Dev Journal #7 - Extending User Profile

Define a New Model Currently, I am using Django’s built-in user model from the django.contrib.auth library. As I discussed in my Dev Journal #4, this library provides a lot of tools for handling common authentication practices. There are enough fields in the default User table to store basic information about the user. However, I will eventually need to save additional fields catered to my application. To achieve this, I can extend the same User table to carry extra columns.
Continue Reading ...


Dev Journal #6 - Classifying Bodyweight Exercises

It’s only bodyweight, they said. It will be easy, they said. - From “The most overlooked, underestimated and misleading statement Leo has ever heard.” Classifying (Upper) Bodyweight Exercises I want to take a little break from coding and organize my thoughts a bit. Just gonna brainstorm and play around with exercise classifications. I think this might help me plan ahead for implementing the exercise logging module. I am going to leave out the leg exercises to minimize complexity for now (shhhh just let it happen).
Continue Reading ...


Dev Journal #5 - Building the User Interface

Logo and Launcher Icon It took me longer than I’d like to admit to come up with an idea for the logo. I settled on something simple that I made through using a free logo maker site 😆 I chose sunset icon simply because I love sunsets and the pink looked nice. I know the look and feel is leaning more towards yoga and meditation but just bear with me until I can come up with something better.
Continue Reading ...


Dev Journal #4 - Authentication Flow

Finding Fitness is going to be built with Django REST Framework backend and Android frontend. I will be isolating the backend and the frontend into two separate projects. The Django REST Framework server will provide the API endpoints that can be consumed by any client framework. In my case, I will be using the Android framework to build the client user interface. In the future, we can extend this to support web applications and iOS (iff I ever purchase a Mac 🍎) devices.
Continue Reading ...


Dev Journal #3 - Let's get started with ERD

Before jumping straight into coding, I took some time to plan out what I needed to build. So here I am, looking all serious and official with my crude ERD. It’s a super simple structure consisting of two main entities: Users and TrainingLogs. The only tricky part is understanding how I should breakdown each workout before logging them. Sessions entity represents each workout sessions. It is the container or the collection entity of TrainingLogs.
Continue Reading ...


Dev Journal #2 - What's in a Name?

Naming things are so hard. After giving it some thoughts, I decided to call it Finding Fitness. I think it resonates with my initial motive of trying to find other calisthenics athletes to connect with, as well as its literal meaning of trying to find fitness in your lifestyle. It also contains alliteration which was very much intended.

Dev Journal #1 - Yet Another Fitness App?!?

I know. It’s been overdone and we probably don’t need another app to log our exercises. But hear me out. Exercise tracking and I go way back. Few years ago, I built a physical tracker named Iron Will that counts the number of repetitions on certain exercises using Bluetooth and 9-DOF sensors. My goal was to completely automate tracking weight lifting. However, the project came to a halt when I couldn’t find a simple way to programmatically read the changing of weights in barbells, cables and dumbbells.
Continue Reading ...


From Untrained to Novice to Intermediate

My brother took me to the gym for the very first time in the summer of 2014. Ed had been lifting for a few months already to prepare for his ROTP admission. As for myself, “hitting the gym” was an activity that seemed so distant from my lifestyle at the time that it had never even crossed my mind. Thanks to gender dysphoria and bulimia weighing me down hand in hand by my side, I was able to find my rock bottom very quickly.
Continue Reading ...


Music Source Separation with TPU at Deep Learning Camp Jeju 2018

By Olga Slizovskaia and Leo Kim What brought us all together at Jeju We were very fortunate to have been part of the Deep Learning Camp Jeju 2018, organized by Tensorflow Korea for one whole month of July. The camp was held in Jeju, a beautiful island located just south of the Korean peninsula, where 24 lucky applicants from all over the world gathered to work on their research projects.
Continue Reading ...


Exploit Exercises Nebula level10

The setuid binary at /home/flag10/flag10 binary will upload any file given, as long as it meets the requirements of the access() system call. To do this level, log in as the level10 account with the password level10. Files for this level can be found in /home/flag10. basic.c #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host; if(argc < 3) { printf("%s file host\n\tsends file to host if you have access to it\n", argv[0]); exit(1); } file = argv[1]; host = argv[2]; if(access(argv[1], R_OK) == 0) { int fd; int ffd; int rc; struct sockaddr_in sin; char buffer[4096]; printf("Connecting to %s:18211 .
Continue Reading ...


Exploit-Exercises Nebula level09

There’s a C setuid wrapper for some vulnerable PHP code… To do this level, log in as the level09 account with the password level09. Files for this level can be found in /home/flag09. level09.php <?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me) { $contents = file_get_contents($filename); $contents = preg_replace("/(\[email (.*)\])/e", "spam(\"\\2\")", $contents); $contents = preg_replace("/\[/", "<", $contents); $contents = preg_replace("/\]/", ">", $contents); return $contents; } $output = markup($argv[1], $argv[2]); print $output; ?
Continue Reading ...


Exploit-Exercises Nebula level08

World readable files strike again. Check what that user was up to, and use it to log into flag08 account. To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08. Pcap (Packet Capture) file holds the network activity history. Using the tcpflow command, we will read the pcap file with -r option and output the result to console with -c option.
Continue Reading ...


Exploit-Exercises Nebula level07

The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server. To do this level, log in as the level07 account with the password level07. Files for this level can be found in /home/flag07. index.cgi #!/usr/bin/perl use CGI qw{param}; print "Content-type: text/html\n\n"; sub ping { $host = $_[0]; print("<html><head><title>Ping results</title></head><body><pre>"); @output = `ping -c 3 $host 2>&1`; foreach $line (@output) { print "$line"; } print("</pre></body></html>"); } # check if Host set.
Continue Reading ...


Exploit-Exercises Nebula level06

The flag06 account credentials came from a legacy unix system. To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06. The hint is in the fact that flag06 account credentials came from a legacy unix system. Traditionally the encrypted passwords were stored under /etc/passwd which can be read by everyone. Nowadays, the password section of that file would be displayed with plain “x”.
Continue Reading ...


Exploit-Exercises Nebula level05

Check the flag05 home directory. You are looking for weak directory permissions To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05. Exploiting the weak directory permissions on .backup files of flag05 user, we can ssh using the identity file id_rsa found in the .ssh folder.

Exploit-Exercises Nebula level04

This level requires you to read the token file, but the code restricts the files that can be read. Find a way to bypass it :) To do this level, log in as the level04 account with the password level04. Files for this level can be found in /home/flag04. level4.c #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> int main(int argc, char **argv, char **envp) { char buf[1024]; int fd, rc; if(argc == 1) { printf("%s [file to read]\n", argv[0]); exit(EXIT_FAILURE); } if(strstr(argv[1], "token") !
Continue Reading ...


Exploit-Exercises Nebula level03

Check the home directory of flag03 and take note of the files there. There is a crontab that is called every couple of minutes. To do this level, log in as the level03 account with the password level03. Files for this level can be found in /home/flag03. In the /home/flag03 directory, we can find one shell script and a sub directory. The script simply deletes every item in the /home/flag03/writable.
Continue Reading ...


Exploit-Exercises Nebula level02

There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it? To do this level, log in as the level02 account with the password level02. Files for this level can be found in /home/flag02. level2.c #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> int main(int argc, char **argv, char **envp) { char *buffer; gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid(gid, gid, gid); setresuid(uid, uid, uid); buffer = NULL; asprintf(&buffer, "/bin/echo %s is cool", getenv("USER")); printf("about to call system(\"%s\")\n", buffer); system(buffer); } Simply hijack USER with your system call.
Continue Reading ...


Exploit-Exercises Nebula level01

There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it? To do this level, log in as the level01 account with the password level01. Files for this level can be found in /home/flag01. level1.c #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> int main(int argc, char **argv, char **envp) { gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid(gid, gid, gid); setresuid(uid, uid, uid); system("/usr/bin/env echo and now what?
Continue Reading ...


Exploit-Exercises Nebula level00

This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories. Alternatively, look at the find man page. To access this level, log in as level00 with the password of level00. Key to solving this level is understanding the concept of SUID and GUID.
Continue Reading ...


Exploit-Exercises Setup

Download iso Install virtualization software Boot image file

Log

July 16 2017 4 km run July 15 2017 Pull Ups : 8 sets BB Rows : 5 sets Lat Pulldown : 5 sets Cable Rows : 5 sets DB Rear Delt Raises : 3 sets July 13 2017 Bench Press : 6 sets Dips : 4 sets Hanging Leg Raises : 3 sets BB Overhead Press : 3 sets BB Behind Neck Press : 3 sets BB Front Raises : 3 sets BB Upright Rows : 3 sets July 12 2017 Pull Ups : 4 sets Chin Ups : 4 sets German Hang : 4 sets Lat Pulldown : 5 sets Cable Rows : 5 sets July 10 2017 Pull Ups : 4 sets Chin Ups : 4 sets German Hang : 4 sets Lat Pulldown : 5 sets Cable Rows : 5 sets July 9 2017 Dips : 4 sets L Sits : 4 sets DB Overhead Press : 30 5 sets Handstand Push Ups : 4 sets July 8 2017 Box Jumps : 4 sets Pull Ups : 5 sets Hanging Leg Raises : 5 sets BB Rows : 5 sets Chin Ups : 2 sets July 7 2017 Bench Press : 95 1 x 5 115 1 x 5 125 1 x 5 130 1 x 4 125 1 x 4 115 1 x 6 Dips : 4 sets L Sits : 3 sets Hanging Leg Raises : 3 sets DB Incline Press : 35 5 sets DB Side Lateral Raises : 10 4 sets July 6 2017 6 km run July 5 2017 Pull Ups : 2 sets Chin Ups : 2 sets DB Shoulder Press : 5 sets Cable Rows : 4 sets Hanging Leg Raises : 3 sets Machine Chest Press : 3 sets DB Side Lateral Raises : 4 sets July 4 2017 Bench Press : 95 1 x 5 115 1 x 5 135 1 x 3 140 1 x 2 145 1 x 1 115 1 x 7 DB Incline Press : 35 5 sets Dips : 4 sets Tricep Pushdown : 4 sets 5 km run Pull Ups : 3 setspyt Chin Ups : 3 sets German Hang : 4 sets L Sits : 4 sets June 28 2017 Pull Ups : 4 sets Chin Ups : 2 sets Cable Rows : 5 sets Assisted Pull Ups : 4 sets BB Rows : 65 5 sets BB Curls : 3 sets DB Curls : 2 sets Face Pulls : 3 sets L Sits : 3 sets June 27 2017 DB Press : 5 sets DB Overhead Press : 5 sets Dips : 4 sets Push Ups : 3 sets Tricep Pushdown : 4 sets French Press : 4 sets June 27 2017 Pull Ups : 4 sets Lat Pulldown : 5 sets Cable Rows : 5 sets BB Curls : 4 sets June 25 2017 Bench Press : 95 1 x 5 115 1 x 5 125 5 x 5 DB Incline Press : 35 1 x 6 45 4 x 6 Cable Fly : 12.
Continue Reading ...


About

Hello World, I ❤️ calisthenics. That’s about it for now. Leo ✌️