigans!