diff --git a/content/posts/2014/learn-git-part-1-introduction.md b/content/posts/2014/learn-git-part-1-introduction.md index 86d375f..b97c7c3 100644 --- a/content/posts/2014/learn-git-part-1-introduction.md +++ b/content/posts/2014/learn-git-part-1-introduction.md @@ -24,6 +24,7 @@ math: lightgallery: true license: "" --- + I think everybody here at least heard about [GitHub](https://github.com) and maybe even about the file management system called [git](https://git-scm.com) which is everywhere in the development world those days. So, as a computer science student I choose to learn it, and what batter way to learn something then to write about it. So in this series of posts I'll document my journey to learn git (which is the base of GitHub as the only version control you can use on the platform). I hope more people can use it as a learning document or even to deepen their knowledge in the tool. @@ -105,6 +106,7 @@ nothing added to commit but untracked files present (use "git add" to track) ``` We can see we got couple of pieces of information back: + - We are on branch `master` (we'll take about branches later) - There is no commits yet in this repo. - We have a new file (file that `git` doesn't track) in the name of `README.md` @@ -126,7 +128,7 @@ Changes to be committed: We see almost the same pieces of information, but now `git` have a file in his _staging area_ (a file ready to be `commit`ed). So, it's time to do our first `commit`. To do this we'll use the `commit` command. A flag that the `commit` command have is `m` which means _"message"_, with this flag we can add a message to the `commit` to describe the changes this `commit` is do. -When we do the `commit` we basically take a snapshot of our file system in this exact time. Even a space means a change. This commit is added to the repo (project) timeline (it's accepted to draw it and imagine it as a timeline, because every `commit` has a timestamp, so we can place them all on a big timeline from the start of the project until now). +When we do the `commit` we basically take a snapshot of our file system in this exact time. Even a space means a change. This commit is added to the repo (project) timeline (it's accepted to draw it and imagine it as a timeline, because every `commit` has a timestamp, so we can place them all on a big timeline from the start of the project until now). ```bash $ git commit -m "Created an empty README file" @@ -188,6 +190,7 @@ $ git commit -m "Add a new LICENSE file and finish README" ``` To look at the history, the log, of the current timeline we can use the `log` command. We see there're two `commit`s in the branch (timeline) we're currently at. And also much more information: + - We're in the `master` branch (timeline). - The `commit`s hash, which is a unique string of number and letters to represent that `commit`. It's basically the name of the `commit`, with it we can reference that `commit`. - The author and the exact time and date of the `commit`. @@ -215,8 +218,8 @@ gitGraph: options { "nodeSpacing": 150, "nodeRadius": 10 } end - commit - commit +commit +commit {{< /mermaid >}}   diff --git a/content/posts/2014/learn-git-part-2-getting-our-hands-dirty.md b/content/posts/2014/learn-git-part-2-getting-our-hands-dirty.md index 8a9bc47..67c96cf 100644 --- a/content/posts/2014/learn-git-part-2-getting-our-hands-dirty.md +++ b/content/posts/2014/learn-git-part-2-getting-our-hands-dirty.md @@ -24,6 +24,7 @@ math: lightgallery: true license: "" --- + This part is a direct continuation of [Learn Git - Part 1: introduction](https://lifelongstudent.io/2014/06/learn-git-part-1-introduction/), so if you haven't read it, go and read it first. We based on the things we learned and do there, so make sure you don't delete the repo we created in the part 1.   @@ -166,7 +167,7 @@ To github.com:nirgn975/test.git If we refresh the GitHub repo page we'll see the `README` file there, and a new _"Network"_ button (at the right menu, next to the _"Settings"_) where we can see all the `branch`s and all the `commit`s, with their messages, who're their author, when they `commit`ed, and more (basically like writing the `log` command on our terminal). -So, we `push`ed our repo to a `remote` source on GitHub (or any other `git` hosting), but how can Bob take this code to his local machine? Like we said before, with the `pull` command (we'll also use the `pull` command to sync our local repo with the `remote` one, so get changes other team members did and `push`). +So, we `push`ed our repo to a `remote` source on GitHub (or any other `git` hosting), but how can Bob take this code to his local machine? Like we said before, with the `pull` command (we'll also use the `pull` command to sync our local repo with the `remote` one, so get changes other team members did and `push`). ```bash $ git pull origin master @@ -269,6 +270,7 @@ Now let's create a new `branch` to work on a new task, the branch will be called $ git checkout -b basic-main Switched to a new branch 'basic-main' ``` + Then we'll add the `Go to detailed page!` line right after `content of website ..`. ```html @@ -305,12 +307,12 @@ gitGraph: options { "nodeSpacing": 100, "nodeRadius": 10 } end - commit - commit - branch basicmain - checkout basicmain - commit - commit +commit +commit +branch basicmain +checkout basicmain +commit +commit {{< /mermaid >}} Right in the middle of our work on the `basic-main` branch, we get an email from our boss that there are bugs in `master` and we need to take care of it immediately. So let's head over to `master` (you can run `git branch` after you `checkout` to `master` just to make sure you're on `master`). @@ -372,18 +374,18 @@ gitGraph: options { "nodeSpacing": 100, "nodeRadius": 10 } end - commit - commit - branch basicmain - checkout basicmain - commit - commit - checkout master - commit - checkout basicmain - commit - checkout master - merge basicmain +commit +commit +branch basicmain +checkout basicmain +commit +commit +checkout master +commit +checkout basicmain +commit +checkout master +merge basicmain {{< /mermaid >}}   @@ -419,7 +421,7 @@ It's time to practice. Remember that the best practice is through your fingertip 8. Use the `remote add` command like so: `git remote add origin https://github.com/example/importantProject.git`. 9. You need the `push` command with the `-u` flag: `git push -u origin master`. 10. Use the `clone` command like so: `git clone https://github.com/nirgn975/test.git`. -11. Use the `checkout` command with the `b` flag, like so: `git checkout -b fix457`. +11. Use the `checkout` command with the `b` flag, like so: `git checkout -b fix457`. 12. `git merge fix457`.   @@ -428,6 +430,6 @@ It's time to practice. Remember that the best practice is through your fingertip We now know how to see the changes that were made from the last `commit`, how to go back if we regret something we did in a `commit` or the commit message, or even forget to add something to the `commit`. -We upload the project to a remote repository (GitHub in this case), we created new branches, worked with other team members, and merge our code to the `master` branch (we go over a `merge` with no changes in `master` and with one **with** changes in `master`, but not in the same file - we'll talk about it in future chapter). +We upload the project to a remote repository (GitHub in this case), we created new branches, worked with other team members, and merge our code to the `master` branch (we go over a `merge` with no changes in `master` and with one **with** changes in `master`, but not in the same file - we'll talk about it in future chapter). We definitely learned a lot in this chapter! Don't forget to practice it through your fingers, it's the best way to learn something new. And don't hesitate to ask questions in the comments if something is not clear - I'll do my best to help. diff --git a/content/posts/2014/learn-git-part-3-introduction.md b/content/posts/2014/learn-git-part-3-introduction.md index 1a88a05..4c0cde6 100644 --- a/content/posts/2014/learn-git-part-3-introduction.md +++ b/content/posts/2014/learn-git-part-3-introduction.md @@ -3,7 +3,7 @@ title: "Learn Git - Part 3: introduction" subtitle: "" date: 2014-08-03T09:00:00+03:00 lastmod: 2014-08-03T09:00:00+03:00 -draft: false +draft: true author: "Nir Galon" authorLink: "https://nir.galon.io" description: "" @@ -24,6 +24,7 @@ math: lightgallery: true license: "" --- + I think everybody here at least heard about [GitHub](https://github.com) and maybe even about the file management system called [git](https://git-scm.com) which is everywhere in the development world those days. So, as a computer science student I choose to learn it, and what batter way to learn something then to write about it. So in this series of posts I'll document my journey to learn git (which is the base of GitHub as the only version control you can use on the platform). I hope more people can use it as a learning document or even to deepen their knowledge in the tool. @@ -105,6 +106,7 @@ nothing added to commit but untracked files present (use "git add" to track) ``` We can see we got couple of pieces of information back: + - We are on branch `master` (we'll take about branches later) - There is no commits yet in this repo. - We have a new file (file that `git` doesn't track) in the name of `README.md` @@ -126,7 +128,7 @@ Changes to be committed: We see almost the same pieces of information, but now `git` have a file in his _staging area_ (a file ready to be `commit`ed). So, it's time to do our first `commit`. To do this we'll use the `commit` command. A flag that the `commit` command have is `m` which means _"message"_, with this flag we can add a message to the `commit` to describe the changes this `commit` is do. -When we do the `commit` we basically take a snapshot of our file system in this exact time. Even a space means a change. This commit is added to the repo (project) timeline (it's accepted to draw it and imagine it as a timeline, because every `commit` has a timestamp, so we can place them all on a big timeline from the start of the project until now). +When we do the `commit` we basically take a snapshot of our file system in this exact time. Even a space means a change. This commit is added to the repo (project) timeline (it's accepted to draw it and imagine it as a timeline, because every `commit` has a timestamp, so we can place them all on a big timeline from the start of the project until now). ```bash $ git commit -m "Created an empty README file" @@ -188,6 +190,7 @@ $ git commit -m "Add a new LICENSE file and finish README" ``` To look at the history, the log, of the current timeline we can use the `log` command. We see there're two `commit`s in the branch (timeline) we're currently at. And also much more information: + - We're in the `master` branch (timeline). - The `commit`s hash, which is a unique string of number and letters to represent that `commit`. It's basically the name of the `commit`, with it we can reference that `commit`. - The author and the exact time and date of the `commit`. @@ -215,8 +218,8 @@ gitGraph: options { "nodeSpacing": 150, "nodeRadius": 10 } end - commit - commit +commit +commit {{< /mermaid >}}   diff --git a/content/posts/2017/jekyll-starter-kit-generator-2.1.0-is-out.md b/content/posts/2017/jekyll-starter-kit-generator-2.1.0-is-out.md index 165cada..cf3c9a9 100644 --- a/content/posts/2017/jekyll-starter-kit-generator-2.1.0-is-out.md +++ b/content/posts/2017/jekyll-starter-kit-generator-2.1.0-is-out.md @@ -24,6 +24,7 @@ math: lightgallery: true license: "" --- + Creating Jekyll progressive web apps has never been easier!   @@ -36,16 +37,16 @@ It’ll create for you the default Jekyll website template, with all the best pr What more cool stuff? Here are couple of examples. -* You can write [pug](https://github.com/pugjs/pug) instead of HTML. -* You can use CSS or SASS or SCSS. -* Automagically minifies HTML, and automagically autoprefixing CSS. -* You can choose to write ES2015 with [babel](https://github.com/babel/babel). -* Concatenate and minify JavaScript. -* Built-in preview and auto update with BrowserSync. -* Automagically generates a service worker for your website for offline support. -* Test the website against [lighthouse](https://github.com/GoogleChrome/lighthouse) and fail Travis-CI if the score is below 80. -* Automagically optimizes image before deploy. -* Deploy the website to gh-pages or firebase with only one command. +- You can write [pug](https://github.com/pugjs/pug) instead of HTML. +- You can use CSS or SASS or SCSS. +- Automagically minifies HTML, and automagically autoprefixing CSS. +- You can choose to write ES2015 with [babel](https://github.com/babel/babel). +- Concatenate and minify JavaScript. +- Built-in preview and auto update with BrowserSync. +- Automagically generates a service worker for your website for offline support. +- Test the website against [lighthouse](https://github.com/GoogleChrome/lighthouse) and fail Travis-CI if the score is below 80. +- Automagically optimizes image before deploy. +- Deploy the website to gh-pages or firebase with only one command. ![The generator in action](/posts/2017/jekyll-starter-kit-generator-2.1.0-is-out/the-generator-in-action.webp "The generator in action") diff --git a/content/posts/2017/load-balancing-applications-with-haproxy-and-docker.md b/content/posts/2017/load-balancing-applications-with-haproxy-and-docker.md index 96716d0..55e0607 100644 --- a/content/posts/2017/load-balancing-applications-with-haproxy-and-docker.md +++ b/content/posts/2017/load-balancing-applications-with-haproxy-and-docker.md @@ -24,6 +24,7 @@ math: lightgallery: true license: "" --- + A tutorial for a real world docker use case. Recently I read a lot of articles about load balancing applications with Docker, Docker Compose, and Docker Swarm for my work. We have a couple of hundreds of instances and we need to manage them and do load balancing between them. @@ -43,12 +44,14 @@ For that reason I decided to write this post and present the way we use. It’s Let’s start by creating our simple Node.js application. Create a file named `index.js` with the following code: ```javascript -var http = require('http'); -var os = require('os'); -http.createServer(function (req, res) { - res.writeHead(200, {'Content-Type': 'text/html'}); +var http = require("http"); +var os = require("os"); +http + .createServer(function (req, res) { + res.writeHead(200, { "Content-Type": "text/html" }); res.end(`

I'm ${os.hostname()}

`); -}).listen(8080); + }) + .listen(8080); ``` Now we need to dockerize the app, so we’ll create a file named `Dockerfile` with the following code: @@ -72,26 +75,26 @@ Now we have a docker image of our simple (and awesome) Node.js app, and we can c For our HTTP server we’ll use HAProxy, that means we need to create a container with HAProxy that will listen to port 80 and load balance the requests to the different Node.js containers on port 8080. To create our containers (Node.js apps and HAProxy) we’ll use Docker Compose, let’s write our `docker-compose.yml` file: ```yaml -version: '3' +version: "3" services: awesome: - image: awesome - ports: - - 8080 - environment: - - SERVICE_PORTS=8080 - deploy: - replicas: 20 - update_config: - parallelism: 5 - delay: 10s - restart_policy: - condition: on-failure - max_attempts: 3 - window: 120s - networks: - - web + image: awesome + ports: + - 8080 + environment: + - SERVICE_PORTS=8080 + deploy: + replicas: 20 + update_config: + parallelism: 5 + delay: 10s + restart_policy: + condition: on-failure + max_attempts: 3 + window: 120s + networks: + - web proxy: image: dockercloud/haproxy @@ -145,12 +148,14 @@ Now let’s look at our services by writing `docker service ls` and we’ll see We can also create a second version of our `awesome` app. Let’s change the code a little bit (let’s add some exclamation marks at the end): ```javascript -var http = require('http'); -var os = require('os'); -http.createServer(function (req, res) { - res.writeHead(200, {'Content-Type': 'text/html'}); +var http = require("http"); +var os = require("os"); +http + .createServer(function (req, res) { + res.writeHead(200, { "Content-Type": "text/html" }); res.end(`

I'm ${os.hostname()}!!!

`); -}).listen(8080); + }) + .listen(8080); ``` So we need to build the image again, but this time it’s the second version of the app so we’ll write `docker build -t awesome:v2 .` and we’ll create an image called `awesome` but with a `v2` tag. To update our containers in the `awesome` service to use the `v2` version of our app (without stop the service) we’ll write `docker service update --image awesome:v2 prod_awesome` and our service called `awesome`, in `prod` stack, will update it’s containers five by five to use the second version of our app (why 5 containers at a time? because we wrote `parallelism: 5` in our `docker-compose.yml` file. diff --git a/content/posts/2020/chapter-1-simple-twitter.md b/content/posts/2020/chapter-1-simple-twitter.md index 71d2ddc..1bfb4c0 100644 --- a/content/posts/2020/chapter-1-simple-twitter.md +++ b/content/posts/2020/chapter-1-simple-twitter.md @@ -55,7 +55,7 @@ That's it, now if you'll write `git` on your command line of choice you'll get a ### 1.2. Open a GitHub account -GitHub is a web based git with some extra features. We don't need to install anything to use GitHub, just open an account and configure some stuff. So let's do it! Let's go to https://github.com and pick a `username`, `email`, and `password` and click on the big green button says *Sign up for GitHub*. +GitHub is a web based git with some extra features. We don't need to install anything to use GitHub, just open an account and configure some stuff. So let's do it! Let's go to https://github.com and pick a `username`, `email`, and `password` and click on the big green button says _Sign up for GitHub_. ![GitHub Sign Up Page](/posts/2020/chapter-1-simple-twitter/github_sign_up_page.webp "GitHub Sign Up Page") diff --git a/content/posts/2020/chapter-2-simple-twitter.md b/content/posts/2020/chapter-2-simple-twitter.md index c660e38..8f05000 100644 --- a/content/posts/2020/chapter-2-simple-twitter.md +++ b/content/posts/2020/chapter-2-simple-twitter.md @@ -31,12 +31,12 @@ How it's going to look? What features it will have? Wha a user can or cannot do? A lot of questions to answer in one post, but we'll do our best! - ## 1. Planning Our MVP -What is even mean MVP? MVP is an acronyms of *minimum viable product*. It's a development technique in which a new product is developed with sufficient features to satisfy early adopters. The final, complete set of features is only designed and developed after considering feedback from the product's initial users. +What is even mean MVP? MVP is an acronyms of _minimum viable product_. It's a development technique in which a new product is developed with sufficient features to satisfy early adopters. The final, complete set of features is only designed and developed after considering feedback from the product's initial users. An MVP has three key characteristics: + 1. It has enough value that people are willing to use it or buy it initially. 2. It demonstrates enough future benefit to retain early adopters. 3. It provides a feedback loop to guide future development. @@ -142,11 +142,11 @@ Then the browser will probably request some images (from the static bucket) and Some of the endpoint will be protected, the user will have to sign in before they use them and will get a `token`, with that token he'll send a request to the backend and if the token is valid he'll get the data he need or post a new data (tweet), etc. -The backend has couple of instances and have an `nginx` in front of them for reverse proxy and load balancing. Every request will first hit the `nginx` (represented as *Cloud Load Balancing* on our schema) and then will get to one of them backend instances. When the backend code will need the database to make a query it'll call it using `mongoose` in a regular fashion. In our environment variables we'll make a distinction between `dev` and `prod` environments and will call our MongoDB Atlas Cloud cluster. +The backend has couple of instances and have an `nginx` in front of them for reverse proxy and load balancing. Every request will first hit the `nginx` (represented as _Cloud Load Balancing_ on our schema) and then will get to one of them backend instances. When the backend code will need the database to make a query it'll call it using `mongoose` in a regular fashion. In our environment variables we'll make a distinction between `dev` and `prod` environments and will call our MongoDB Atlas Cloud cluster. Every request or error will be logged to `stdout`. And other services in GCP (that we'll setup) will be able to collect and analyze our logs to give us a pictures of what is happening on our product. That will also help us to monitor it, and catch and fix bugs. -### 2.4. CI / CD Pipleline +### 2.4. CI / CD Pipleline The way we'll deploy new code to the cloud will use GitHub actions, and GCP Cloud Build triggers. @@ -168,21 +168,22 @@ In order to be on the same page I took a bunch of screenshots of Tweeter and cle ![Home Page](/posts/2020/chapter-2-simple-twitter/twitter-home-page.webp "Home Page") -After we hit the Home Page we can *Sign up* or *Log in*, in twitter the *Sign-up* button will bring a popup and the *Log in* will move us to a new page. We'll not do data, the *Sign up* will bring a popup with couple of `input`s to fill to sign up, and the *Log in* will just try to login the user using the `username` and `password` `input`s above. +After we hit the Home Page we can _Sign up_ or _Log in_, in twitter the _Sign-up_ button will bring a popup and the _Log in_ will move us to a new page. We'll not do data, the _Sign up_ will bring a popup with couple of `input`s to fill to sign up, and the _Log in_ will just try to login the user using the `username` and `password` `input`s above. ![Feed Page](/posts/2020/chapter-2-simple-twitter/twitter-feed-page.webp "Feed Page") When the user logged in, or sign up and activate his account via the email confirmation he will get to the Feed Page. This is a list of tweets from the users that he follows, ordered by time (the most recent is at the top). -This is the main page of the website. From this page he can post a new tweet (at the top of the feed there is a `textarea`), and at the left side there is the navigation of the website. In the navigation there are links to: *Notifications* Page, *Profile* Page, and *Settings* page. +This is the main page of the website. From this page he can post a new tweet (at the top of the feed there is a `textarea`), and at the left side there is the navigation of the website. In the navigation there are links to: _Notifications_ Page, _Profile_ Page, and _Settings_ page. ![Profile Page](/posts/2020/chapter-2-simple-twitter/twitter-profile-page.webp "Profile Page") The Profile page (or timeline) has the same navigation in the left side, but in the right side of the page, instead of the feed, we see at the top the general user information, and under that a tab to see the user tweets by: -- *Tweets* (or timeline): this is all the user tweets in order (recent at the top). -- *Tweets & replies*: this will show all of the user tweets include the tweets that are replies to other users tweets. -- *Media*: Tweets that include some media type (in our case it can include only images). -- *Likes*: Tweets of other users that this users liked. + +- _Tweets_ (or timeline): this is all the user tweets in order (recent at the top). +- _Tweets & replies_: this will show all of the user tweets include the tweets that are replies to other users tweets. +- _Media_: Tweets that include some media type (in our case it can include only images). +- _Likes_: Tweets of other users that this users liked. ![Followers & Following Page](/posts/2020/chapter-2-simple-twitter/twitter-followers-and-following-page.webp "Followers & Following Page") @@ -202,42 +203,42 @@ Let's plan all the routes that will be in our backend service. Every route is ba ### 4.1 Users -| Method | Path | Auth | Description | -|--------|----------------------------|--------|---------------------------| -| POST | /user | None | Create a new user | -| PUT | /user | Token | Edit own info | -| DELETE | /user | Token | Delete own user | -| GET | /user/feed | Token | Get own feed | -| GET | /user/:username | None | Get a user info | -| GET | /user/followers/:username | Token | Get a user followers list | -| GET | /user/following/:username | Token | Get a user following list | -| POST | /user/follow/:username | Token | Start following a user | -| POST | /user/unfollow/:username | Token | Stop following a user | -| POST | /user/reset-password | None | Reset own password | -| PUT | /user/password | Token | Edit own password | -| PUT | /user/settings | Token | Edit own settings | +| Method | Path | Auth | Description | +| ------ | ------------------------- | ----- | ------------------------- | +| POST | /user | None | Create a new user | +| PUT | /user | Token | Edit own info | +| DELETE | /user | Token | Delete own user | +| GET | /user/feed | Token | Get own feed | +| GET | /user/:username | None | Get a user info | +| GET | /user/followers/:username | Token | Get a user followers list | +| GET | /user/following/:username | Token | Get a user following list | +| POST | /user/follow/:username | Token | Start following a user | +| POST | /user/unfollow/:username | Token | Stop following a user | +| POST | /user/reset-password | None | Reset own password | +| PUT | /user/password | Token | Edit own password | +| PUT | /user/settings | Token | Edit own settings | ### 4.2 Notifications -| Method | Path | Auth | Description | -|--------|---------------------------|--------|-----------------------------------------------| -| GET | /notifications/:username | Token | Get all the notifications for a specific user | -| PUT | /notifications/:username | Token | Mark notification as read / unread | +| Method | Path | Auth | Description | +| ------ | ------------------------ | ----- | --------------------------------------------- | +| GET | /notifications/:username | Token | Get all the notifications for a specific user | +| PUT | /notifications/:username | Token | Mark notification as read / unread | ### 4.3 Tweets -| Method | Path | Auth | Description | -|--------|--------------------|--------|------------------------------------| -| GET | /tweets/:username | None | Get all the user tweets (timeline) | -| POST | /tweet | Token | Create a new tweet | -| PUT | /tweets/:tweet_id | Token | Edit a tweet | -| DELETE | /tweets/:tweet_id | Token | Delete a tweet | +| Method | Path | Auth | Description | +| ------ | ----------------- | ----- | ---------------------------------- | +| GET | /tweets/:username | None | Get all the user tweets (timeline) | +| POST | /tweet | Token | Create a new tweet | +| PUT | /tweets/:tweet_id | Token | Edit a tweet | +| DELETE | /tweets/:tweet_id | Token | Delete a tweet | ### 4.4 Media -| Method | Path | Auth | Description | -|--------|-----------|--------|----------------------| -| POST | /media | Token | Upload a new image | +| Method | Path | Auth | Description | +| ------ | ------ | ----- | ------------------ | +| POST | /media | Token | Upload a new image |   @@ -245,54 +246,54 @@ Let's plan all the routes that will be in our backend service. Every route is ba ### 5.1. Users Collection -| Field Name | Type | required | unique | Description | -|---------------|-----------|----------|--------|------------------------------------| -| firstName | `string` | false | false | User first name | -| lastName | `string` | false | false | User last name | -| username | `string` | true | true | User username | -| email | `string` | true | true | User email | -| profileImage | `string` | false | false | URL to the user profile image | -| active | `boolean` | true | false | User confirm his account via email | -| password | `string` | true | false | User hashed password | -| createdAt | `date` | true | false | User account created date | -| country | `string` | false | false | User country | -| website | `string` | false | false | User website | -| birthday | `date` | false | false | User birthday dat | +| Field Name | Type | required | unique | Description | +| ------------ | --------- | -------- | ------ | ---------------------------------- | +| firstName | `string` | false | false | User first name | +| lastName | `string` | false | false | User last name | +| username | `string` | true | true | User username | +| email | `string` | true | true | User email | +| profileImage | `string` | false | false | URL to the user profile image | +| active | `boolean` | true | false | User confirm his account via email | +| password | `string` | true | false | User hashed password | +| createdAt | `date` | true | false | User account created date | +| country | `string` | false | false | User country | +| website | `string` | false | false | User website | +| birthday | `date` | false | false | User birthday dat | ### 5.2. Followers Collection -| Field Name | Type | required | unique | Description | -|-------------|-------------|----------|--------|----------------------------| -| user | `ref` | true | false | The unique user `_id` | -| follower | `ref` | true | false | Unique follower user `_id` | +| Field Name | Type | required | unique | Description | +| ---------- | ----------- | -------- | ------ | -------------------------- | +| user | `ref` | true | false | The unique user `_id` | +| follower | `ref` | true | false | Unique follower user `_id` | ### 5.3. Following Collection -| Field Name | Type | required | unique | Description | -|-------------|-------------|----------|--------|-----------------------------| -| user | `ref` | true | false | The unique user `_id` | -| following | `ref` | true | false | Unique following user `_id` | +| Field Name | Type | required | unique | Description | +| ---------- | ----------- | -------- | ------ | --------------------------- | +| user | `ref` | true | false | The unique user `_id` | +| following | `ref` | true | false | Unique following user `_id` | ### 5.4. Tweets Collection -| Field Name | Type | required | unique | Description | -|--------------|-----------------|----------|--------|------------------------------------------------| -| author | `ref` | true | false | The unique user `_id` | -| text | `string` | false | false | Tweet text | -| image | `array` | false | false | Array of URLs for tweet images | -| replay | `ref` | false | false | The tweet `_id` this tweet replays to (if any) | +| Field Name | Type | required | unique | Description | +| ---------- | --------------- | -------- | ------ | ---------------------------------------------- | +| author | `ref` | true | false | The unique user `_id` | +| text | `string` | false | false | Tweet text | +| image | `array` | false | false | Array of URLs for tweet images | +| replay | `ref` | false | false | The tweet `_id` this tweet replays to (if any) | ### 5.5. Likes Collection -| Field Name | Type | required | unique | Description | -|-------------|--------------|----------|--------|--------------------------------| -| user | `ref` | true | false | The unique user `_id` | -| tweet | `ref` | true | false | The tweet `_id` the user liked | +| Field Name | Type | required | unique | Description | +| ---------- | ------------ | -------- | ------ | ------------------------------ | +| user | `ref` | true | false | The unique user `_id` | +| tweet | `ref` | true | false | The tweet `_id` the user liked | ### 5.6. Notifications Collection | Field Name | Type | required | unique | Description | -|------------|----------------------------|----------|--------|------------------------------| +| ---------- | -------------------------- | -------- | ------ | ---------------------------- | | user | `ref` | true | false | The unique user `_id` | | userAction | `ref` | true | false | The user who make the action | | type | `enum` | true | false | Get an image | diff --git a/content/posts/2020/chapter-3-simple-twitter.md b/content/posts/2020/chapter-3-simple-twitter.md index feb5ae2..36092da 100644 --- a/content/posts/2020/chapter-3-simple-twitter.md +++ b/content/posts/2020/chapter-3-simple-twitter.md @@ -8,7 +8,24 @@ author: "Nir Galon" authorLink: "https://nir.galon.io" description: "" -tags: ["twitter", "development", "angular", "angular cli", "node.js", "express", "git", "workflow", "github", "github actions", "nodemon", "lint", "unit tests", "coverage", "codecov"] +tags: + [ + "twitter", + "development", + "angular", + "angular cli", + "node.js", + "express", + "git", + "workflow", + "github", + "github actions", + "nodemon", + "lint", + "unit tests", + "coverage", + "codecov", + ] categories: ["development"] hiddenFromHomePage: false @@ -58,9 +75,9 @@ Pull Requests initiate discussion about our commits. We can open a Pull Request In our case, we're going to open a new Pull Request (PR) right after the first new commit in our new branch (all we need to open a PR is just one change, so right after the first commit we have a change and we can open it). This is a good practice, it let others see the direction and progress we are making. -In a real world environment we'll probably have a CI/CD that will deploy our branch to a test environment so we can test our changes before merge them to `master`, in our case we'll settle just for passing the tests. Every commit we'll push on our branch will trigger a GitHub action *workflow* that will build our project, run tests and check the coverage of our tests. This is another good reason to push commits as early and as often as possible. +In a real world environment we'll probably have a CI/CD that will deploy our branch to a test environment so we can test our changes before merge them to `master`, in our case we'll settle just for passing the tests. Every commit we'll push on our branch will trigger a GitHub action _workflow_ that will build our project, run tests and check the coverage of our tests. This is another good reason to push commits as early and as often as possible. -When we'll finish the feature, bug, etc another team member will probably review our code (assuming our tests pass and everything is green). In our case we'll do it to ourselves. Once we're sure everything is good we'll *squash and merge* our branch to `master` branch, this will close our PR and our issue (that's good because we no longer have a need for them). +When we'll finish the feature, bug, etc another team member will probably review our code (assuming our tests pass and everything is green). In our case we'll do it to ourselves. Once we're sure everything is good we'll _squash and merge_ our branch to `master` branch, this will close our PR and our issue (that's good because we no longer have a need for them). And then in our local machine we'll `checkout` to `master` branch, and `pull` the changes we just merge to the remote (GitHub) `master` (usually called `origin`), and the cycle will start all over again with a new issue (feature, bug, etc). @@ -79,33 +96,33 @@ gitGraph: options { "nodeSpacing": 150, "nodeRadius": 10 } end - commit - branch feature - checkout feature - commit - commit - checkout master - commit - merge feature +commit +branch feature +checkout feature +commit +commit +checkout master +commit +merge feature {{< /mermaid >}}   ## 2. Scaffolding Basic Client -Now that we know how to work with git and GitHub are going to open our client repository and scaffold our frontend project. The first commit will be on `master` (without an issue and a pull request), because when we are open a PR it need a *base* branch to merge it to, and when we first open a repository we don't have and branch. +Now that we know how to work with git and GitHub are going to open our client repository and scaffold our frontend project. The first commit will be on `master` (without an issue and a pull request), because when we are open a PR it need a _base_ branch to merge it to, and when we first open a repository we don't have and branch. ### 2.1. Create A Repository -So let's start by open a new repository on GitHub, we can do it by pressing on the `+` sign in next to our profile picture, and then choose *New repository* +So let's start by open a new repository on GitHub, we can do it by pressing on the `+` sign in next to our profile picture, and then choose _New repository_ ![Open a New Repository](/posts/2020/chapter-3-simple-twitter/new-repository.webp "Open a New Repository") -After that we'll be redirect to a new page when we need to fill some basic information about our repo. The name I choose for the repo is `simple-twitter-client` and it'll be a `public` repo, other then those you can leave everything as is and press on the big green button that says *Create Repository*. +After that we'll be redirect to a new page when we need to fill some basic information about our repo. The name I choose for the repo is `simple-twitter-client` and it'll be a `public` repo, other then those you can leave everything as is and press on the big green button that says _Create Repository_. ### 2.2. Scaffold an Angular Project -In *Simple Twitter - Chapter 1: Setup* we installed the [Angular CLI](https://cli.angular.io), now we're going to use it. Let's open our terminal on our local machine, I'm using [Hyper](https://hyper.is/) but you can use which ever terminal you used to, and navigate to the directory we want our project to be in (in my case it'll be a `web` directory in home). +In _Simple Twitter - Chapter 1: Setup_ we installed the [Angular CLI](https://cli.angular.io), now we're going to use it. Let's open our terminal on our local machine, I'm using [Hyper](https://hyper.is/) but you can use which ever terminal you used to, and navigate to the directory we want our project to be in (in my case it'll be a `web` directory in home). ```shell $ cd ~/web @@ -119,12 +136,11 @@ $ ng new simple-twitter-client ![Create a new project](/posts/2020/chapter-3-simple-twitter/ng-create-a-new-project.webp "Create a new project") - Once the cli stop working we can see (with the `ls` command) that he created a new directory for us (with the name we gave it earlier). Let's navigate inside it (with the `cd` command), and, again, list the files inside the directory we're in (with `ls` command, but now let's use the `-a` flag to also see all of the hidden files - files and directories that start with `.` and by that not listed = hidden, in our file explorer). ![List all the files and directories](/posts/2020/chapter-3-simple-twitter/list-files-ng-directory.webp "List all the files and directories") -We can see there is a git directory called `.git`. This directory hold all of the git stuff for our project, it's like a mini database with a log of all the commits and changes we do. Angular CLI created it for us, but it doesn't know our GitHub repository, we need to manually let our git know about it. So let's head back to the GitHub repo, and there we can see couple of instructions, we'll use the *…or push an existing repository from the command line* one. +We can see there is a git directory called `.git`. This directory hold all of the git stuff for our project, it's like a mini database with a log of all the commits and changes we do. Angular CLI created it for us, but it doesn't know our GitHub repository, we need to manually let our git know about it. So let's head back to the GitHub repo, and there we can see couple of instructions, we'll use the _…or push an existing repository from the command line_ one. ![Our Newly Created Repo](/posts/2020/chapter-3-simple-twitter/empty-repo.webp "Our Newly Created Repo") @@ -145,7 +161,7 @@ If you didn't get any git errors, you can see on your terminal it `push` your lo ### 2.3. Install additional modules -Now that we have a `master` branch with basic Angular project in it, let's create our first issue. I'll give it the title *Configuration*, and will add some TODOs to it so we don't need to remember our tasks. +Now that we have a `master` branch with basic Angular project in it, let's create our first issue. I'll give it the title _Configuration_, and will add some TODOs to it so we don't need to remember our tasks. ```markdown - [ ] Install and configure the [ngrx](https://ngrx.io) package. @@ -220,44 +236,37 @@ $ ng g module modules/material Now we have a new module, but it's not a _"shard"_ one yet, we need to add an `exports` array to the `NgModule` object, so every module we add to the `imports` array should also be added to the `exports` array. ```typescript -import { NgModule } from '@angular/core'; -import { CommonModule } from '@angular/common'; - +import { NgModule } from "@angular/core"; +import { CommonModule } from "@angular/common"; @NgModule({ declarations: [], - imports: [ - CommonModule, - ], - exports: [ - ], + imports: [CommonModule], + exports: [], }) -export class MaterialModule { } +export class MaterialModule {} ``` After we created our new shard module we need to import it in the main module, e.g. `AppModule`. So we'll add the line `import { MaterialModule } from './modules/material/material.module';` with the other imports in the `app.module.ts` file, and add `MaterialModule` to the `imports` array. Your `app.module.ts` file should look like this: ```typescript -import { BrowserModule } from '@angular/platform-browser'; -import { NgModule } from '@angular/core'; - -import { environment } from '../environments/environment'; +import { BrowserModule } from "@angular/platform-browser"; +import { NgModule } from "@angular/core"; -import { StoreModule } from '@ngrx/store'; -import { StoreDevtoolsModule } from '@ngrx/store-devtools'; -import { EffectsModule } from '@ngrx/effects'; +import { environment } from "../environments/environment"; -import { BrowserAnimationsModule } from '@angular/platform-browser/animations'; -import { MaterialModule } from './modules/material/material.module'; +import { StoreModule } from "@ngrx/store"; +import { StoreDevtoolsModule } from "@ngrx/store-devtools"; +import { EffectsModule } from "@ngrx/effects"; -import { AppRoutingModule } from './app-routing.module'; -import { AppComponent } from './app.component'; +import { BrowserAnimationsModule } from "@angular/platform-browser/animations"; +import { MaterialModule } from "./modules/material/material.module"; +import { AppRoutingModule } from "./app-routing.module"; +import { AppComponent } from "./app.component"; @NgModule({ - declarations: [ - AppComponent - ], + declarations: [AppComponent], imports: [ BrowserModule, AppRoutingModule, @@ -265,12 +274,12 @@ import { AppComponent } from './app.component'; StoreDevtoolsModule.instrument({ maxAge: 25, logOnly: environment.production }), EffectsModule.forRoot([]), BrowserAnimationsModule, - MaterialModule + MaterialModule, ], providers: [], - bootstrap: [AppComponent] + bootstrap: [AppComponent], }) -export class AppModule { } +export class AppModule {} ``` To check if material is working we can `import` some angular material component (for example the button component) and add it to the `app.component.html`, then when we start our app we'll see the button rendered in the browser. @@ -278,7 +287,7 @@ To check if material is working we can `import` some angular material component We'll add the below line to the `material.module.ts` file and add `MatButtonModule` to the `imports` array and the `exports` array. ```typescript -import { MatButtonModule } from '@angular/material/button'; +import { MatButtonModule } from "@angular/material/button"; ``` Next, we'll delete all of the content in the `app.component.html` file add add the below line instead. @@ -295,7 +304,7 @@ Now we should `commit` our changes, push it to GitHub, and we can mark another t ### 2.4. Some basic stuff -The next 2 tasks in our issue is to create a `core` module and add some `scss` basic styling. The `core` module should be a shard module, like the `material` one, and it should contain all of the stuff we'll `import` in the different modules (like `HttpClientModule`, `RouterModule`, `FormsModule`, etc). It also will contain some shard code, like `guards`, `models`, `services`, and `components` (but it's not relevant now, we'll talk about it when we need to). +The next 2 tasks in our issue is to create a `core` module and add some `scss` basic styling. The `core` module should be a shard module, like the `material` one, and it should contain all of the stuff we'll `import` in the different modules (like `HttpClientModule`, `RouterModule`, `FormsModule`, etc). It also will contain some shard code, like `guards`, `models`, `services`, and `components` (but it's not relevant now, we'll talk about it when we need to). For now, let's create it and `import` and `export` some basic modules (that we know we're going to use). We'll create the module with ng cli @@ -306,28 +315,18 @@ $ ng g module modules/core And then `imports` and `exports` some basic stuff in it. Let's import the `HttpClientModule`, `FormsModule` and `ReactiveFormsModule`. The `core.module.ts` file should look like ```typescript -import { NgModule } from '@angular/core'; -import { CommonModule } from '@angular/common'; - -import { HttpClientModule } from '@angular/common/http'; -import { FormsModule, ReactiveFormsModule } from '@angular/forms'; +import { NgModule } from "@angular/core"; +import { CommonModule } from "@angular/common"; +import { HttpClientModule } from "@angular/common/http"; +import { FormsModule, ReactiveFormsModule } from "@angular/forms"; @NgModule({ declarations: [], - imports: [ - CommonModule, - HttpClientModule, - FormsModule, - ReactiveFormsModule, - ], - exports: [ - HttpClientModule, - FormsModule, - ReactiveFormsModule, - ], + imports: [CommonModule, HttpClientModule, FormsModule, ReactiveFormsModule], + exports: [HttpClientModule, FormsModule, ReactiveFormsModule], }) -export class CoreModule { } +export class CoreModule {} ``` Then, all that left to do is to import the `CoreModule` in the `AppModule`, like we did with the `MaterialModule`, and `commit` and `push` the new changes. @@ -335,7 +334,8 @@ Then, all that left to do is to import the `CoreModule` in the `AppModule`, like The last item on our issue's to-do list is the basic `scss` styling. This is just some css rules that we need to write in the `style.scss` located in the `src` directory. ```scss -html, body { +html, +body { height: 100%; padding: 0; margin: 0; @@ -405,11 +405,11 @@ jobs: node-version: [12.x] steps: - - uses: actions/checkout@v1 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} + - uses: actions/checkout@v1 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} ``` From here, we'll add a command to install all the project dependencies, then run the lint, and then the tests, just like we run them on our local machine. So our final file should look like the one below. @@ -427,20 +427,20 @@ jobs: node-version: [12.x] steps: - - uses: actions/checkout@v1 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} + - uses: actions/checkout@v1 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} - - name: install dependencies - run: npm install + - name: install dependencies + run: npm install - - name: check lint errors - run: npm run lint + - name: check lint errors + run: npm run lint - - name: run tests - run: npm run test + - name: run tests + run: npm run test ``` Now we can commit the changes and push the new branch. After that, we'll create a new PR for this new branch and we can notice that our GitHub action is start right away, with us doing anything. If you'll wait a little bit and let the workflow run, you'll see that it will fail, specifically the the `run tests` step, because it'll fail to start chrome to run the tests. @@ -542,39 +542,13 @@ Now that we know what every script do, we understand that we just need to create { "rules": { "class-name": true, - "comment-format": [ - true, - "check-space" - ], - "indent": [ - true, - "spaces" - ], - "one-line": [ - true, - "check-open-brace", - "check-whitespace" - ], + "comment-format": [true, "check-space"], + "indent": [true, "spaces"], + "one-line": [true, "check-open-brace", "check-whitespace"], "no-var-keyword": true, - "quotemark": [ - true, - "double", - "avoid-escape" - ], - "semicolon": [ - true, - "always", - "ignore-bound-class-methods" - ], - "whitespace": [ - true, - "check-branch", - "check-decl", - "check-operator", - "check-module", - "check-separator", - "check-type" - ], + "quotemark": [true, "double", "avoid-escape"], + "semicolon": [true, "always", "ignore-bound-class-methods"], + "whitespace": [true, "check-branch", "check-decl", "check-operator", "check-module", "check-separator", "check-type"], "typedef-whitespace": [ true, { @@ -615,19 +589,14 @@ And then write the basic configuration for `tsconfig.json` file: "outDir": "dist", "baseUrl": ".", "paths": { - "*": [ - "node_modules/*", - "src/types/*" - ] + "*": ["node_modules/*", "src/types/*"] } }, - "include": [ - "src/**/*" - ] + "include": ["src/**/*"] } ``` -Those configuration and rules are basic templates you can find on the documentation sites of typescript and tslint packages, so we'll not go over them. Now, we just need the `server.ts` file, so the `tsc` will compile it to `server.js` and and npm `serve` script will have something to run. The default path the compiler looks for this file is under a directory named `src`, so we'll create it there. +Those configuration and rules are basic templates you can find on the documentation sites of typescript and tslint packages, so we'll not go over them. Now, we just need the `server.ts` file, so the `tsc` will compile it to `server.js` and and npm `serve` script will have something to run. The default path the compiler looks for this file is under a directory named `src`, so we'll create it there. ```bash $ touch src/server.ts @@ -766,32 +735,36 @@ dist/ Before we commit we'll create a `README.md` file (`$ touch README.md`) with some instructions. -``````markdown +````markdown # Simple Twitter Server This is the backend of Simple Twitter project. This project is for educational purpose only. ## Our Stack - * [Express](http://expressjs.com) - * [Node.js](https://nodejs.org) - * [MongoDB](https://www.mongodb.com) + +- [Express](http://expressjs.com) +- [Node.js](https://nodejs.org) +- [MongoDB](https://www.mongodb.com) ## Pre Requirements - 1. [NodeJS](https://nodejs.org). - 2. [TypeScript](https://www.typescriptlang.org). - 3. [MongoDB](https://www.mongodb.com). + +1. [NodeJS](https://nodejs.org). +2. [TypeScript](https://www.typescriptlang.org). +3. [MongoDB](https://www.mongodb.com). ## Installation - 1. Install nodemon globally `npm i -g nodemon`. - 1. Install requirements with `npm install`. - 2. Run the server with `npm start`. - 3. Open your http client at [http://localhost:8080](http://localhost:8080). + +1. Install nodemon globally `npm i -g nodemon`. +1. Install requirements with `npm install`. +1. Run the server with `npm start`. +1. Open your http client at [http://localhost:8080](http://localhost:8080). **Configurations** Create a `.env` file at the root directory (this file should not be commit). Here is an example of the `.env` file: + ``` DATABASE_URI=mongodb://localhost/simpletwitter JWT=SIMTWITT @@ -802,9 +775,10 @@ NODE_ENV=dev ``` ## Tests - * Run `npm run tslint` to check for ESLint mistakes. - * Run `npm test` to run the integration tests. -`````` + +- Run `npm run tslint` to check for ESLint mistakes. +- Run `npm test` to run the integration tests. +```` And now we have a basic npm project and we're ready to commit everything on `master` branch (because it's our first commit, we cannot open a PR because we don't have a default branch to compare it to it, yet), and push it to GitHub. @@ -899,7 +873,6 @@ const router: express.Router = express.Router(); We'll not use it yet, but we want to create it now because we know we're going to need it in the future. For now let's create a new method with the name `configureRoutes` and there we'll create a new endpoint in the root (`/`) path that we'll return us a simple text that our express app is working. - ```typescript /** * Registr routes. @@ -931,7 +904,6 @@ import { App } from "./app"; Now we'll create a `server` class and in the `constructor` we'll handle some Node.js errors and create an instance of that `App`. - ```typescript /** * @class Server @@ -963,7 +935,7 @@ And at the end of the file we'll export an instance of the `Server` for testing ```typescript // Export for testing -export default new Server; +export default new Server(); ``` So everything is good, we create our `App` instance, but we need to `listen` to some port with this API. So let's add a new method with the name `configurExpress` in the `Server` class and set the express port and start listen on that port. @@ -1215,7 +1187,6 @@ this.app.set("port", this.config.config.port); Now, the last thing we need to do is to create our seed script, so we can load, in the future, some dummy data to our database, so it'll be easier to "play" with our endpoints and to write tests. So, let's create a `seed.ts` file. - ```bash $ touch src/util/seed.ts ``` @@ -1231,7 +1202,6 @@ import * as mongoose from "mongoose"; * @class Seed */ export default class Seed { - /** * @class Seed * @constructor diff --git a/content/posts/2020/getting-to-know-my-neighbors.md b/content/posts/2020/getting-to-know-my-neighbors.md deleted file mode 100644 index 9e33988..0000000 --- a/content/posts/2020/getting-to-know-my-neighbors.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: "Moving House And Getting To Know My Neighbors" -subtitle: "" -date: 2020-12-01T09:00:00+03:00 -date: 2020-10-01T09:00:00+03:00 -lastmod: 2020-12-01T09:00:00+03:00 -draft: false -author: "Nir Galon" -authorLink: "https://nir.galon.io" -description: "" - -tags: ["wifi pineapple", "man in the middle", "wifi attack", "hacking", "white hat", "hak5"] -categories: ["hacking"] - -hiddenFromHomePage: false -hiddenFromSearch: false - -featuredImage: "/posts/2020/getting-to-know-my-neighbors/blue-wireless-connection.webp" -featuredImagePreview: "/posts/2020/getting-to-know-my-neighbors/blue-wireless-connection.webp" - -toc: - enable: true -math: - enable: false -lightgallery: true -license: "" ---- - -Lately I was moving to a new house, and the first thing that I do after getting comfortable in the new house is to getting to know my neighbors, like any other person on the planet will do, right? wrong! - -It's don't that I have something against getting to know my neighbors in person, it's just that it's not common in Israel like other places in the world. But none the less, I'm interested in my new area, and I just got a new version of wifi pineapple (MK VII). So, like every other kid with a new toy it's time to play! - -  - -## 1. Setup - -Let's set it up. First thing we need to do is to connect the device to a power source. I love that we have a usb-c in this version because all we need to do is to connect it to the laptop and we have the power source and the data - perfect. - -When we connect it to the laptop the single LED at the top of the device will start blinking blue - it's means the device is booting up, let's wait for couple of minutes until we see a solid blue. Now we need to connect to the device, the wifi pineapple will start broadcast an open wireless network, named _"Pineapple_XXXX"_ (the XXXX are the last 4 characters of the device's MAC address). - -![The wifi pineapple SSID](/posts/2020/getting-to-know-my-neighbors/macos-network.webp "The wifi pineapple SSID") - -Once you're connected to the device wireless network, open up you browser of choice and browse to [http://172.16.42.1:1471](http://172.16.42.1:1471). The _"Setup"_ screen will show up, let's follow the instrucations. - -Click in the _"Begin Setup"_ and then it'll ask us to verify it's our wifi pineapple, that's mean we have a pisical access to the device. We'll need to click on the single button (from the left of the usb-c). You can click it and let it go if you want to continue with the radios disabled, or 4 seconds with the radios enabled. I'm in my private home, in a safe inveroment so I'll choose the easy way to set it up - 4 seconds to enable the radios. - -Now choose a password for the wifi pineapple admin dashboard, and set the your timezone and click _"next"_. - -![Wifi pineapple setup](/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-setup.webp "wifi pineapple setup") - -In the next screen we need to setup the _"Network"_ configuration. I choose to call my mangment SSID _"pineM"_ while the open SSID is _"OpenStarbucks"_ (algth we don't have Starbucks in Israel). - -![Wifi pineapple network setup](/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-network-setup.webp "wifi pineapple network setup") - -The last step in the setup process is the filtering. You can change all of the settings later on when we connact to the mangment dashboard, but just to understand what filtering means here. - -The first one _"Client Filter Configuration"_ will limit for whitelist or blacklist the devices that can connect to the open SSID of the wifi pineapple. The second _"SSID Filter Configuration"_ will limit for whitelist or blacklist the SSID (networks) the wifi pineapple can spoofed. - -I'll choose the first option (_"Allow ..."_) for each of them. That means nobody can connect to the wifi pineapple at the moment. - -![Wifi pineapple filter setup](/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-filter-setup.webp "wifi pineapple filter setup") - -The last couple of steps is to choose the theme of the dashboard and accept _"Terms of Service"_ and the _"License Agreement"_. After that we'll be redirect automatcaly. - -  - -## 7. Summary diff --git a/content/posts/2020/jekyll-starter-kit-generator-3.x.x.md b/content/posts/2020/jekyll-starter-kit-generator-3.x.x.md index b2e8575..c105b9c 100644 --- a/content/posts/2020/jekyll-starter-kit-generator-3.x.x.md +++ b/content/posts/2020/jekyll-starter-kit-generator-3.x.x.md @@ -24,6 +24,7 @@ math: lightgallery: true license: "" --- + First thing first, I want to send virtual thanks, gratitudes and hugs to all the people that star, download, use, and contribute the project! This is huge for me, you don't know how much it's affect and keep me going. Thank you!! And for those of you who has yet to hear about the Jekyll Starter Kit generator, it’s a [Yeoman](http://yeoman.io/) generator for creating [Jekyll](https://jekyllrb.com/) projects with PWA support and a lot more best practices stuff. @@ -50,12 +51,12 @@ So when I update the [Jekyll Starter Kit](https://github.com/nirgn975/generator- ### 2.1 The Jekll update is a major change! But what else we have done? - * npm bought [nsp](https://github.com/nodesecurity/nsp) and incorporated it to `npm audit`. So we moved our security check to use `npm audit --audit-level high` before every publish of a new release. - * We Removed [Travis-CI](https://travis-ci.org/) and moved to [GitHub actions](https://github.com/features/actions) for our CI. I think it's much easier to write and you don't need to sign in to yet another service, so it's a win win. We also add support for node version 12 in the CI and remove version 8. - * We also publish the package to [GitHub registry](https://github.com/features/packages) in addition to [npm](https://www.npmjs.com/package/generator-jekyll-starter-kit). - * All those changes break couple of badges in the `README.md` file, so we fix them and add a contribute badge so everyone will know this package is actively maintained (and this badge is good for one year, so if I stopped maintain this project it will automagically will says it's not maintain). - * Update all of the dependencies and add the [dependabot](https://dependabot.com/) to automate the dependencies update process. And now that we have all the tests and a full CI system on GitHub actions, it's easier and automated then ever! You can be sure the project will be update to date without any 1day security issues. - * To make life easier for the contributors we added Issues and Pull requests templates. We also created `CODE_OF_CONDUCT` file. +- npm bought [nsp](https://github.com/nodesecurity/nsp) and incorporated it to `npm audit`. So we moved our security check to use `npm audit --audit-level high` before every publish of a new release. +- We Removed [Travis-CI](https://travis-ci.org/) and moved to [GitHub actions](https://github.com/features/actions) for our CI. I think it's much easier to write and you don't need to sign in to yet another service, so it's a win win. We also add support for node version 12 in the CI and remove version 8. +- We also publish the package to [GitHub registry](https://github.com/features/packages) in addition to [npm](https://www.npmjs.com/package/generator-jekyll-starter-kit). +- All those changes break couple of badges in the `README.md` file, so we fix them and add a contribute badge so everyone will know this package is actively maintained (and this badge is good for one year, so if I stopped maintain this project it will automagically will says it's not maintain). +- Update all of the dependencies and add the [dependabot](https://dependabot.com/) to automate the dependencies update process. And now that we have all the tests and a full CI system on GitHub actions, it's easier and automated then ever! You can be sure the project will be update to date without any 1day security issues. +- To make life easier for the contributors we added Issues and Pull requests templates. We also created `CODE_OF_CONDUCT` file.   diff --git a/content/posts/2020/new-design-for-the-blog.md b/content/posts/2020/new-design-for-the-blog.md index 97020d9..88f4d43 100644 --- a/content/posts/2020/new-design-for-the-blog.md +++ b/content/posts/2020/new-design-for-the-blog.md @@ -24,6 +24,7 @@ math: lightgallery: true license: "" --- + I'm really excited for this! Don't ask me why because I can't explain it. This is not the first time I make a new design for this blog, it's actually the fifth time! and yet, I feel this is the best one yet. It have everything I ever wanted in my blog.   @@ -108,7 +109,7 @@ One of the things I highly value is the user privacy, as I said before. But I ne ![Plausible Analytics elevator pitch](/posts/2020/new-design-for-the-blog/plausible-analytics-elevator-pitch.webp "Plausible Analytics elevator pitch") -And I found it, [Plausible Analytics](https://plausible.io) is simple and privacy focus, exactly what I was searching for. And to check they're true to their words I use [blacklight](https://themarkup.org/blacklight/?url=lifelongstudent.io) - A real-time website privacy inspector. +And I found it, [Plausible Analytics](https://plausible.io) is simple and privacy focus, exactly what I was searching for. And to check they're true to their words I use [blacklight](https://themarkup.org/blacklight/?url=lifelongstudent.io) - A real-time website privacy inspector. ![Blacklight search results](/posts/2020/new-design-for-the-blog/blacklight-search-results.webp "Blacklight search results") diff --git a/content/posts/2020/open-source-intelligence.md b/content/posts/2020/open-source-intelligence.md index cb4ad9c..ed81922 100644 --- a/content/posts/2020/open-source-intelligence.md +++ b/content/posts/2020/open-source-intelligence.md @@ -27,7 +27,7 @@ license: "" Every operation need good intel, and good intel is hard to find. Or is it? -[OSINT (or Open Source Intelligence)](https://en.wikipedia.org/wiki/Open-source_intelligence) is the operation of collecting and analyzing information about a target from various sources. A lot of times you'll see the terms "public" or "open" sources but let's be honest here, this is false and that's why I wrote *various sources*. +[OSINT (or Open Source Intelligence)](https://en.wikipedia.org/wiki/Open-source_intelligence) is the operation of collecting and analyzing information about a target from various sources. A lot of times you'll see the terms "public" or "open" sources but let's be honest here, this is false and that's why I wrote _various sources_. This is not to say that hacking to someone and steal his data is OSINT, because it's not. But not all the sources we'll use are public and open to everyone, and their data isn't collected by those services in an open way (innocently and / or with user consent). @@ -47,9 +47,8 @@ So, naturally, I put some more security on that service. One of them was to log Everything was quiet for a long time, but we know it's not going to be like that forever. Lo and behold about a month ago it happened for the first time! Someone tried to penetrate the system with a non existent username and password. I got 4 attempts, because I don't even let you have a third strike - I put your IP in a blacklist. So as you see in the table below we basically have 2 real attempts (2 IPs) with 4 different credentials. - -| Email | Password | IP | Time | Accept Language | User Agent | -|--------------------------|------------|----------------|--------------------------|-----------------|-------------------------| +| Email | Password | IP | Time | Accept Language | User Agent | +| ------------------------ | ---------- | -------------- | ------------------------ | --------------- | ------------------------------------------------------------------------------------------------------------------ | | deion_kihn@bocah.team | Harry1982! | 84.17.46.157 | 2020-05-27T09:16:44.044Z | en-US | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 | | deion_kihn@bocah.team | Harry1945 | 84.17.46.157 | 2020-05-27T09:17:08.923Z | en-US | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 | | zena.durgan91@bocah.team | Isaac2007 | 154.127.57.238 | 2020-05-27T11:26:31.250Z | en-US | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 | @@ -58,6 +57,7 @@ Everything was quiet for a long time, but we know it's not going to be like that   We notice a bunch of things: + - We have only 2 IPs. - The email address don't change in every attempt, only the password is changing in each attempt. - The two emails are with the same domain. @@ -72,417 +72,418 @@ The easiest thing to look up first are the IPs and the domain. The first IP (`84 ```json { - "ip":"84.17.46.157", - "type":"ipv4", - "continent_code":"EU", - "continent_name":"Europe", - "country_code":"NL", - "country_name":"Netherlands", - "region_code":"NH", - "region_name":"North Holland", - "city":"Diemen", - "zip":"1101", - "latitude":52.309051513671875, - "longitude":4.940189838409424, - "location":{ - "geoname_id":2756888, - "capital":"Amsterdam", - "languages":[ + "ip": "84.17.46.157", + "type": "ipv4", + "continent_code": "EU", + "continent_name": "Europe", + "country_code": "NL", + "country_name": "Netherlands", + "region_code": "NH", + "region_name": "North Holland", + "city": "Diemen", + "zip": "1101", + "latitude": 52.309051513671875, + "longitude": 4.940189838409424, + "location": { + "geoname_id": 2756888, + "capital": "Amsterdam", + "languages": [ { - "code":"nl", - "name":"Dutch", - "native":"Nederlands" + "code": "nl", + "name": "Dutch", + "native": "Nederlands" } ], - "country_flag":"http://assets.ipstack.com/flags/nl.svg", - "country_flag_emoji":"\ud83c\uddf3\ud83c\uddf1", - "country_flag_emoji_unicode":"U+1F1F3 U+1F1F1", - "calling_code":"31", - "is_eu":true + "country_flag": "http://assets.ipstack.com/flags/nl.svg", + "country_flag_emoji": "\ud83c\uddf3\ud83c\uddf1", + "country_flag_emoji_unicode": "U+1F1F3 U+1F1F1", + "calling_code": "31", + "is_eu": true }, - "time_zone":{ - "id":"Europe/Amsterdam", - "current_time":"2020-05-02T15:15:21+02:00", - "gmt_offset":7200, - "code":"CEST", - "is_daylight_saving":true + "time_zone": { + "id": "Europe/Amsterdam", + "current_time": "2020-05-02T15:15:21+02:00", + "gmt_offset": 7200, + "code": "CEST", + "is_daylight_saving": true }, - "currency":{ - "code":"EUR", - "name":"Euro", - "plural":"euros", - "symbol":"\u20ac", - "symbol_native":"\u20ac" + "currency": { + "code": "EUR", + "name": "Euro", + "plural": "euros", + "symbol": "\u20ac", + "symbol_native": "\u20ac" }, - "connection":{ - "asn":60068, - "isp":"Datacamp Limited" + "connection": { + "asn": 60068, + "isp": "Datacamp Limited" } } ``` ```json { - "ip":"154.127.57.238", - "type":"ipv4", - "continent_code":"AF", - "continent_name":"Africa", - "country_code":"ZA", - "country_name":"South Africa", - "region_code":"GT", - "region_name":"Gauteng", - "city":"Johannesburg", - "zip":"2000", - "latitude":-26.199169158935547, - "longitude":28.0563907623291, - "location":{ - "geoname_id":993800, - "capital":"Pretoria", - "languages":[ + "ip": "154.127.57.238", + "type": "ipv4", + "continent_code": "AF", + "continent_name": "Africa", + "country_code": "ZA", + "country_name": "South Africa", + "region_code": "GT", + "region_name": "Gauteng", + "city": "Johannesburg", + "zip": "2000", + "latitude": -26.199169158935547, + "longitude": 28.0563907623291, + "location": { + "geoname_id": 993800, + "capital": "Pretoria", + "languages": [ { - "code":"af", - "name":"Afrikaans", - "native":"Afrikaans" + "code": "af", + "name": "Afrikaans", + "native": "Afrikaans" }, { - "code":"en", - "name":"English", - "native":"English" + "code": "en", + "name": "English", + "native": "English" }, { - "code":"nr", - "name":"South Ndebele", - "native":"isiNdebele" + "code": "nr", + "name": "South Ndebele", + "native": "isiNdebele" }, { - "code":"st", - "name":"Southern Sotho", - "native":"Sesotho" + "code": "st", + "name": "Southern Sotho", + "native": "Sesotho" }, { - "code":"ss", - "name":"Swati", - "native":"SiSwati" + "code": "ss", + "name": "Swati", + "native": "SiSwati" }, { - "code":"tn", - "name":"Tswana", - "native":"Setswana" + "code": "tn", + "name": "Tswana", + "native": "Setswana" }, { - "code":"ts", - "name":"Tsonga", - "native":"Xitsonga" + "code": "ts", + "name": "Tsonga", + "native": "Xitsonga" }, { - "code":"ve", - "name":"Venda", - "native":"Tshiven\u1e13a" + "code": "ve", + "name": "Venda", + "native": "Tshiven\u1e13a" }, { - "code":"xh", - "name":"Xhosa", - "native":"isiXhosa" + "code": "xh", + "name": "Xhosa", + "native": "isiXhosa" }, { - "code":"zu", - "name":"Zulu", - "native":"isiZulu" + "code": "zu", + "name": "Zulu", + "native": "isiZulu" } ], - "country_flag":"http://assets.ipstack.com/flags/za.svg", - "country_flag_emoji":"\ud83c\uddff\ud83c\udde6", - "country_flag_emoji_unicode":"U+1F1FF U+1F1E6", - "calling_code":"27", - "is_eu":false + "country_flag": "http://assets.ipstack.com/flags/za.svg", + "country_flag_emoji": "\ud83c\uddff\ud83c\udde6", + "country_flag_emoji_unicode": "U+1F1FF U+1F1E6", + "calling_code": "27", + "is_eu": false }, - "time_zone":{ - "id":"Africa/Johannesburg", - "current_time":"2020-05-02T15:20:17+02:00", - "gmt_offset":7200, - "code":"SAST", - "is_daylight_saving":false + "time_zone": { + "id": "Africa/Johannesburg", + "current_time": "2020-05-02T15:20:17+02:00", + "gmt_offset": 7200, + "code": "SAST", + "is_daylight_saving": false }, - "currency":{ - "code":"ZAR", - "name":"South African Rand", - "plural":"South African rand", - "symbol":"R", - "symbol_native":"R" + "currency": { + "code": "ZAR", + "name": "South African Rand", + "plural": "South African rand", + "symbol": "R", + "symbol_native": "R" }, - "connection":{ - "asn":61317, - "isp":"Digital Energy Technologies Ltd." + "connection": { + "asn": 61317, + "isp": "Digital Energy Technologies Ltd." } } ``` This looks like a dead end for now, let's check the domain. For that I use [DomainTools](http://domaintools.com), they have a pretty nice and free service for Whois lookup. So when I searched `bocah.team` I didn't get much, it looks like the domain have a privacy protection, this means we cannot see who bought it. -But we can see a lot of other stuff, like it's registered by [NameCheap](https://www.namecheap.com) and protected by [WhoisGuard](http://www.whoisguard.com/). It created on 2018-07-13. The server the domain points to is a [DigitalOcean](https://www.digitalocean.com) one in the United Kingdom and his IP is `188.166.152.221`. They got `200` status code back from an [Apache Web Server](https://www.apache.org), and it tells us there are *257 other sites hosted on this server*! So it's time to do a reverse IP lookup for this server IP. +But we can see a lot of other stuff, like it's registered by [NameCheap](https://www.namecheap.com) and protected by [WhoisGuard](http://www.whoisguard.com/). It created on 2018-07-13. The server the domain points to is a [DigitalOcean](https://www.digitalocean.com) one in the United Kingdom and his IP is `188.166.152.221`. They got `200` status code back from an [Apache Web Server](https://www.apache.org), and it tells us there are _257 other sites hosted on this server_! So it's time to do a reverse IP lookup for this server IP. ![DomainTools Whois Report](/posts/2020/open-source-intelligence/domain-tools-whois-report.webp "DomainTools Whois Report") DomainTools don't let you do a reverse IP lookup for free, they'll show you couple of results and if you want to see more you need to buy a membership. We're amateurs here, I don't intend to throw away $99 per month for one reverse IP lookup, let's find another service. -Actually there are quite a few that does that for free, like [Hacker Target](https://hackertarget.com), and [ViewDNS](https://viewdns.info/). I especially love ViewDNS because it's give you the dates of *Last Resolved* for every domain, and give you a total number at the top (so you can match his findings with other services). +Actually there are quite a few that does that for free, like [Hacker Target](https://hackertarget.com), and [ViewDNS](https://viewdns.info/). I especially love ViewDNS because it's give you the dates of _Last Resolved_ for every domain, and give you a total number at the top (so you can match his findings with other services). ViewDNS found 242 domains, almost everyone that DomainsTools said there are, and it's quite the list.
Click here to see the 242 domains table. -| Domain | Last Resolved Date | -|-------------------------------------------|--------------------| -| 1st-euro.net | 2020-04-27 | -| 2hard4you.com | 2020-04-29 | -| 32399753810sb.com | 2019-10-29 | -| 39832302670sb.com | 2019-10-29 | -| 404fizzy.com | 2020-04-29 | -| 53nn0r4x.org | 2020-05-02 | -| ablegod.net | 2020-04-27 | -| adobe-results.net | 2020-04-27 | -| adobepdf.org | 2020-05-02 | -| adobexx.com | 2020-04-29 | -| akangs.com | 2020-04-29 | -| alli7f9651a12362cec298fe16c1574dcead.com | 2019-10-29 | -| amaslim.com | 2020-04-29 | -| ap13rc3.com | 2019-10-03 | -| apelngentots.com | 2020-04-29 | -| aplasitecomcom.com | 2020-04-29 | -| approject.net | 2020-04-27 | -| armcokeresulter.com | 2020-04-29 | -| asdhfkjds.com | 2020-04-29 | -| asdsadsa.com | 2020-04-29 | -| astsmtp.org | 2019-10-11 | -| balusaz.com | 2020-03-29 | -| banglemail.com | 2020-04-29 | -| baonlineintl.com | 2020-04-29 | -| bdcimail.com | 2020-04-29 | -| blckman.com | 2020-04-29 | -| blowjoob.com | 2020-04-29 | -| blurdybloop.com | 2020-04-29 | -| boarsw1.com | 2020-04-29 | -| boarsw11.com | 2020-04-29 | -| boarsw2.com | 2020-04-29 | -| bocah.team | 2020-05-03 | -| btemailsupport.com | 2020-04-29 | -| c0x1.com | 2020-04-29 | -| c1onet.com | 2019-10-19 | -| cc-result.com | 2020-04-29 | -| ch3rsw2.com | 2020-04-29 | -| charles-robinson.com | 2020-04-29 | -| chasemelom.com | 2020-04-29 | -| chsw11.com | 2020-04-29 | -| chsww4.com | 2020-04-29 | -| cielo2012.com | 2020-04-29 | -| clientcaf.info | 2020-04-28 | -| cnutzdtrk.com | 2020-04-29 | -| coin-c.pro | 2020-01-30 | -| ctrhackschool.com | 2020-04-29 | -| d1berkati.net | 2020-05-03 | -| d3sxsrw.com | 2019-11-12 | -| darego.org | 2020-05-02 | -| dav1nc1.com | 2019-08-07 | -| denate-djf88.com | 2020-04-29 | -| devexoxfamjackpot.org | 2019-08-07 | -| docusign1.com | 2020-04-29 | -| donking.net | 2020-04-27 | -| dpvmx.com | 2020-04-29 | -| dullandstupidfolks.com | 2019-10-26 | -| eaglesmail.net | 2020-04-27 | -| eentertainment.site | 2019-09-13 | -| esqhackschool.com | 2020-04-29 | -| expertgz.com | 2020-03-22 | -| familytreetmatter.com | 2019-11-13 | -| fcwbanking.com | 2020-04-29 | -| forcadesempre.com | 2020-04-29 | -| fortiittechnology.com | 2019-08-21 | -| freakzbrothers.team | 2019-10-25 | -| frreer.com | 2020-04-29 | -| garutc0de.com | 2020-04-29 | -| gcrele.com | 2020-04-29 | -| ggledocblessing.com | 2020-04-29 | -| ggledocs.com | 2020-04-29 | -| globizsolution.com | 2020-05-03 | -| gmailphish.com | 2020-04-29 | -| gmdddail.com | 2020-04-29 | -| goldenboyplanet.net | 2020-04-27 | -| goldenmarine.net | 2020-04-27 | -| goodpostman.com | 2020-04-29 | -| googdocs.org | 2020-05-02 | -| groovypigthing.com | 2019-12-13 | -| h4l1f4x.com | 2020-04-29 | -| humaxgifts.net | 2020-04-27 | -| hyzeek.com | 2020-04-29 | -| idbte4m.com | 2020-04-29 | -| idyat.com | 2020-04-29 | -| iestoreakeup.com | 2020-04-29 | -| ifastnet1.com | 2020-04-29 | -| ilekunanu.com | 2020-05-03 | -| iln-mc.net | 2020-04-27 | -| immaculatelord.com | 2020-04-29 | -| inforezult.com | 2020-04-29 | -| infulz.org | 2020-05-02 | -| inv3st3c.com | 2019-10-29 | -| j4nn1ck.com | 2020-04-29 | -| jephy-webmail.com | 2020-04-29 | -| jquery-cloud.org | 2019-11-15 | -| kanbghik.com | 2020-04-29 | -| killdemall.com | 2020-04-29 | -| kind1.org | 2019-09-26 | -| kindly2014.com | 2020-04-29 | -| kksdfs.com | 2020-04-29 | -| kod3r.com | 2020-04-29 | -| kucinghitam.team | 2019-07-12 | -| kuhlcomputer.com | 2020-04-29 | -| lagoshacker.com | 2020-04-29 | -| lbox1.com | 2020-04-29 | -| lbox2.com | 2020-04-29 | -| lbox3.com | 2020-04-29 | -| legitz-solutions.com | 2020-04-29 | -| linksandmail.com | 2020-04-29 | -| llgss.com | 2020-04-29 | -| magentoscure.com | 2020-04-29 | -| mailfahad.com | 2020-04-29 | -| mailrez.com | 2020-04-29 | -| malancellc.com | 2020-04-29 | -| mdhmx.com | 2020-04-29 | -| mefffdo.com | 2019-10-10 | -| menemoney.com | 2020-04-29 | -| mimecastphish.com | 2020-04-29 | -| minioncc.com | 2020-04-29 | -| minionlogin.com | 2020-04-29 | -| minionresult.com | 2020-04-29 | -| moneysquad.org | 2020-05-02 | -| moxxxx.com | 2020-04-29 | -| mrspybotv3.com | 2020-04-29 | -| mrspybotv4.com | 2020-04-29 | -| mteen.net | 2020-04-27 | -| mylinklog.com | 2020-04-29 | -| mymailgin.com | 2020-04-29 | -| mystshop.org | 2020-05-02 | -| nationwidez.com | 2020-04-29 | -| neids.net | 2020-04-27 | -| netzrxflix.com | 2020-04-29 | -| newbieking.biz | 2020-05-02 | -| newcpanel.com | 2020-04-29 | -| notforsal.org | 2020-05-02 | -| notinforreal.org | 2020-05-02 | -| oluxshopservice.com | 2019-11-12 | -| one-sender.com | 2020-04-29 | -| oneskilet.team | 2020-03-22 | -| oonlo.com | 2020-04-29 | -| orimi.co | 2020-05-02 | -| otherphish.com | 2020-04-29 | -| ourtimesupport.com | 2020-04-29 | -| ourtimewhorers.com | 2020-05-03 | -| outlookphish.com | 2020-04-29 | -| p-delivr.com | 2020-04-29 | -| pant8.com | 2020-04-29 | -| perpeleran.com | 2020-04-29 | -| pollarda.com | 2020-04-29 | -| ppaypl.com | 2020-04-29 | -| priv8scam.com | 2020-02-09 | -| priv8scamccforu.com | 2020-02-09 | -| private-relay.com | 2020-04-29 | -| projectmy.net | 2020-04-27 | -| pvscamccsscom.com | 2019-09-28 | -| pvscamyasscom.com | 2020-04-29 | -| pvscamyavscom.com | 2019-09-28 | -| qqrez.com | 2020-04-29 | -| r36yc.com | 2020-04-29 | -| raflipedia.com | 2020-04-29 | -| recodz.com | 2020-04-29 | -| resulttidaklancar.com | 2020-04-29 | -| rezlt.org | 2020-05-02 | -| rezltboa.com | 2020-04-29 | -| rezult.org | 2020-05-03 | -| rezultbossing.com | 2020-04-29 | -| rsjkingdomxpp.pro | 2019-06-11 | -| salkah.com | 2020-04-29 | -| saydie.com | 2020-04-29 | -| se-holldings.com | 2020-04-29 | -| sendmsexcel.com | 2020-04-29 | -| serverstrato.net | 2020-04-27 | -| serviceadobe.com | 2020-04-29 | -| servicedropbox.com | 2019-08-24 | -| servicesoutlook.com | 2020-04-29 | -| servisdocusign.com | 2020-04-29 | -| servisdropbox.com | 2020-04-29 | -| sidshell.com | 2020-03-22 | -| skilet.team | 2020-03-22 | -| slackerc0de.com | 2020-04-29 | -| slclogin.com | 2020-05-03 | -| sn7ak.com | 2020-04-29 | -| soutaz.com | 2020-04-29 | -| spammerindo.com | 2020-04-29 | -| spammerindo.pro | 2019-06-11 | -| spirititus.com | 2020-04-29 | -| spmers.net | 2020-04-27 | -| spyu.org | 2020-05-02 | -| srv-app.club | 2019-07-02 | -| stationlinux.org | 2020-05-02 | -| support-itrueserver.xyz | 2020-03-22 | -| sureboi.com | 2020-04-29 | -| svoooo.com | 2020-04-29 | -| sydoppe.com | 2020-04-29 | -| synichix.pro | 2019-06-11 | -| system42l.net | 2020-04-27 | -| t3chsss.net | 2020-04-27 | -| teeniecamp4free.com | 2020-04-29 | -| teluz.org | 2019-10-10 | -| tf-info.com | 2020-04-29 | -| tgboi.com | 2020-04-29 | -| tgiftoday.biz | 2019-08-20 | -| thanksforreal.org | 2019-12-12 | -| theaccessuk.org | 2020-05-02 | -| tool4spam.com | 2020-04-29 | -| tooolz.com | 2020-04-29 | -| tooxlz-db.com | 2020-04-29 | -| trowey.com | 2020-04-29 | -| tsbdumbs.com | 2020-04-29 | -| tt-door.biz | 2020-05-02 | -| ttcpanel.com | 2020-04-29 | -| twinbash.co | 2020-05-02 | -| usaaresults.com | 2020-04-29 | -| usaaxa.com | 2020-05-03 | -| vgnnb.com | 2020-04-29 | -| virus-ma.com | 2019-08-09 | -| webmai.co | 2020-05-02 | -| webmailupdate.com | 2020-04-29 | -| willyfucker.com | 2019-11-27 | -| windowsswebs.com | 2019-10-29 | -| wiregang.com | 2019-08-09 | -| wirethings.net | 2020-05-03 | -| wls1.com | 2020-04-29 | -| worldpc2000.com | 2020-04-29 | -| xellef-id.com | 2020-04-29 | -| xhades.com | 2020-04-29 | -| xindex.org | 2020-05-02 | -| xsendersecurity.com | 2020-04-29 | -| xvbvx.com | 2020-04-29 | -| xxsender.com | 2020-04-29 | -| xxxsender.com | 2020-04-29 | -| yah5oo.com | 2020-04-29 | -| yandew.com | 2020-04-29 | -| yatdew.com | 2020-04-29 | -| youphei.com | 2019-12-13 | -| yourzcoolsite.com | 2019-12-12 | -| yyuuoo.com | 2020-04-29 | -| z1t0ng404.com | 2020-04-29 | -| z3ran.com | 2020-04-29 | -| zebyinbox.com | 2020-04-29 | -| zenquel.com | 2020-04-29 | -| zephyrsc.shop | 2019-10-23 | -| zwirgel.net | 2020-04-27 | -
+| Domain | Last Resolved Date | +| ---------------------------------------- | ------------------ | +| 1st-euro.net | 2020-04-27 | +| 2hard4you.com | 2020-04-29 | +| 32399753810sb.com | 2019-10-29 | +| 39832302670sb.com | 2019-10-29 | +| 404fizzy.com | 2020-04-29 | +| 53nn0r4x.org | 2020-05-02 | +| ablegod.net | 2020-04-27 | +| adobe-results.net | 2020-04-27 | +| adobepdf.org | 2020-05-02 | +| adobexx.com | 2020-04-29 | +| akangs.com | 2020-04-29 | +| alli7f9651a12362cec298fe16c1574dcead.com | 2019-10-29 | +| amaslim.com | 2020-04-29 | +| ap13rc3.com | 2019-10-03 | +| apelngentots.com | 2020-04-29 | +| aplasitecomcom.com | 2020-04-29 | +| approject.net | 2020-04-27 | +| armcokeresulter.com | 2020-04-29 | +| asdhfkjds.com | 2020-04-29 | +| asdsadsa.com | 2020-04-29 | +| astsmtp.org | 2019-10-11 | +| balusaz.com | 2020-03-29 | +| banglemail.com | 2020-04-29 | +| baonlineintl.com | 2020-04-29 | +| bdcimail.com | 2020-04-29 | +| blckman.com | 2020-04-29 | +| blowjoob.com | 2020-04-29 | +| blurdybloop.com | 2020-04-29 | +| boarsw1.com | 2020-04-29 | +| boarsw11.com | 2020-04-29 | +| boarsw2.com | 2020-04-29 | +| bocah.team | 2020-05-03 | +| btemailsupport.com | 2020-04-29 | +| c0x1.com | 2020-04-29 | +| c1onet.com | 2019-10-19 | +| cc-result.com | 2020-04-29 | +| ch3rsw2.com | 2020-04-29 | +| charles-robinson.com | 2020-04-29 | +| chasemelom.com | 2020-04-29 | +| chsw11.com | 2020-04-29 | +| chsww4.com | 2020-04-29 | +| cielo2012.com | 2020-04-29 | +| clientcaf.info | 2020-04-28 | +| cnutzdtrk.com | 2020-04-29 | +| coin-c.pro | 2020-01-30 | +| ctrhackschool.com | 2020-04-29 | +| d1berkati.net | 2020-05-03 | +| d3sxsrw.com | 2019-11-12 | +| darego.org | 2020-05-02 | +| dav1nc1.com | 2019-08-07 | +| denate-djf88.com | 2020-04-29 | +| devexoxfamjackpot.org | 2019-08-07 | +| docusign1.com | 2020-04-29 | +| donking.net | 2020-04-27 | +| dpvmx.com | 2020-04-29 | +| dullandstupidfolks.com | 2019-10-26 | +| eaglesmail.net | 2020-04-27 | +| eentertainment.site | 2019-09-13 | +| esqhackschool.com | 2020-04-29 | +| expertgz.com | 2020-03-22 | +| familytreetmatter.com | 2019-11-13 | +| fcwbanking.com | 2020-04-29 | +| forcadesempre.com | 2020-04-29 | +| fortiittechnology.com | 2019-08-21 | +| freakzbrothers.team | 2019-10-25 | +| frreer.com | 2020-04-29 | +| garutc0de.com | 2020-04-29 | +| gcrele.com | 2020-04-29 | +| ggledocblessing.com | 2020-04-29 | +| ggledocs.com | 2020-04-29 | +| globizsolution.com | 2020-05-03 | +| gmailphish.com | 2020-04-29 | +| gmdddail.com | 2020-04-29 | +| goldenboyplanet.net | 2020-04-27 | +| goldenmarine.net | 2020-04-27 | +| goodpostman.com | 2020-04-29 | +| googdocs.org | 2020-05-02 | +| groovypigthing.com | 2019-12-13 | +| h4l1f4x.com | 2020-04-29 | +| humaxgifts.net | 2020-04-27 | +| hyzeek.com | 2020-04-29 | +| idbte4m.com | 2020-04-29 | +| idyat.com | 2020-04-29 | +| iestoreakeup.com | 2020-04-29 | +| ifastnet1.com | 2020-04-29 | +| ilekunanu.com | 2020-05-03 | +| iln-mc.net | 2020-04-27 | +| immaculatelord.com | 2020-04-29 | +| inforezult.com | 2020-04-29 | +| infulz.org | 2020-05-02 | +| inv3st3c.com | 2019-10-29 | +| j4nn1ck.com | 2020-04-29 | +| jephy-webmail.com | 2020-04-29 | +| jquery-cloud.org | 2019-11-15 | +| kanbghik.com | 2020-04-29 | +| killdemall.com | 2020-04-29 | +| kind1.org | 2019-09-26 | +| kindly2014.com | 2020-04-29 | +| kksdfs.com | 2020-04-29 | +| kod3r.com | 2020-04-29 | +| kucinghitam.team | 2019-07-12 | +| kuhlcomputer.com | 2020-04-29 | +| lagoshacker.com | 2020-04-29 | +| lbox1.com | 2020-04-29 | +| lbox2.com | 2020-04-29 | +| lbox3.com | 2020-04-29 | +| legitz-solutions.com | 2020-04-29 | +| linksandmail.com | 2020-04-29 | +| llgss.com | 2020-04-29 | +| magentoscure.com | 2020-04-29 | +| mailfahad.com | 2020-04-29 | +| mailrez.com | 2020-04-29 | +| malancellc.com | 2020-04-29 | +| mdhmx.com | 2020-04-29 | +| mefffdo.com | 2019-10-10 | +| menemoney.com | 2020-04-29 | +| mimecastphish.com | 2020-04-29 | +| minioncc.com | 2020-04-29 | +| minionlogin.com | 2020-04-29 | +| minionresult.com | 2020-04-29 | +| moneysquad.org | 2020-05-02 | +| moxxxx.com | 2020-04-29 | +| mrspybotv3.com | 2020-04-29 | +| mrspybotv4.com | 2020-04-29 | +| mteen.net | 2020-04-27 | +| mylinklog.com | 2020-04-29 | +| mymailgin.com | 2020-04-29 | +| mystshop.org | 2020-05-02 | +| nationwidez.com | 2020-04-29 | +| neids.net | 2020-04-27 | +| netzrxflix.com | 2020-04-29 | +| newbieking.biz | 2020-05-02 | +| newcpanel.com | 2020-04-29 | +| notforsal.org | 2020-05-02 | +| notinforreal.org | 2020-05-02 | +| oluxshopservice.com | 2019-11-12 | +| one-sender.com | 2020-04-29 | +| oneskilet.team | 2020-03-22 | +| oonlo.com | 2020-04-29 | +| orimi.co | 2020-05-02 | +| otherphish.com | 2020-04-29 | +| ourtimesupport.com | 2020-04-29 | +| ourtimewhorers.com | 2020-05-03 | +| outlookphish.com | 2020-04-29 | +| p-delivr.com | 2020-04-29 | +| pant8.com | 2020-04-29 | +| perpeleran.com | 2020-04-29 | +| pollarda.com | 2020-04-29 | +| ppaypl.com | 2020-04-29 | +| priv8scam.com | 2020-02-09 | +| priv8scamccforu.com | 2020-02-09 | +| private-relay.com | 2020-04-29 | +| projectmy.net | 2020-04-27 | +| pvscamccsscom.com | 2019-09-28 | +| pvscamyasscom.com | 2020-04-29 | +| pvscamyavscom.com | 2019-09-28 | +| qqrez.com | 2020-04-29 | +| r36yc.com | 2020-04-29 | +| raflipedia.com | 2020-04-29 | +| recodz.com | 2020-04-29 | +| resulttidaklancar.com | 2020-04-29 | +| rezlt.org | 2020-05-02 | +| rezltboa.com | 2020-04-29 | +| rezult.org | 2020-05-03 | +| rezultbossing.com | 2020-04-29 | +| rsjkingdomxpp.pro | 2019-06-11 | +| salkah.com | 2020-04-29 | +| saydie.com | 2020-04-29 | +| se-holldings.com | 2020-04-29 | +| sendmsexcel.com | 2020-04-29 | +| serverstrato.net | 2020-04-27 | +| serviceadobe.com | 2020-04-29 | +| servicedropbox.com | 2019-08-24 | +| servicesoutlook.com | 2020-04-29 | +| servisdocusign.com | 2020-04-29 | +| servisdropbox.com | 2020-04-29 | +| sidshell.com | 2020-03-22 | +| skilet.team | 2020-03-22 | +| slackerc0de.com | 2020-04-29 | +| slclogin.com | 2020-05-03 | +| sn7ak.com | 2020-04-29 | +| soutaz.com | 2020-04-29 | +| spammerindo.com | 2020-04-29 | +| spammerindo.pro | 2019-06-11 | +| spirititus.com | 2020-04-29 | +| spmers.net | 2020-04-27 | +| spyu.org | 2020-05-02 | +| srv-app.club | 2019-07-02 | +| stationlinux.org | 2020-05-02 | +| support-itrueserver.xyz | 2020-03-22 | +| sureboi.com | 2020-04-29 | +| svoooo.com | 2020-04-29 | +| sydoppe.com | 2020-04-29 | +| synichix.pro | 2019-06-11 | +| system42l.net | 2020-04-27 | +| t3chsss.net | 2020-04-27 | +| teeniecamp4free.com | 2020-04-29 | +| teluz.org | 2019-10-10 | +| tf-info.com | 2020-04-29 | +| tgboi.com | 2020-04-29 | +| tgiftoday.biz | 2019-08-20 | +| thanksforreal.org | 2019-12-12 | +| theaccessuk.org | 2020-05-02 | +| tool4spam.com | 2020-04-29 | +| tooolz.com | 2020-04-29 | +| tooxlz-db.com | 2020-04-29 | +| trowey.com | 2020-04-29 | +| tsbdumbs.com | 2020-04-29 | +| tt-door.biz | 2020-05-02 | +| ttcpanel.com | 2020-04-29 | +| twinbash.co | 2020-05-02 | +| usaaresults.com | 2020-04-29 | +| usaaxa.com | 2020-05-03 | +| vgnnb.com | 2020-04-29 | +| virus-ma.com | 2019-08-09 | +| webmai.co | 2020-05-02 | +| webmailupdate.com | 2020-04-29 | +| willyfucker.com | 2019-11-27 | +| windowsswebs.com | 2019-10-29 | +| wiregang.com | 2019-08-09 | +| wirethings.net | 2020-05-03 | +| wls1.com | 2020-04-29 | +| worldpc2000.com | 2020-04-29 | +| xellef-id.com | 2020-04-29 | +| xhades.com | 2020-04-29 | +| xindex.org | 2020-05-02 | +| xsendersecurity.com | 2020-04-29 | +| xvbvx.com | 2020-04-29 | +| xxsender.com | 2020-04-29 | +| xxxsender.com | 2020-04-29 | +| yah5oo.com | 2020-04-29 | +| yandew.com | 2020-04-29 | +| yatdew.com | 2020-04-29 | +| youphei.com | 2019-12-13 | +| yourzcoolsite.com | 2019-12-12 | +| yyuuoo.com | 2020-04-29 | +| z1t0ng404.com | 2020-04-29 | +| z3ran.com | 2020-04-29 | +| zebyinbox.com | 2020-04-29 | +| zenquel.com | 2020-04-29 | +| zephyrsc.shop | 2019-10-23 | +| zwirgel.net | 2020-04-27 | + + When we go over it, we can see there are a lot of them who probably use to create websites for phishing attacks (domains that are close to other big service domain / name), and others for spam and a likes. So that gives us a lot of leads to check, we can Google them all and see what comes up, but I don't have the patience to go over results for 242 searches right now. So let's keep it for later, if we'll need to. Let's check the website itself. It looks like just a blank page. I did a quick check for the body / headers that return for the request (as well as for other requests that the web browser did) and I didn't see anything suspicious (like a header on the response that not supposed to be there, I got there by thinking it'll probably will be a [C2](https://en.wikipedia.org/wiki/Command_and_control)). -The next question that pops to my head is *"is it always was a blank page?"*. We have a way to check it, maybe, sort of. We'll use the [WayBack Machine](https://web.archive.org/) and we got some results! We can see it saves 3 snapshots, but all of them are the same blank pages. +The next question that pops to my head is _"is it always was a blank page?"_. We have a way to check it, maybe, sort of. We'll use the [WayBack Machine](https://web.archive.org/) and we got some results! We can see it saves 3 snapshots, but all of them are the same blank pages. ![WayBack Machine](/posts/2020/open-source-intelligence/wayback-machine.webp "WayBack Machine") @@ -504,7 +505,7 @@ The nice thing we find is the organisation that was purchased the domain back in So that's interesting, let's keep our focus on domain / website / server. -More scanning with Netcartf and [build with](https://builtwith.com) find it's probably a Linux server (maybe Ubuntu, based on *"build with"*), and it uses [Apache](https://www.apache.org). It used Apache 2.4, for sometime it also had [Nginx](https://www.nginx.com/) but now we only got "Apache". And this domain is active since the end of 2017 (based on *"build with"* and *netcarft*). +More scanning with Netcartf and [build with](https://builtwith.com) find it's probably a Linux server (maybe Ubuntu, based on _"build with"_), and it uses [Apache](https://www.apache.org). It used Apache 2.4, for sometime it also had [Nginx](https://www.nginx.com/) but now we only got "Apache". And this domain is active since the end of 2017 (based on _"build with"_ and _netcarft_). ![Build With](/posts/2020/open-source-intelligence/built-with.webp "Build With") @@ -556,7 +557,7 @@ This user have more pastes in his profile (his profile name is `Inboxplis`), but In his Facebook photos there is [a photo](https://www.facebook.com/photo.php?fbid=718884434960573&set=pb.100005170683150.-2207520000..&type=3) about some Hacking / Script Kiddies book in Indonesian back in April 2017. Also from his photos I can notice he have an Asus laptop with a Windows 10 on it, and that he do a lot of small money transfers. -When I go back to the organisation I found earlier, the report from Netcarft when they registered `bocah.team` in 2017, the one we found earlier (`Jalanin aja dulu mhanxx, hax0r, 50701, United States`) and put the part "Jalanin aja dulu mhanxx" in Google Translate (on *detect language*) it comes as Indonesian and it's means "Just do it first mhanxx". +When I go back to the organisation I found earlier, the report from Netcarft when they registered `bocah.team` in 2017, the one we found earlier (`Jalanin aja dulu mhanxx, hax0r, 50701, United States`) and put the part "Jalanin aja dulu mhanxx" in Google Translate (on _detect language_) it comes as Indonesian and it's means "Just do it first mhanxx". The guy on the Facebook profile page I found is from Indonesia (he wrote it there and the language he write in his posts is Indonesian). So this is a big clue that it's probably our guy. Or is it? The big question now is: **Is this our person?** I think we need to find more evidence. @@ -598,11 +599,11 @@ Let's check his email in [have i been pwned](https://haveibeenpwned.com/), and w ![Have I Been Pwned Search](/posts/2020/open-source-intelligence/haveibeenpwned.webp "Have I Been Pwned Search") -His email is on the Canva database leak, so I started to search this database leak on the internet, and it wasn't that hard to find. I found two types of files, the first is a single file that appears to be the whole info of the users, but it says *"cleaned"* in the file name, and some fields are not there, for example the `password` is obviously a basic and it's not there. +His email is on the Canva database leak, so I started to search this database leak on the internet, and it wasn't that hard to find. I found two types of files, the first is a single file that appears to be the whole info of the users, but it says _"cleaned"_ in the file name, and some fields are not there, for example the `password` is obviously a basic and it's not there. -| ID | ID_HASH | CREATE_DATE | MAIL | PHONE | MAIL_STATUS | USERNAME | DISPLAY_NAME | NAME1 | NAME2 | TEMPORARY | ROLES | DEACTIVATED | UI_INFO | HOMEPAGE | CITY | COUNTRY_CODE | LOCALE | PERSONAL_BRAND | PERSONAL_BRAND_ID | AVATAR | HASH | -|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--| -| 48222628 | UAClrvf92U8 | 2017-11-03 06:25:39 | slikeye1711@gmail.com | | C | slikeye1711 | Dian Wahyudi | | | 0 | U | 0 | {contextTipRoyaltyFreePaymentOption:true;hasSeenPublishPaymentLicensesOnboarding:true} | | | | en | 48163206 | BAClrn9xkI4 | | +| ID | ID_HASH | CREATE_DATE | MAIL | PHONE | MAIL_STATUS | USERNAME | DISPLAY_NAME | NAME1 | NAME2 | TEMPORARY | ROLES | DEACTIVATED | UI_INFO | HOMEPAGE | CITY | COUNTRY_CODE | LOCALE | PERSONAL_BRAND | PERSONAL_BRAND_ID | AVATAR | HASH | +| -------- | ----------- | ------------------- | --------------------- | ----- | ----------- | ----------- | ------------ | ----- | ----- | --------- | ----- | ----------- | -------------------------------------------------------------------------------------- | -------- | ---- | ------------ | ------ | -------------- | ----------------- | ------ | ---- | +| 48222628 | UAClrvf92U8 | 2017-11-03 06:25:39 | slikeye1711@gmail.com | | C | slikeye1711 | Dian Wahyudi | | | 0 | U | 0 | {contextTipRoyaltyFreePaymentOption:true;hasSeenPublishPaymentLicensesOnboarding:true} | | | | en | 48163206 | BAClrn9xkI4 | | The second type of files that I found is couple of small files with a list of `emails:pass`, but unfortunately his email wasn't in any one of them. @@ -674,11 +675,11 @@ We can see words in Indonesian, his name (Dian Wahyudi), and his phone number th Before we continue digging with our new findings, let's keep looking in our Google search for `slikeye.com`. There was nothing more in there expect from the fourth result, it was his [Twitter profile](https://twitter.com/dianwhyd). It doesn't look like much, he upload more photos and talk more in his Facebook profile (he also abandoned Twitter in 2017). But a quick scroll through his tweets with pictures shows a tweet from 2014 with a Facebook login that says "fb maintenance", and the start of his email is the `input` field. It says `slikeye` so it's probably `slikeye1711@gmail.com`. -It's time to do a *"Forget Password"* on Facebook with his email. It's got us his last 2 digits in his phone number, and they're the same as the phone number in his Facebook profile and his 2017 WHOIS record for `slikeye.com`, so we know it's probably his real and private phone number (also, a *"Forget Password"* in Twitter, for the same email, get us the same 2 last digits). +It's time to do a _"Forget Password"_ on Facebook with his email. It's got us his last 2 digits in his phone number, and they're the same as the phone number in his Facebook profile and his 2017 WHOIS record for `slikeye.com`, so we know it's probably his real and private phone number (also, a _"Forget Password"_ in Twitter, for the same email, get us the same 2 last digits). ![Facebook Forget Password](/posts/2020/open-source-intelligence/facebook-forget-password.webp "Facebook Forget Password") -Unfortunately we didn't get new phone numbers or email addresses, but *"Forget Password"* is a good method and a lot of times revel different phone numbers and email addresses that are the private ones of the target. +Unfortunately we didn't get new phone numbers or email addresses, but _"Forget Password"_ is a good method and a lot of times revel different phone numbers and email addresses that are the private ones of the target.   @@ -725,10 +726,7 @@ The new email address and phone number don't get us any result on Pipl, that's a "type": "internetAddress" } ], - "badges": [ - "verified", - "user" - ], + "badges": ["verified", "user"], "tags": [], "profileEditHistory": {}, "spamInfo": {}, @@ -747,11 +745,11 @@ A [Spokeo](https://www.spokeo.com) search for his email (`diansoft1711@gmail.com I think we need to search for more Social Networks profiles for his usernames. There're tools to help us do it, like [userrecon](https://github.com/thelinuxchoice/userrecon). -* `diansoft1711` username it didn't found any new profiles (it found only Pinterest). -* `Slikeye` username got us [BitBucket profile](https://bitbucket.org/Slikeye) (without any repos, or all of them are private). -* `dianwhyd` username provide us with a different [Pinterest profile](https://www.pinterest.com/dianwhyd), a [Flipboard profile](https://flipboard.com/@DianWhy), and a [Tripadvisor profile](https://www.tripadvisor.com/Profile/Dianwhyd). +- `diansoft1711` username it didn't found any new profiles (it found only Pinterest). +- `Slikeye` username got us [BitBucket profile](https://bitbucket.org/Slikeye) (without any repos, or all of them are private). +- `dianwhyd` username provide us with a different [Pinterest profile](https://www.pinterest.com/dianwhyd), a [Flipboard profile](https://flipboard.com/@DianWhy), and a [Tripadvisor profile](https://www.tripadvisor.com/Profile/Dianwhyd). -If we're already here, let's search for his username in the Canva database leak (`slikeye1711`) with our new tool. This search gives us interesting results - a different [Facebook profile](https://www.facebook.com/slikeye1711), it's looks like someone else, but he's also from *"Bogor, Indonesia"*. He says on his profile he works at Apple (and it takes me straight in to the Pastebin account with the Apple's scam page), but he have an Apple advertisement photo on the cover page. The thing is, when I open it up to see it in full size you can actually see it's a screenshot of apple website! +If we're already here, let's search for his username in the Canva database leak (`slikeye1711`) with our new tool. This search gives us interesting results - a different [Facebook profile](https://www.facebook.com/slikeye1711), it's looks like someone else, but he's also from _"Bogor, Indonesia"_. He says on his profile he works at Apple (and it takes me straight in to the Pastebin account with the Apple's scam page), but he have an Apple advertisement photo on the cover page. The thing is, when I open it up to see it in full size you can actually see it's a screenshot of apple website! ![Agustinus Rivaldo Facebook Cover Image](/posts/2020/open-source-intelligence/agustinus-rivaldo-facebook-cover.webp "Agustinus Rivaldo Facebook Cover Image") @@ -762,6 +760,7 @@ This doesn't look good for our guy, this is probably a fake account for an apple   The next step is to search for more information about those phishing sites. The search for `*.bocah.team` on Google results in couple of new emails and websites, but we have enough of that, let's search specific for Pastebin, because that's where we find the apple scam page with his email and Facebook profile URL. So when I searched `*.bocah.team site:pastebin.com` I found 4 different pastes: + - The [first](https://pastebin.com/T6bnuqze) from profile named [ARIDHO](https://pastebin.com/u/aridho), that have a lot of phishing pastes in his profile. - The [second](https://pastebin.com/XmEBg6vF) from a profile named [RIZKYIBENG](https://pastebin.com/u/rizkyibeng) and all of his pastes are Apple scam page, except of one, when he has a gmail address `ibengrizky01@gmail.com`. - The [third](https://pastebin.com/3MZySMy1) is a guest, and there is nothing interesting in the paste. @@ -775,7 +774,6 @@ But the stuff I started to notice is that all of those scam / phishing pages are ![Aridho Panel](/posts/2020/open-source-intelligence/aridho-panel.webp "Aridho Panel") - I think we got enough of this, this is for sure a scam / phishing operation and our target is one of this group. So, the last thing I want to do is to search for the new email we found (`diansoft1711@gmail.com`) let's see if this email have been in a leak. ![Have I Been Pwned Report](/posts/2020/open-source-intelligence/haveibeenpwned-second-report.webp "Have I Been Pwned Report") @@ -783,8 +781,8 @@ I think we got enough of this, this is for sure a scam / phishing operation and It's have been, so it's time to search for Bukalapak leaked database. This one was not so easy like the `Canva`. But I manage to find it. And our new email target is in there. | Uid | Email | Full Name | Password | Salt | Username | Birthday | -|----------|------------------------|-----------|--------------------------------------------------------------|----------------------|--------------|----------| -| 47241282 | diansoft1711@gmail.com | Andi | $2a$10$T12OFkTmziUovvADLb7koeAd4VODsOkjEECOftIb5fy4UIaE3f7C2 | C1LyhB6B52CIjwEv3AMR | diansoft1711 | | +| -------- | ---------------------- | --------- | ------------------------------------------------------------ | -------------------- | ------------ | -------- | +| 47241282 | diansoft1711@gmail.com | Andi | $2a$10$T12OFkTmziUovvADLb7koeAd4VODsOkjEECOftIb5fy4UIaE3f7C2 | C1LyhB6B52CIjwEv3AMR | diansoft1711 | | We can see he have a different `fullname` here (`Andi`). And we manage to get his `password` and `salt`. We don't even need to use tools to identify the hash type, from the news out there we know it's a `bcrypt`, and we see in the database we have a `salt`. We can use [hashcat](https://hashcat.net/hashcat) and try to crack it, but this is my red line, I don't think the guy tried to hack my service. diff --git a/content/posts/2020/releasing-software-is-hard.md b/content/posts/2020/releasing-software-is-hard.md index 12601c0..8a18467 100644 --- a/content/posts/2020/releasing-software-is-hard.md +++ b/content/posts/2020/releasing-software-is-hard.md @@ -91,7 +91,7 @@ Here are my configurations. ![Init The Project](/posts/2020/releasing-software-is-hard/init-the-project.webp "Init The Project") -Now we need to install [commitizen](https://github.com/commitizen/cz-cli) and make our repo __commitizen friendly__ +Now we need to install [commitizen](https://github.com/commitizen/cz-cli) and make our repo **commitizen friendly** ```bash $ npm install commitizen -g @@ -137,7 +137,7 @@ jobs: - name: Create Release 🚀 uses: ridedott/release-me-action@master env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: release-branches: '["main"]' ``` @@ -150,11 +150,11 @@ $ git cz $ git push origin main ``` -The last thing we need to do is to create a milestone in GitHub, then look at the __Actions__ section and see our workflow, but we notice it doesn't run yet. +The last thing we need to do is to create a milestone in GitHub, then look at the **Actions** section and see our workflow, but we notice it doesn't run yet. ![GitHub Actions When Milestone Is Open](/posts/2020/releasing-software-is-hard/github-actions-when-milestone-is-open.webp "GitHub Actions When Milestone Is Open") -Then let's close the milestone (just hit the `close` button), and refresh the __Action__ tab. +Then let's close the milestone (just hit the `close` button), and refresh the **Action** tab. ![GitHub Actions After Milestone Closed](/posts/2020/releasing-software-is-hard/github-actions-after-milestone-closed.webp "GitHub Actions After Milestone Closed") diff --git a/content/posts/2021/getting-to-know-my-neighbors.md b/content/posts/2021/getting-to-know-my-neighbors.md index f40b919..4938dfd 100644 --- a/content/posts/2021/getting-to-know-my-neighbors.md +++ b/content/posts/2021/getting-to-know-my-neighbors.md @@ -14,8 +14,8 @@ categories: ["hacking"] hiddenFromHomePage: false hiddenFromSearch: false -featuredImage: "/posts/2020/getting-to-know-my-neighbors/blue-wireless-connection.webp" -featuredImagePreview: "/posts/2020/getting-to-know-my-neighbors/blue-wireless-connection.webp" +featuredImage: "/posts/2021/getting-to-know-my-neighbors/blue-wireless-connection.webp" +featuredImagePreview: "/posts/2021/getting-to-know-my-neighbors/blue-wireless-connection.webp" toc: enable: true @@ -35,7 +35,7 @@ It's don't that I have something against getting to know my neighbors in person, Let's set it up. First thing we need to do is to connect it to a power source, I choose to connect it to my computer usb-c port, then we need to wait for the top (and single) LED to be a solid blue - that's mean it's ready (from blinking blue when it's starting up). -![The WiFi Pineapple is ready](/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-ready-to-go.webp "The WiFi Pineapple is ready") +![The WiFi Pineapple is ready](/posts/2021/getting-to-know-my-neighbors/wifi-pineapple-ready-to-go.webp "The WiFi Pineapple is ready") Now, according to the [setup guide from Hak5](https://docs.hak5.org/hc/en-us/articles/360053346334-Setup-Basics), if you connected it to the usb-c port, you can connect to the WiFi Pineapple via the usb instead of connecting into the WiFi Pineapple wifi. Which is more secure, so I let's do this that way. @@ -49,7 +49,7 @@ The second thing is to checks for updates, in my case it needed to download one. Now we can start the _"General Setup"_ of the device. Let's give it a password, confirm it again, and choose our timezone. Next let's do the _"Networking Setup"_ (you can see in the screenshot below what I choose). At the _"Filters Setups"_ screen I choose _"Allow connections for only the listed devices..."_ and _"Allow associations for only the listed SSIDs..."_ so not everyone will be able to connect to the WiFi Pineapple, just the ones I'll target. And at the last screen, the _"Look and Feel"_, I choose the dark theme (did you expect anything else from me?). -![My Networking Setup](/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-networking-setup.webp "My Networking Setup") +![My Networking Setup](/posts/2021/getting-to-know-my-neighbors/wifi-pineapple-networking-setup.webp "My Networking Setup") Finally we're at the WiFi Pineapple dashboard. Now, let's head over to the `Settings` (at the bottom left corner) -> `Networking` -> and `Wireless Client Mode`, from there scan your area and connect to your own wifi, so that the Pineapple will have internet connection. diff --git a/static/posts/2020/getting-to-know-my-neighbors/macos-network.webp b/static/posts/2020/getting-to-know-my-neighbors/macos-network.webp deleted file mode 100644 index ba726d0..0000000 Binary files a/static/posts/2020/getting-to-know-my-neighbors/macos-network.webp and /dev/null differ diff --git a/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-filter-setup.webp b/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-filter-setup.webp deleted file mode 100644 index 61d4d7d..0000000 Binary files a/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-filter-setup.webp and /dev/null differ diff --git a/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-network-setup.webp b/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-network-setup.webp deleted file mode 100644 index c217f2a..0000000 Binary files a/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-network-setup.webp and /dev/null differ diff --git a/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-setup.webp b/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-setup.webp deleted file mode 100644 index 5c169ac..0000000 Binary files a/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-setup.webp and /dev/null differ diff --git a/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-networking-setup.webp b/static/posts/2021/getting-to-know-my-neighbors/wifi-pineapple-networking-setup.webp similarity index 100% rename from static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-networking-setup.webp rename to static/posts/2021/getting-to-know-my-neighbors/wifi-pineapple-networking-setup.webp diff --git a/static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-ready-to-go.webp b/static/posts/2021/getting-to-know-my-neighbors/wifi-pineapple-ready-to-go.webp similarity index 100% rename from static/posts/2020/getting-to-know-my-neighbors/wifi-pineapple-ready-to-go.webp rename to static/posts/2021/getting-to-know-my-neighbors/wifi-pineapple-ready-to-go.webp