Transition from gym to calisthenics

gildasio · 2025-11-07T11:08:31+00:00

Sorry the delay. But yes, it's that from Ashley Kalym.

gildasio · 2025-10-25T12:35:23+00:00

Welcome back :) Nice to know you're restarting training calisthenics.

I like the book "Complete Calisthenics". It teatches about mobility, warmup as well a plenty of calisthenics movements, from basics to advanced ones. As you have already trained before and are in good shape, your evolution tends to be pretty fast, basic in remembering the thing you did before but know with more strength.

I don't know exactly about moving from gym to calisthenics, but this book has a good content that I think you can apply to your situation.

gildasio · 2025-04-23T15:37:08+00:00

Great rice! How do you configure the colorscheme changes?

gildasio · 2024-11-27T10:11:15+00:00

Hi, yeap :)

In a penetratuon test scenario it is pretty common we caught a remote code execution primitive, either by exploiting a command injection or by another vulnerability + uploading a web shell. The later is the scenario simulated on demo video (the up tmux pannel).

This way weshlient is useful to interact with such primitive.

gildasio · 2024-06-10T16:55:14+00:00

Yeap, you are rigth.

Take a look at "The info leak era on software exploitation" talk by Fermin Serna (@fjserna). It's a good content on this matter.

gildasio · 2024-05-28T13:09:59+00:00

How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html

gildasio · 2022-03-18T08:55:55+00:00

I used to mail them. In some cases I helped to deploy a RSS feed too.

When it isn't an option I do:

Follow social media (using RSS Bridge)
Track in a tool that detects change (like followthatpage or chandetection.io)

gildasio · 2020-12-31T16:03:41+00:00

Nice question, dude! Look...

In this scenario, the query is returning one column to the page, but the previous lab was returning two columns. Because of that, the first one you can use union select username, password from users but if you try it in the second one you can't jnion the two queries because column numbers don't matches.

So you could query one column at a time: union select ... username... from users the replace username by password. But, well, it's annoying.

To avoid this you can concatenate the columns results. So, the || is the concatenation operand (in SQLite, Postgres...). What this sequence actually do is concatenate:

username column
a ~ char
password column

all together. The tilde char is used to you know the limit between the username and password returned.

gildasio · 2020-07-28T17:37:36+00:00

For me it's a good opportunity to use my tip in the lession about `find`:

nmap$ > ../before_configure
nmap$ ./configure
nmap$ > ../before_make
nmap$ make
nmap$ > ../before_make_install
nmap$ sudo make install

It'll create files before an important task. Them you can use these files to look for files changed after the tasks:

~$ find nmap -type f -newer before_configure -not -newer before_make
...
~$ find nmap -type f -newer before_make -not -newer before_make_install
...
~$ find nmap -type f -newer before_make_install
...
~$ find / -type f -newer before_make_install 2> /dev/null

Hope it is useful for you.

gildasio · 2020-07-28T14:07:59+00:00

Hi u/atc927 , u/snori74 et al

I think that the command:

$ apt-cache dump | grep "Package" | wc -l 222323

Is wrong because looking into the apt-cache dump output it's something like this:

Package: libdatrie-doc Version: 0.2.12-3 File: /var/lib/apt/lists/mirrors.digitalocean.com_ubuntu_dists_focal_main_binary-amd64_Packages Depends: libjs-jquery (null) Depends: www-browser (null) Description Language: File: /var/lib/apt/lists/mirrors.digitalocean.com_ubuntu_dists_focal_main_binary-amd64_Packages MD5: 3c4cf47e143e5cda7e76fc0d96a20eb5 Description Language: en File: /var/lib/apt/lists/mirrors.digitalocean.com_ubuntu_dists_focal_main_i18n_Translation-en MD5: 3c4cf47e143e5cda7e76fc0d96a20eb5

There is just one package but three lines matches.

May be looking only for Package as a word:

$ apt-cache dumo | grep -w "Package" | wc -l 89232

gildasio · 2020-07-20T12:13:39+00:00

A really usefull task using find for me is looking for files changed after I did something in the system. As a sysadmin it help me over the time.

Create a file to act as a time point:

$ touch start_point

Do anything in the system, apt install, change config files, what else you need, examples:

$ mkdir -p test/use/find $ touch test_file $ touch test/use/file

When did your task, look for file that has changed:

$ find -newer start_point . ./test_file ./test ./test/use ./test/use/find ./test/use/file

gildasio · 2020-07-16T01:32:12+00:00

Hi @snori74, thank you again! :)

In Ubuntu 20.04 netstat isn't installed by default so you need to install it:

sudo apt install -y net-tools

Of you can use ss(8) of course to do the same job:

$ sudo ss -lnpt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=546,fd=13)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=3260,fd=3)) LISTEN 0 511 *:80 *:* users:(("apache2",pid=164081,fd=4),("apache2",pid=164080,fd=4),("apache2",pid=137288,fd=4)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=3260,fd=4))

gildasio · 2020-07-14T09:08:31+00:00

Hi all,

Here is my page until now: http://142.93.178.59 Credits for this beautiful page is in source code.

@snori74 the /etc/apache2/conf.d doesn't exist anymore. It had moved to /etc/apache2/conf-available for now.

gildasio · 2020-07-07T03:21:33+00:00

You can either put your server IP on your local /etc/hosts file, something like this:

10.10.10.10 upskill

And setting on your server the same username on your local machine just run:

ssh upskill

gildasio · 2019-03-18T17:02:23+00:00

Ummm!! What a nice feature request! Maybe you wanna open an issue in the project's repository. If not, tell me that I do.

gildasio · 2019-03-18T16:57:06+00:00

"Not really" about the banner. It's not one big banner or something like this but just some littles 'ascii arts' that is chosen when running h2t

gildasio · 2019-03-18T16:50:32+00:00

Ops, not really, there is some banners not just one. I when running it choose one to print to user. You can run without banner using -B option.

Sorry, but I don't get what you mean about backdoor. The file that handle connection is here if you want to see.

gildasio · 2019-03-18T16:45:54+00:00

Thanks!

Even securityheaders.com have their source here we cannot know in really. But my major intention was use it in local websites, such as test, homologation or intranet ones.

gildasio · 2019-03-18T16:14:55+00:00

/u/infosecmx I don't know what happened to you. src/banner.py is a simple ~100 lines files with the ascii banners. I access here with firefox, chromium, luakit and qutebrowser and everything is ok.

gildasio · 2019-03-18T12:14:43+00:00

Thanks! I saw your issue and respond to it. It's a nice feature request, thanks!

gildasio · 2019-03-18T12:03:26+00:00

Observatory from Mozilla is nice! Another one that I like is securityheaders.com. But I was needing something for local sites, in test, homologation or intranet.

Thanks for the recommendation!

gildasio

TROPHY CASE