Does anyone actually write their own shells?  At some point, a few people did but now we just search for the type of shell we want and we find what we need.  Kali has quite a few under /usr/share/webshells and pentestmonkey.net is another good resource. 

Why reinvent the wheel shell when there are so many at our disposal?   To better understand the code we’re reading and writing.

At best, I hack code.  I’ll never be fluent in Python because there are too many other things to learn but that doesn’t stop me from writing simple scripts.  The more baby scripts I write, the better I can understand what I’m reading when I’m looking at other code. 

Over the last couple of weeks, I’ve seen a few examples of passwords being rejected for failing to meet the complexity rules.  For example, the current password is “secret1234” and the new password attempted is “secret1235”.  There are similar variations where people attempt to use the year and month – “password201810” and “password201811”. 

My password manager shows that I have 516 accounts and passwords.  Trying to remember 516 passwords is impossible which is why you should use a password manager.  While a typical user might not have 516 accounts, they have quite a few and without a password manager, they try to create something memorable.  I completely understand their need to change one digit and move on -- I disagree but I understand.  Here’s the problem – let’s say I get wind of this type of pattern and the initial portion of the password is “testing” and the remaining portion is a four digit number.  Technically, it’s an eleven digit, alphanumeric, password.  In reality, it’s a four digit, numeric, password. 

Have I mentioned that I love WordPress?  I do, as long as I’m not maintaining it.  When I’m maintaining it, I hate it.  My kneejerk reaction is to call it junk.  It’s not junk but it’s what happens when designers cut out developers.  I get it – you’re a designer, you want to move quickly and here’s this product which is easier to learn than coding.  If you want a fancy slider, you install a plugin.  If you want to embed a YouTube video, you install a plugin.  From that point of view, it’s amazing.  From my point of view, every time you bolt on a new widget, there’s a potential for an opening.  Heck, without plugins, you can still get owned which is what we’re going to explore in a moment.