WHOAMI.dll - FiizDev Blog

Hello, world! This is my first blog excluding the [Welcome](https://fiizdev.com/blog/post/Welcome) blog, so here is where I'm gonna introduce myself, my name is Mohmad Hafiz, and I live in **Brunei Darussalam**. I am really interested in Information Technology mostly in the cybersecurity part where I like being offensive, it's been 10-9 years that i have experience in cybersecurity mostly in finding vulnerabilities on IoT devices such as routers, dvr, web app, etc. while in my actual life outside cybersecurity I'm a college student taking **IT Networking** in **Politeknik Brunei**, i don't have any favorite sports except Frisbee just for fun, i like going outside the country exploring other country and experience the foods and interesting places ## About this blog Talking about experience cybersecurity, because this blog gonna post more about hacking and stuff. Yeah, my first experience in hacking was accessing someone's computer through RDP it was 9-10 years ago, this computer was exposed to the internet and it used guest as login then what made me more interested in hacking was from a German movie it is about an orphan kid that lives with his grandma that knows about hacking and joining hacking club somehow got into a problem with the elite hacker, this movie called "**WHO AM I**" it is an excellent movie. ![Pasted image 20250207132112.png](/static/images/Pasted%20image%2020250207132112.png) The best "hacking" year for me was 2017 because i learn a lot of stuff, remember "**SHADOWBROKER**" that leak NSA tools, after tools were leak next two-three months all countries were hit by ransomware called "**WANNACRY**", i woke up from bed got news from my friend and posts from Instagram about the ransomware so i started doing research and they say this ransomware is using an exploit that leak by NSA that is called "**ETERNALBLUE**" this exploit is the masterpiece for me it's like owning a lightsaber, this exploit is really good that for me successful rate for this exploit is like 9.0/10.0, when you use the "**FUZZBUNCH**" (like metasploit-framework but for the NSA hacking tool) its really nice. that time security researcher also build **ETERNALBLUE** module for metasploit-framework its not that good at that time, i also created my own internet scan to scan the device that vulnerable to **ETERNALBLUE**, the script is just generate random IP addresses and using existing **ETERNALBLUE** vulnerability scan i modify the code since its written in python to be able to scan random generated IP addresses. ![Pasted image 20250207142810.png](/static/images/Pasted%20image%2020250207142810.png) So using my computer it didn't scan a lot since my home internet speed was slow at that time so I had to use VPS, from there I started to learn to set up Linux VPS and learn the commands, here is what my setup: - a **ETERNALBLUE** scanner that scans random IP addresses on VPS - I installed metasploit-framework on VPS to use the **ETERNALBLUE** exploit - I also use **FUZZBUNCH** on my computer if the Metasploit-framework exploit unsuccessful That time when I ran the scanner it started outputting the results of vulnerable Windows devices such as computers and servers it's a lot, if I'm not wrong I still keep my scanner results somewhere. Then I started to try the exploit on some of the vulnerable IP addresses, first I will try using Metasploit-framework when using Metasploit-framework it will fail sometimes so I have to use **FUZZBUNCH** when using this framework I had to create a DLL payload from **msfvenom**(Metasploit-framework payload generator) but based on arch(x64/x86) of the target windows, then using **DOUBLEPULSAR**(another tool to inject DLL after successful exploit and implementation of **DOUBLEPULSAR**) to inject DLL, but I had to paste hex of the generated DLL from msfvenom to inject the DLL. It is a lot of work but using **FUZZBUCH** is always successful. After everything was successful and got **meterpreter** session on Metasploit-framework, I started looking inside the devices, FYI: I didn't do damage to any of the systems, what I did was hack it, post it on Instagram, and say I 1337 :D... I was a teenager and stupid at that time haha. So using Metasploit-framework I learned how to pivot inside the network, routing, port forwarding, and sometimes I was able to exploit another server inside the network by using pivot. So with the introduction and my experience with the hacking stuff, now I started to get into the penetration tester path, I've been doing some testing on the web app & mobile app so keep checking out my blog for some research, on how to.. IDK what else should i post :D