Hi all, I’m stimpz0r… aka, Shane Joseph. I am a self-confessed computer geek that enjoys “hacking” anything and everything!
… I don’t mean hacking in the literal “break into computers” sense, but more in the scope of customizing and changing things from their default (or more accurately – “intended) states… I cannot stand default!
Anyway, to start lets go over a bit of history…
The story of stimpz0r
It all started back when I was a young kid. I was born in 1982, and it was only a few years on from then when my father had brought home an Apple II as our first family computer. This is where I first got a “taste” of my life-time hobby and passion… computers. By the time I got more fluent operating the Apple II’s (my father started buying (sometimes parts, sometimes full systems) and reselling cleaned up and fixed full Apple II’s with screens for some extra income), we had upgraded to an Amiga 500. After teaching myself the ins-and-outs to operating AmigaOS, this was where I first ever dabbled in programming – at a ripe age of 12 I started writing basic programs in the Amiga Basic programming language AMOS. I wouldn’t say I had mastered the language, but I could do some pretty awesome things… unfortunately these programs (like a lot of my other “digital achievements”) are now just a memory… though ironically my younger brother still has one of our original Amiga 500 systems (though unfortunately is now dead) – my dad originally sold it to a friend of his, who ended up giving it back to my dad before he passed away, and my brother took it to try and get it working again.
The Amiga was also the first place I learned to deal with ‘pirated’ software – or warez as it was known. Regardless of the moral and legal ramifications of piracy and the use of it, it definitely contributed a lot to the advancements in my learning of software and hardware when it came to computers. I got to try out a much vaster array of different applications and games than most people would ever get to in a lifetime by purchasing these titles legitimately (and the sometimes long-winded efforts required to get ‘pirated’ software installed or operable definitely helped me to learn very quickly how to diagnose software issues and remedy them).
Moving on a few years, we had since left behind the Amiga and shifted onto x86-based (Intel) computers – where we got our first ever 80486 (DX2-66). This is where being exposed to pirated software had finally pushed me towards digital art. To install pirated software correctly you had to read .nfo files for installation instructions, of which these files were generally decorated using ASCII art. This was where I was first exposed to the ANSI & ASCII art scene – also sometimes referred to as the original “pixel-art”. The very tight connection between the Demoscene and the warez scene (the warez groups would get people within the demoscene to create their .nfo artwork, and in the earlier days, create digital music that was usually included as part of “demos” (short applications that played digital music and usually rely on graphical effects and fancy fonts for their scrolling writing) – a lot of which were used by warez groups such as Razor 1911, Fairlight and the other original warez groups to promote themselves – back in the Amiga 500 / Commodore 64 (C64) era they would bake these “demos” into the start of the game / application as an intro to promote that it was them that released it. For a video documenting this in rather easy-to-understand terms (and some samples of the demos created), here is a YouTube video by Inside Gaming titled “Demoscene: The Strangest (and Coolest) Computer Subculture – Inside Gaming Explains”
I also was lucky enough to get a taste of the wonderful World Wide Web, a.k.a. the Internet before it was wide-spread in Australia. My Nanna had access before we got it at home, and back in those days we were talking Windows 3.11 (that had no out-of-the-box support for the Internet unlike Windows 95), Trumpet Winsock (a seperate application you had to install to dial in to the ISP and connect to the internet, because of Windows 3.11 and it’s “no out-of-the-box internet support”), and Netscape version 2 – the original king of internet “browsers”, before Microsoft Internet Explorer came along (and the whole anti-trust lawsuit that prevailed from Microsoft trying to shove Internet Explorer down every users throats). Interestingly, the Netscape developers also formed a massive part of the original Mozilla team, that would eventually develop one of the most popular browsers of all time (and still to this day), Firefox. I won’t lie when I say the struggle was real when it came to getting online back in those days, especially getting Windows 3.11 set up to dial into an ISP (Winsock was TORTURE!) – and it was slower and a lot more basic than the internet we have today.
See, back then (before the Internet became a “thing” – a.k.a. before 1997 in Australia, my home country) all downloads and social interaction were done via dialing directly into a Bulletin Board System (BBS), which in simple terms was a dedicated computer connected to a (usually dedicated) phone line via a dial-up modem. These systems would allow you to dial in and control a menu system allowing you to download files hosted on the BBS (transfers were extremely slow compared to today’s standards, so a standard MP3 would take 30-40 mins to download), along with messaging other users, chatting in real-time with the system operator (or if the BBS had multiple phone lines, you could chat to other people connected to the other lines). These BBS (or more so the ones I liked to call) were also riddled with ANSI or ASCII art throughout the experience – from the initial art you saw as soon as you connect, to the carefully-designed menus, some systems being even more fancier than the others depending on how tightly they were tied into the Demoscene. This got me into designing my own ANSI & ASCII art, not just for me but also for other local BBSes in my area. Around this time (1997) I had also met a friend at school that was into the demoscene, and we both decided to start our own “digital art & music” group named inflicted productions – it turned out that my friend and his best friend (who eventually would also become my friend as well) made digital music in applications known as Trackers (which I had also dabbled in back in the Amiga days using a program named OctaMED), so they looked after the music side of the group, and I looked after the art side of things (both ANSI & ASCII “lores” art, and “hires” images (such as the JPGs and such we use today). We ended up releasing many “art” and “music” packs – collections of digital music and/or art that our members would submit (usually on a monthly basis), that we would package together and distribute to local BBSs (then later the internet) for others to download and enjoy. This lasted for quite a few years, with over 20 members at one stage, but dwindled away eventually with the rising popularity of the internet (and decline in BBSs and overall requests for creating our artworks).
It was around this stage I also started getting into the hardware side of computers, building and upgrading my own systems, fixing and diagnosing hardware issues… this would eventually grow further… but more on that later.
Not too long after I first met my friend who I formed inflicted with, the internet happened… well, it became more popular in Australia anyway, and many local (Australian) demoscene groups started to dwindle down (along with inflicted) and the BBSes of yesterday were all but retired – much like IRC (Internet Relay Chat) is these days… but back then IRC was the replacement to messaging people on BBSs, and quickest and easiest way to socialize with a bunch of people at the same time.
IRC servers were actual physically separate IRC server programs running on different Linux dedicated servers around the world (depending on the IRC network they belonged to – more on this later), and were usually grouped together as one IRC “network” (that generally ran the same IRC server software with services the same as the other servers part of said network) – each IRC network would have an address that would connect you to a random IRC server that was part of that network, such as irc.efnet.org for EFNet. IRC was where I spent a good 10 years of my time hanging out with friends and generally goofing off. Starting off on the popular IRC network known as EFNet – a.k.a. the “badlands” of IRC networks. EFNet (unlike most other IRC networks) had none of the more-advanced channel services to protect channels from takeover that the other IRC networks used, and similarly, no nickname services to help you secure your nickname. To protect your channel from takeover or flooding, you had to run “botnets” (not the “botnets” you hear of today – more on this later) , and bouncers / Linux “screen” clients sitting connected 24/7. This was before the days VPSs (Virtual Private Servers) were a thing (virtualization was not yet a big thing either, hence the lack of cheap virtual servers), so getting access to a permanently running and internet connected Linux machine was as good as it got – most available were paid accounts (and costly at that!), but I had many online friends, and eventually accumulated over 10 different Linux “shells” (accounts on dedicated Linux servers) from these friends to run my own botnet, or screens to keep my nickname safe.
Eventually I moved to the “simpler” and “safer” servers of OzOrg, one of the 2 Australian IRC networks, which unlike EFNet had channel and nickname services to help you keep your nickname and channel(s) safe. This was where I met a lot of cool friends who weren’t always based in Victoria as I was (this is where I met a lot of my Sydney-based friends), and where I ran my first long-term channel – #kritical. Then soon after OzOrg started to die off, most of us jumped ship to AustNet (another Australian-based IRC network, where more of our local friends started to hang out). During that phase though my creativity still continued to flourish, so I still kept up with digital art (but mainly for creating websites), and coding. One of my first big projects was mIRC scripting and creating my own IRC “client” (specialized first for OzOrg, then later for AustNet), to help control my channels, that became somewhat popular among my circle of friends and other acquaintances on AustNet – titled kriticalSCRIPT, it contained many additional features not usually found in vanilla mIRC – especially for controlling AustNet services, eggdrop bot control and more… unfortunately only one version exists online and it was not the latest release.
As you probably had guessed, that was the dawn of the era I learnt even more about how the internet, and by extension, networking worked – and became increasingly interested in “other” operating systems due to learning what was behind running the big servers of the internet (and still is to this day)… I had pretty-much (besides family computers) exclusively moved onto using Linux and UNIX/BSD flavours as my daily driver operating systems on my own computers, trying out nearly every major variant of UNIX based operating systems over the course of my foray into the world of Linux / BSD – from Debian to Redhat (and all the basic flavours of Linux available at the time), the more advanced distributions such as Gentoo and Arch, and of course BSD variants such as FreeBSD and OpenBSD – I lived in all of them for a period and put myself to the test… sometimes using the slim requirements needed to run the likes of FreeBSD to push old PCs to their limits. I at one stage had FreeBSD running on an old 486 DX4-100 that did nothing but play MP3s via a text-based console GUI… because that was all it could do, and the only way I could push the PC to get it to play any decent bitrate MP3 without stuttering like crazy! On top of all that, I also had started using Linux as the “gateway” to our home internet – building a PC that would purely exist to route internet to all the computers in the house, along with protecting our home network via the use of firewalls and most attacks that would be aimed at a Windows operating system.
I had also by now done 2 seperate bouts of work-experience – one at the local national Western Digital distributor in the Returns (RMA) department and did a few weeks at a local PC store. The vast majority of my hardware knowledge was self-learnt… but came in very handy when my father decided to start a PC business. Using my skills (and his) we built PCs, restored older PCs, built small networks and managed the needs of a few local businesses along with a lot of home users. I helped out for nearly no wage for the few years it existed. Unfortunately it all came to an abrupt end when the business we were sharing the shop-front with (who paid the majority of the rent) had to close up due to debts.
This was also the time that I first dabbled in the world of “unethical” hacking (a.k.a. Black Hat hacking)… with a few knowledgeable acquaintances, I was soon getting into things such as dissecting and testing exploits, breaking apart and even coding my own backdoors/RATs, learning the use of the hacking tools from those days (NMAP existed back then!), using encryption and other AV/Firewall evasion techniques, and the art of breaking into Linux/UNIX based systems without leaving a trace. One of my favorite pass-times was following malicious links, downloading the trojan / RAT they were using to attempt to infect their victim, and performing my own malware analysis on the downloaded trojan, eventually tracking down and destroying their illegal botnets – I managed to shut down at least half a dozen botnets in my time, which I was proud of saving the victims and their bandwidth.
Anyway, back onto the subject of “botnets” as mentioned earlier in my recollection of the IRC era – the IRC botnets I referenced in my EFNet explanation were not the same as the malicious botnets used by hackers these days, they were legitimate IRC channel control bots hosted on non-hacked Linux servers – they would connect and talk to each other and ensure that they all remained OPs in the channel, and if someone tried to take over the channel, that one of the bots would jump in before it lost it’s operator status and punish the user(s) trying to take over the channel by kicking (and usually banning them completely) from the channel, or if any of the bots detected a user that joined in is “operator” list, it would give them operator access so they could control the channel (either automatically, or after being commanded to by a user with a matching host via private message).
Though while on the subject of “malicious” botnets, the majority of the first malicious “botnets” were actually modified versions of mIRC that were made to hide from the user’s sight. hat would connect to a configured IRC server, and would join and sit in a specific IRC channel the hacker had configured, where they would be controlled by the hacker via commands given via messages either directly to the channel, or directly to the bot itself via private message (should they want to do a single task on a single “bot” or hacked system). Although malicious IRC-based botnets existed as early as 1999, they became more prevalent around the time of 2004 – in fact, you have to dig deep to find any real mention of malicious botnets before 2003-2004 as the majority of “history of botnets” related websites online miss the entire 1999-2004 era. Back in the early 2000’s one of the most prevalent variants of botnets getting around IRC were GTBot-based mIRC botnets. These were soon replaced with much smaller C/C++ based apps to replace the bloated (and rather easy to detect) mIRC based bots. These (and the […TBC…]
Things went quiet for quite some time due to life (I had my own family to take care of by this stage), but eventually when things started to settle down I got back into coding and “hacking” hardware, this time setting my sights on Android customization and programming – specifically Custom ROMs. When Android was first announced (being powered by the Linux kernel) I was deeply interested in the project as a whole – even at one stage downloading a beta version of the first Android version as a virtual machine to play around with. Fast forward to around 2011, I had obtained my first Android Phone (the first-ever LG Optimus, running on Android Donut – v1.6!) and later that year, my first ever Android Tablet (Samsung Galaxy Tab 7, the first ever Android tablet that Samsung ever released). By the start of 2012 I had managed to port a popular custom ROM named AOKP by TeamKang to the Samsung Galaxy Tab 7 – named AOKP SGT7 (SGT7 is short for Samsung Galaxy Tab 7, if you didn’t already guess that!).
This project was started on XDA Developers forums, originally for Ice Cream Sandwich (Android v3) and later moving on to Jellybean (Android v4) and later onto all international variants of the GT-P1000 (L/N/C). AOKP SGT7 was massively popular due to the fact that it was one of the most stable and complete ROMs to exist on the Samsung Galaxy Tab 7 and pushed the tablet way past it’s expected (and supported) limits. According to Wayback Machine, the last ever release of AOKP SGT7 got over 118k downloads, and a grand total of 267,298 downloads of AOKP SGT7 builds since the site was first born, to 2020. The source code still exists on GitHub to this day, but unfortunately the website has since passed.
I also worked on another project that was never released named buildROM – an “automatic” builder of Android ROMs for Arch Linux, which started it’s life purely because Arch had “issues” building Android ROMs using conventional methods. It was coded purely in Shell (Bash) Script and allowed you to build multiple variants / devices in a row so you could “set and forget” the build process (as back then it could take 6+ hours to build one device’s firmware).
Just after AOKP SGT7 finished (my second youngest son had broken my tablet) I took a break from most coding and especially Android ROMs, except for at work where I had started the creation of an extensive and complicated Microsoft Excel Macro-Controlled Front-End for running the daily operations of our Kitting and Distribution department, along with a system to automate our warehouse stocktakes, daily open picklist reporting and other warehouse administration related tasks. Unfortunately due to ownership rights of the code (being that anything I created during my work hours is owned by my previous employer) I cannot share these here… but the Kitting system in itself was well over 6000 lines of code (just for the main module) due to it’s ability to manage their “Job Bags” (details on each job), monthly reporting, casual hire tracking and consumable usage. Along with the coding of these systems, I had moved up the ranks from a Forklift driver, to “Warehouse Administrator” – I also became the unofficial “IT” guy of our division, and often resolved a lot of the smaller issues myself, or liaised and worked with the IT department to get things resolved, helping them out when I could with my knowledge of systems and computers in general. On top of that, I was one of the key figures in a software upgrade our division went through during my time – because of my vast knowledge on what we required, and computer systems I was a key part of helping that project come to fruition, and also in the task of training our staff to use the new system.
Finally, jumping to today… I have since moved on from my employer and are looking to further my career in the IT world, particularly cyber security – specializing in “penetration testing” and “ethical hacking”. I have spent months on TryHackMe and worked through the “Pre Security”, “Jr. Penetration Tester” and “Offensive Pentesting” learning paths… along with other mini-learning “Modules” such as “Privilege Escalation” and “Scripting for Pentesters”. On top of that I have also completed and completely owned 2 of their 3 networks – “Wreath” and “Holo”. I will be using this blog as platform to share my notes on a lot of the things I have learnt on TryHackMe, including walkthroughs for completed CTFs & networks.
Along with that, my latest project named pwnMENU – it’s a rofi-driven menu to help speed up the day-to-day operations of a pentester. This again is pure Bash Script to drive it, but plugs into many tools that are found on most penetration testing distributions (it was built on a custom BlackArch setup). It is still work-in-progress, but so far it can stabilize shells, help you easily generate commands to spawn shells on remote targets, help with generation of MSFVenom payloads, built-in searchsploit searches (giving you the link to mirror the exploit direct to your clipboard), helps setup and run a HTTP and SMB server (via Python) to help transfer platform-dependant tools and files onto remote targets (or to exfiltrate data back from the target) via many built-in downloading tools dependant of the targets OS (sometimes encrypted), and also can create command line syntax for many popular tools (such as NMAP, FeroxBuster, Nikto, SQLMap, etc.).
Wow, OK that was a lot! So what exactly CAN you do?
Instead of another huge wall of text, lets keep this in list format.
Hardware
- Build, replace and repair parts, reassemble most systems (regardless of size)
- Diagnose hardware failure issues.
- Build and maintain small networks, ranging from both ethernet and coaxial cable.
Software
- Fluent in most popular PC operating systems, both Windows and Linux/Unix based.
- Used and competent in two of the “harder” flavours of Linux – Arch and Gentoo (which require advanced knowledge of Linux to maintain)
- Advanced knowledge of both Windows and Linux operation, especially in command line environments.
- Advanced ability to diagnose and repair software issues.
Hacking
- Completed “Pre Security” -> “Jr Penetration Tester” -> “Offensive Pentesting” learning paths on TryHackMe, and a handful of modules such as “Shells and Privilege Escalation” and “Scripting for Pentesters”
- Completed many CTFs without or with little instruction, raging from Easy to Hard in difficulty – completed as in full root / SYSTEM access.
- Completed and gained top-level acces on 2 of the 3 networks on TryHackMe, “Wreath” and “Holo” (the latter I had to “overcome bugs” in the setup to gain elevated access by finding alternative methods to exploit).
- Completed the TryHackMe “Advent of Cyber 2021” room – a yearly challenge aimed at new pentesters to learn basic red and blue team operations.
- Currently ranked in the top 1% of the website on TryHackMe (# 8,522 of 925,344 users at the time of writing), on level 10.
- Some knowledge on malware anaylsis and uncovering backdoors and malware.
- Using commonly used tools to enumerate targets, such as (but not limited to) NMAP, GoBuster / FeroxBuster, Nikto, SQLMap, enum4linux, CrackMapExec, Burp Suite, Metasploit, etc…
- Defeated insecure Active Directory domains.
- Used obfuscation for the purpose of AV evasion.
- Created buffer overflow exploits to exploit bugs in software to gain acces / privesc.
- Download, install and modify public C2 systems (such as Empire and Covenant) to evade AV detection.
Programming
- Programmed in many scripting and programming languages, including Amiga Basic, Visual Basic, Shell Scripting (Bash and PowerShell), C, C++, C#, Java (mainly Android-specific), Python, HTML, CSS, PHP and many other program-based scripting languages.
- Built and maintaned custom ROM builds for Android devices that had extended features and system-related upgrades, one of which I developed and publically released that was one of the most popular ROMs of it’s time for that device.
- Built a Kitting & Distribution management system in Visual Basic from scratch, along with other warehouse-related automation tools.
- Built and maintained a modified IRC script for mIRC Windows client that extended the abilities of standard clients.
- Built C/C++ backdoors (never completed or used publically – more for PoC), modified, fixed, weaponized and wrote my own exploit code.
- Have built a website from scratch (HTML), including styling (CSS) and programmed in PHP