Hi all, I’m stimpz0r… aka, Shane Joseph. I am a self-confessed computer geek that enjoys hacking anything and everything!
I don’t mean hacking in the literal sense (though there is a fair amount of that too!), but more in the scope of customizing and changing things from their default states… I cannot stand default!
Anyway, to start lets go over a bit of history…
The story of stimpz0r
It all started back when I was a wee kid… (no I’m not Scottish, it just sounded good!). I was born in 1982, and it was only a few years on from then when my father had brought Apple II‘s as our first family computer(s), where I first got a “taste” of my life-time passtime… by the time I got more fluent from operating them we had upgraded to Amiga 500s. This was where I first ever dabbled in programming… at a ripe age of 12 I was writing basic programs in Amiga basic programming language AMOS. I wouldn’t say I had mastered the language, but I could do some pretty awesome things… unfortunately these programs are lost in the vapour.
Moving on a few years we had shifted onto PCs and we got our first ever 486. This is where being exposed to ‘downloaded’ software had started shaping me… as always having to “crack” things and read
.nfo files for instructions I was exposed to the retro ANSI & ASCII art scene that riddled those
.nfo documents at those times, and also the overall Demoscene which comprised of digital art, digital music (more on this later) and creating “demos” – short applications that showed off graphics, music and effects.
See, back then – before the internet was a thing – all file transfers and “social media” was done via dialling directly into a Bulletin Board System (BBS). These were riddled with ANSI and ASCII art throughout the menus, some systems being even more fancier than the others as they were tied directly into the Demoscene. This got me into designing my own art, not just for me but also for other local BBSes in my area. Around this time (1997) I had also met a friend at school that was into the same things and we both started a “digital art & music” group named inflicted productions – my friend and his good friend made digital music (in applications known as “trackers” – which I had also dabbled in back in the Amiga days (see OctaMED linked in the above post), and I looked after the art side of things (both ANSI & ASCII “lorez” art, and “hirez” images (such as the JPGs and such we use today).
Then the internet happened… and demoscene groups started to dwindle down (along with inflicted) and the BBSes of yesterday were all but retired – much like IRC (Internet Relay Chat) is these days… but back then IRC was the replacement to chatting on BBSes and best way to socialize with a bunch of people at the same time. This is where I spent a good 10 years of my time hanging out with friends and generally goofing off. Starting off on Efnet (the “badlands” of IRC, no services to protect channels from takeover – you had to run botnets to keep ownership of a channel) and moving to the “simpler” and “safer” servers of AustNet. During that phase though my creativity still continuned to flourish, so I still kept up with digital art (but mainly for creating websites), and coding. One of my first big projects was mIRC scripting and creating my own IRC script for AustNet and control of my channels, that became somewhat popular amongst my circle of friends and other aquaintences on AustNet – titled kriticalSCRIPT, it contained many additional features not usually found in vanilla mIRC – especially for controlling AustNet services, eggdrop bot control and more… unfortunately only one version exists online and it was not the latest release.
I had also by now done work-experience at the local national Western Digital distributor in the Returns (RMA) department and did a few weeks at a local PC store. The vast majority of my hardware knowledge was self-learnt… but came in very handy when my father decided to start a PC business. Using my skills (and his) we built PCs, restored older PCs, built small networks and managed the needs of a few local businesses. I helped out for nearly no wage for the few years it existed. Unfortunately it all came to an abrupt end when the business we were sharing the shop-front with (who paid the majority of the rent) had to close up due to debts.
This was also the time that I first dabbled in “unethical” hacking (a.k.a. Black Hat)… with a few knowlegeable aquaintences, I was soon getting into things such as toying with exploits, coding backdoors and tools, encryption and such. Needless to say though I eventually stopped due to moving on with life (meeting my wonderful partner, having kids, etc..) and stopped doing any further “illegal” activities.
Things went quiet for quite some time due to life, but eventually when things started to settle down I got back into coding, this time setting my sights on Android customization and programming – specifically Custom ROMs. At the start of 2012 I had managed to port a popular custom ROM named AOKP by TeamKang, and released a modified version of this on the Samsung Galaxy Tab 7 (the GT-P1000 – a.k.a. the “OG” first ever Samsung Android tablet) – named AOKP SGT7.
This project was started on XDA Developers forums, originally for Ice Cream Sandwhich (Android v3) and later moving on to Jellybean (Android v4) and later onto all variants of the GT-P1000 (L/N/C).
AOKP SGT7 was massively popular due to the fact that it was one of the most stable and complete ROMs to exist on the Samsung Galaxy Tab 7 and pushed the tablet way past it’s expected (and supported) limits. According to Wayback Machine, the last ever release of AOKP SGT7 got over 118k downloads! The source code still exists on GitHub to this day, but unfortunately the website has since passed (you can get a general idea of the design from the 118k link above).
Shell (Bash) Script and allowed you to build multiple variants / devices in a row so you could “set and forget” the build process. Although this project never reached full completion and is probably majorly outdated by now, I decided to release it just in case it can help someone else in their endeavours.
Just after AOKP SGT7 finished (my second youngest son had broken my tablet) I took a break from most coding and especially Android ROMs, except for at work where I had started the creation of a Microsoft Excel Macro-Controlled Template for running the daily operations of our Kitting and Distribution department, along with a system to automate our warehouse stocktakes, daily open picklist reporting and other warehouse administration related tasks. Unfortunately due to ownership rights of the code (being that anything I created during my work hours is owned by my previous employer) I cannot share these here… but the Kitting system in itself was well over 6k lines of code (just for the main module) and still to this day manages their “Job Bags” (details on each job), monthly reporting, casual hire tracking and consumable usage. Along with the coding of these systems, I had moved up the ranks from a Forklift driver, to “Warehouse Administrator” – I also became the unofficial “IT” guy of our division, and often resolved a lot of the smaller issues myself, or liased and worked with the IT department to get things resolved, helping them out when I could with my knowlege of systems and computers in general. On top of that, I was one of the key figures in a software upgrade our division went through during my time – because of my vast knowledge on what we required, and computer systems I was a key part of helping that project come to fruition, and also in the task of training our staff to use the new system.
Finally, jumping to today… I have since moved on from my employer and are looking to further my career in the IT world, particually cyber security – specializing in “penetration testing” and “ethical hacking”. I have spent the last few months on TryHackMe and worked through the “Pre Security”, “Jr. Penetration Tester” and “Offensive Pentesting” learning paths… along with other mini-learning “Modules” such as “Privilege Escalation” and “Scripting for Pentesters”. On top of that I have also completed and completely owned 2 of their 3 networks – “Wreath” and “Holo”. I will be using this blog as platform to share my notes on a lot of the things I have learnt on TryHackMe, including walkthroughs for completed CTFs & networks.
rofi-driven menu to help speed up the day-to-day operations of a pentester. This again is pure Bash Script to drive it, but plugs into many tools that are found on most penetration testing distributions (it was built on a custom BlackArch setup). It is still work-in-progress, but so far it can stabilize shells, help you easily generate commands to spawn shells on remote targets, help with generation of MSFVenom payloads, built-in searchsploit searches (giving you the link to mirror the exploit direct to your clipboard), helps setup and run a HTTP and SMB server (via Python) to help transfer platform-dependant tools and files onto remote targets (or to exfiltrate data back from the target) via many built-in downloading tools dependant of the targets OS (sometimes encrypted), and also can create command line syntax for many popular tools (such as NMAP, FeroxBuster, Nikto, SQLMap, etc.).
Wow, OK that was a lot! So what exactly CAN you do?
Instead of another huge wall of text, lets keep this in list format.
- Build, replace and repair parts, reassemble most systems (regardless of size)
- Diagnose hardware failure issues.
- Build and maintain small networks, ranging from both ethernet and coaxial cable.
- Fluent in most popular PC operating systems, both Windows and Linux/Unix based.
- Used and competent in two of the “harder” flavours of Linux – Arch and Gentoo (which require advanced knowledge of Linux to maintain)
- Advanced knowledge of both Windows and Linux operation, especially in command line environments.
- Advanced ability to diagnose and repair software issues.
- Completed “Pre Security” -> “Jr Penetration Tester” -> “Offensive Pentesting” learning paths on TryHackMe, and a handful of modules such as “Shells and Privilege Escalation” and “Scripting for Pentesters”
- Completed many CTFs without or with little instruction, raging from Easy to Hard in difficulty – completed as in full root / SYSTEM access.
- Completed and gained top-level acces on 2 of the 3 networks on TryHackMe, “Wreath” and “Holo” (the latter I had to “overcome bugs” in the setup to gain elevated access by finding alternative methods to exploit).
- Completed the TryHackMe “Advent of Cyber 2021” room – a yearly challenge aimed at new pentesters to learn basic red and blue team operations.
- Currently ranked in the top 1% of the website on TryHackMe (# 8,522 of 925,344 users at the time of writing), on level 10.
- Some knowledge on malware anaylsis and uncovering backdoors and malware.
- Using commonly used tools to enumerate targets, such as (but not limited to) NMAP, GoBuster / FeroxBuster, Nikto, SQLMap, enum4linux, CrackMapExec, Burp Suite, Metasploit, etc…
- Defeated insecure Active Directory domains.
- Used obfuscation for the purpose of AV evasion.
- Created buffer overflow exploits to exploit bugs in software to gain acces / privesc.
- Download, install and modify public C2 systems (such as Empire and Covenant) to evade AV detection.
- Programmed in many scripting and programming languages, including Amiga Basic, Visual Basic, Shell Scripting (Bash and PowerShell), C, C++, C#, Java (mainly Android-specific), Python, HTML, CSS, PHP and many other program-based scripting languages.
- Built and maintaned custom ROM builds for Android devices that had extended features and system-related upgrades, one of which I developed and publically released that was one of the most popular ROMs of it’s time for that device.
- Built a Kitting & Distribution management system in Visual Basic from scratch, along with other warehouse-related automation tools.
- Built and maintained a modified IRC script for mIRC Windows client that extended the abilities of standard clients.
- Built C/C++ backdoors (never completed or used publically – more for PoC), modified, fixed, weaponized and wrote my own exploit code.
- Have built a website from scratch (HTML), including styling (CSS) and programmed in PHP