This is something I should have done a long time ago.  I'm frequently hopping on a server and creating a manual backup prior to doing [something].  It's not like this task is complicated but as I was about to manually go through the steps this morning, I thought -- let's finally automate this process.

There's actually a one-liner for mysqldump but for some reason, it didn't work so I went a different route with the variables at the top which makes it a little easier when recycling this script on another server.

A while back, I wrote about a buffer overflow I discovered while tackling a CTF style box.  It's not a complete guide to buffer overflow but if you have some basic instructions on "how to", you can fill in those gaps that I've left unwritten. 

When I first learned of buffer overflows, I was sort of following along with blind faith, hoping it would all work out in the end.  At a certain point though, the tools we use become more familiar through other use.  For example, MSFVenom will become widely used for more than just generating shellcode for buffer overflows.  You'll go from mindlessly retying the text you see to understanding what you're actually typing.  And then, hopefully, wanting to test what you're doing prior to pointing it at your victim machine.

In the line below, I'm generating Linux shellcode, the architecture is 64 bit, the shellcode will spawn a reverse shell, host and port are pointing back to my box, my format is C code, and I'm excluding the bad characters which could muck up the execution. Like the buffer overflow explanation in the above referenced post, I'm not drilling down completely because a lesson on why null byte, line feed, and carriage return could / will cause problems is an entire post on its own.

I sent an email to a vendor asking for a document and when the vendor replied to my email with the document attached, the document was password protected.  He said as much and he also said that I could probably crack it.  He is correct.  

I've probably cracked a PDF once or twice.  I've probably also cracked a few ZIP files, RAR files, and various other files with passwords but I think you get the point.  Essentially, most of these types of files will all crack the same way -- John the Ripper.  

There are a couple of John the Ripper versions but somewhere along the way, I discovered that the Jumbo John package is the one to use for cracking ZIPs and RAR files.  I don't know whether PDFs fall under that some umbrella but that's where I went.