none

Tuesday, April 14, 2020

Chromepass - Hacking Chrome Saved Passwords

Chromepass is a python-based console application that generates a windows executable with the following features:

Decrypt Chrome saved paswords
Send a file with the login/password combinations remotely (email or reverse-http)
Custom icon
Completely undetectable by AntiVirus Engines

AV Detection!
Due to the way this has been coded, it is currently fully undetected. Here are some links to scans performed using a variety of websites

VirusTotal Scan (0/68) 30-09-2019
- this is an educational project, so distribution (or the lack thereof) is not a concern, hence the usage of VirusTotal
AntiScan (0/26) 24-09-2019
Hibrid Analysis All Clean (CrowdStrike Falcon, MetaDefender and Virustotal) 24-09-2019

Getting started

Dependencies and Requirements
This is a very simple application, which uses only:

Python - Only tested on 3.7.4 but should work in 3.6+

Installation
Chromepass requires Python 3.6+ to run.
Install the dependencies:

> cd chromepass
> pip install -r requirements.txt

If any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+ (preferably 3.7.4). If the errors persist, try:

> python -m pip install --upgrade pip
> python -m pip install -r requirements.txt

Usage
Chromepass is very straightforward. Start by running:

> python create_server.py

It will ask you to select between two options:

(1) via email [To be fixed]
- This will ask you for an email address and a password
- It will then ask you if you wish to send to another address or to yourself
- Next, you're asked if you want to display an error message. This is a fake message that if enabled will appear when the victim opens the executable, after the passwords have been transferred.
- You can then write your own message or leave it blank
- You're done! Wait for the executable to be generated and then it's ready.
(2) via client.exe [Recommended at the moment]
- First you're asked to input an IP Address for a reverse connection. This is the address that belongs to the attacker. It can be a local IP address or a remote IP Address. If a remote address is chosen, Port Forwarding needs to be in place.
- You're then asked if you want to display an error message. This is a fake message that if enabled will appear when the victim opens the executable, after the passwords have been transferred.
- You can then write your own message or leave it blank
- You're done! Wait for the executables to be generated and then it's ready.
- The client.exe must be started before the server_ip.exe. The server_ip.exe is the file the victim receives.
Note: To set a custom icon, replace icon.ico by the desired icon with the same name and format.

Todo

Sending Real-time precise location of the victim (completed, releases next update)
Also steal Firefox passwords (Completed, releases next update)
Option of installing a backdoor allowing remote control of the victim's computer (completed, releases next update)
Support for more email providers (in progress)
Also steal passwords from other programs, such as keychains(in progress)
Add Night Mode (in progress)

Errors, Bugs and feature requests
If you find an error or a bug, please report it as an issue. If you wish to suggest a feature or an improvement please report it in the issue pages.
Please follow the templates shown when creating the issue.

Learn More
For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran, join our Discord Server: WhiteHat Hacking
If you wish to contact me, you can do so via: marionascimento@itsec.us

Disclaimer
I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.

Download Chromepass

via KitPloitRelated news

Rootkit Umbreon / Umreon - X86, ARM Samples

Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
Research: Trend Micro

There are two packages
one is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package)

Download

Download Email me if you need the password

File information

Part one (full package)

#	File Name	Hash Value	File Size (on Disk)	Duplicate?
1	.umbreon-ascii	0B880E0F447CD5B6A8D295EFE40AFA37	6085 bytes (5.94 KiB)
2	autoroot	1C5FAEEC3D8C50FAC589CD0ADD0765C7	281 bytes (281 bytes)
3	CHANGELOG	A1502129706BA19667F128B44D19DC3C	11 bytes (11 bytes)
4	cli.sh	C846143BDA087783B3DC6C244C2707DC	5682 bytes (5.55 KiB)
5	hideports	D41D8CD98F00B204E9800998ECF8427E	0 bytes ( bytes)	Yes, of file promptlog
6	install.sh	9DE30162E7A8F0279E19C2C30280FFF8	5634 bytes (5.5 KiB)
7	Makefile	0F5B1E70ADC867DD3A22CA62644007E5	797 bytes (797 bytes)
8	portchecker	006D162A0D0AA294C85214963A3D3145	113 bytes (113 bytes)
9	promptlog	D41D8CD98F00B204E9800998ECF8427E	0 bytes ( bytes)
10	readlink.c	42FC7D7E2F9147AB3C18B0C4316AD3D8	1357 bytes (1.33 KiB)
11	ReadMe.txt	B7172B364BF5FB8B5C30FF528F6C5125	2244 bytes (2.19 KiB)
12	setup	694FFF4D2623CA7BB8270F5124493F37	332 bytes (332 bytes)
13	spytty.sh	0AB776FA8A0FBED2EF26C9933C32E97C	1011 bytes (1011 bytes)	Yes, of file spytty.sh
14	umbreon.c	91706EF9717176DBB59A0F77FE95241C	1007 bytes (1007 bytes)
15	access.c	7C0A86A27B322E63C3C29121788998B8	713 bytes (713 bytes)
16	audit.c	A2B2812C80C93C9375BFB0D7BFCEFD5B	1434 bytes (1.4 KiB)
17	chown.c	FF9B679C7AB3F57CFBBB852A13A350B2	2870 bytes (2.8 KiB)
18	config.h	980DEE60956A916AFC9D2997043D4887	967 bytes (967 bytes)
19	config.h.dist	980DEE60956A916AFC9D2997043D4887	967 bytes (967 bytes)	Yes, of file config.h
20	dirs.c	46B20CC7DA2BDB9ECE65E36A4F987ABC	3639 bytes (3.55 KiB)
21	dlsym.c	796DA079CC7E4BD7F6293136604DC07B	4088 bytes (3.99 KiB)
22	exec.c	1935ED453FB83A0A538224AFAAC71B21	4033 bytes (3.94 KiB)
23	getpath.h	588603EF387EB617668B00EAFDAEA393	183 bytes (183 bytes)
24	getprocname.h	F5781A9E267ED849FD4D2F5F3DFB8077	805 bytes (805 bytes)
25	includes.h	F4797AE4B2D5B3B252E0456020F58E59	629 bytes (629 bytes)
26	kill.c	C4BD132FC2FFBC84EA5103ABE6DC023D	555 bytes (555 bytes)
27	links.c	898D73E1AC14DE657316F084AADA58A0	2274 bytes (2.22 KiB)
28	local-door.c	76FC3E9E2758BAF48E1E9B442DB98BF8	501 bytes (501 bytes)
29	lpcap.h	EA6822B23FE02041BE506ED1A182E5CB	1690 bytes (1.65 KiB)
30	maps.c	9BCD90BEA8D9F9F6270CF2017F9974E2	1100 bytes (1.07 KiB)
31	misc.h	1F9FCC5D84633931CDD77B32DB1D50D0	2728 bytes (2.66 KiB)
32	netstat.c	00CF3F7E7EA92E7A954282021DD72DC4	1113 bytes (1.09 KiB)
33	open.c	F7EE88A523AD2477FF8EC17C9DCD7C02	8594 bytes (8.39 KiB)
34	pam.c	7A947FDC0264947B2D293E1F4D69684A	2010 bytes (1.96 KiB)
35	pam_private.h	2C60F925842CEB42FFD639E7C763C7B0	12480 bytes (12.19 KiB)
36	pam_vprompt.c	017FB0F736A0BC65431A25E1A9D393FE	3826 bytes (3.74 KiB)
37	passwd.c	A0D183BBE86D05E3782B5B24E2C96413	2364 bytes (2.31 KiB)
38	pcap.c	FF911CA192B111BD0D9368AFACA03C46	1295 bytes (1.26 KiB)
39	procstat.c	7B14E97649CD767C256D4CD6E4F8D452	398 bytes (398 bytes)
40	procstatus.c	72ED74C03F4FAB0C1B801687BE200F06	3303 bytes (3.23 KiB)
41	readwrite.c	C068ED372DEAF8E87D0133EAC0A274A8	2710 bytes (2.65 KiB)
42	rename.c	C36BE9C01FEADE2EF4D5EA03BD2B3C05	535 bytes (535 bytes)
43	setgid.c	5C023259F2C244193BDA394E2C0B8313	667 bytes (667 bytes)
44	sha256.h	003D805D919B4EC621B800C6C239BAE0	545 bytes (545 bytes)
45	socket.c	348AEF06AFA259BFC4E943715DB5A00B	579 bytes (579 bytes)
46	stat.c	E510EE1F78BD349E02F47A7EB001B0E3	7627 bytes (7.45 KiB)
47	syslog.c	7CD3273E09A6C08451DD598A0F18B570	1497 bytes (1.46 KiB)
48	umbreon.h	F76CAC6D564DEACFC6319FA167375BA5	4316 bytes (4.21 KiB)
49	unhide-funcs.c	1A9F62B04319DA84EF71A1B091434C64	4729 bytes (4.62 KiB)
50	cryptpass.py	2EA92D6EC59D85474ED7A91C8518E7EC	192 bytes (192 bytes)
51	environment.sh	70F467FE218E128258D7356B7CE328F1	1086 bytes (1.06 KiB)
52	espeon-connect.sh	A574C885C450FCA048E79AD6937FED2E	247 bytes (247 bytes)
53	espeon-shell	9EEF7E7E3C1BEE2F8591A088244BE0CB	2167 bytes (2.12 KiB)
54	espeon.c	499FF5CF81C2624B0C3B0B7E9C6D980D	14899 bytes (14.55 KiB)
55	listen.sh	69DA525AEA227BE9E4B8D59ACFF4D717	209 bytes (209 bytes)
56	spytty.sh	0AB776FA8A0FBED2EF26C9933C32E97C	1011 bytes (1011 bytes)
57	ssh-hidden.sh	AE54F343FE974302F0D31776B72D0987	127 bytes (127 bytes)
58	unfuck.c	457B6E90C7FA42A7C46D464FBF1D68E2	384 bytes (384 bytes)
59	unhide-self.py	B982597CEB7274617F286CA80864F499	986 bytes (986 bytes)
60	listen.sh	F5BD197F34E3D0BD8EA28B182CCE7270	233 bytes (233 bytes)

part 2 (those listed in the Trend Micro article)

#	File Name	Hash Value	File Size (on Disk)
1	015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac	A47E38464754289C0F4A55ED7BB55648	9375 bytes (9.16 KiB)
2	0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a	F9BA2429EAE5471ACDE820102C5B8159	7512 bytes (7.34 KiB)
3	0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f	0AB776FA8A0FBED2EF26C9933C32E97C	1011 bytes (1011 bytes)
4	0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff	B982597CEB7274617F286CA80864F499	986 bytes (986 bytes)
5	122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670	9EEF7E7E3C1BEE2F8591A088244BE0CB	2167 bytes (2.12 KiB)
6	409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a	B4746BB5E697F23A5842ABCAED36C914	6149 bytes (6 KiB)
7	4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234	D0D97899131C29B3EC9AE89A6D49A23E	65160 bytes (63.63 KiB)
8	8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784	E7E82D29DFB1FC484ED277C702187818	55564 bytes (54.26 KiB)
9	991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522	2B1863ACDC0068ED5D50590CF792DF05	7664 bytes (7.48 KiB)
10	a378b85f8f41de164832d27ebf7006370c1fb8eda23bb09a3586ed29b5dbdddf	A977F68C59040E40A822C384D1CEDEB6	176 bytes (176 bytes)
11	aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b	DF320ED7EE6CCF9F979AEFE451877FFC	26 bytes (26 bytes)
12	acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525	84D552B5D22E40BDA23E6587B1BC532D	6852 bytes (6.69 KiB)
13	c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480	087DD79515D37F7ADA78FF5793A42B7B	11184 bytes (10.92 KiB)
14	e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853	BBEB18C0C3E038747C78FCAB3E0444E3	71940 bytes (70.25 KiB)

Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory

A lightweight native DLL mapping library that supports mapping directly from memory

Features

Imports and delay imports are resolved
Relocations are performed
Image sections are mapped with the correct page protection
Exception handlers are initialised
A security cookie is generated and initialised
DLL entry point and TLS callbacks are called

Getting started
The example below demonstrates a simple implementation of the library

var libraryMapper = new LibraryMapper(process, dllBytes);

// Map the DLL into the process

libraryMapper.MapLibrary();

// Unmap the DLL from the process

libraryMapper.UnmapLibrary();

Constructors

LibraryMapper(Process, Memory<byte>)

Provides the functionality to map a DLL from memory into a remote process

LibraryMapper(Process, string)

Provides the functionality to map a DLL from disk into a remote process

Properties

DllBaseAddress

The base address of the DLL in the remote process after it has been mapped

Methods

MapLibrary()

Maps the DLL into the remote process

UnmapLibrary()

Unmaps the DLL from the remote process

Caveats

Mapping requires the presence of a PDB for ntdll.dll, and, so, the library will automatically download the latest version of this PDB from the Microsoft symbol server and cache it in %appdata%/Lunar/Dependencies

Download Lunar

via KitPloit

More info

Takeover - SubDomain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com. For more information: here

Installation:

# git clone https://github.com/m4ll0k/takeover.git
# cd takeover
# python takeover.py

or:

wget -q https://raw.githubusercontent.com/m4ll0k/takeover/master/takeover.py && python takeover.py

Download Takeover

EasySploit: A Metasploit Automation Bash Scripts To Use Metasploit Framework Easier And Faster Than Ever

About EasySploit: EasySploit is Metasploit automation tool to use Metasploit Framework EASIER and FASTER than EVER.

EasySploit's options:

Windows --> test.exe (payload and listener)
Android --> test.apk (payload and listener)
Linux --> test.py (payload and listener)
MacOS --> test.jar (payload and listener)
Web --> test.php (payload and listener)
Scan if a target is vulnerable to ms17_010 (EnternalBlue)
Exploit Windows 7/2008 x64 ONLY by IP (ms17_010_eternalblue)
Exploit Windows Vista/XP/2000/2003 ONLY by IP (ms17_010_psexec)
Exploit Windows with a link (HTA Server)
Contact with me - My accounts

EasySploit's installation
You must install Metasploit Framework first.
For Arch Linux-based distros, enter this command: sudo pacman -S metasploit

For other Linux distros, enter these command to install Metasploit Framework: And then, enter these commands to install EasySploit:

How to use EasySploit? (EasySploit video series tutorials)

Disclaimer about EasySploit:

Usage of EASYSPLOIT for attacking targets without prior mutual consent is ILLEGAL. Developers are not responsible for any damage caused by this script. EASYSPLOIT is intented ONLY FOR EDUCATIONAL PURPOSES!!! STAY LEGAL!!!

You might like these similar tools:

You can support KALI LINUX TRICKS from Patreon.

Download EasySploit

More articles

Sunday, April 12, 2020

Website Updates

Over the last few years I've been trying to increase the accessibility of my site. I have 25 years of web pages that I maintain so it was a lot of work to do all at once. I split it up into multiple phases:

Phase one: I converted 85% of my pages to use a "responsive layout", which takes into account the reader's browser size. I converted pages that had a 600px width and were relatively easy to convert to a variable px based layout. My focus was to write responsive CSS rules that smoothly varied the layout and font size based on browser width. I wrote my notes on how to do this.
Phase two: I tackled the 15% of pages that were more difficult to convert, because of their use of non-standard layout, or interactive diagrams, or iframes, or anything else that made it difficult. I wrote a blog post about this. I still used a px based layout.
Phase three: I'm ready to switch from a px based layout to a rem based layout.

This is how I often make progress past "analysis paralysis": I break the problem down into smaller, simpler ones and then work on them one at a time.

Browsers default to 16px fonts typically. Most people don't change the default. But some do. Around 3%. My site had overridden the reader's preferred font size and then set the layout based on my font size.

I have the page layout link the font size and the paragraph width.

For narrow browsers, below 550px, the paragraphs are the width of the browser, with a narrow margin. The font is 10px.
For medium width browsers, the paragraphs gain some space, but the margins also gain some space. The font grows along with the paragraph.
For wide browsers, above 1000px, the paragraphs are capped at 660px, and the rest goes to the margin. The font is capped at 20px.

I wanted to keep this variable font size but make it scale with the reader's preferred font size. Note that I'm not displaying at the browser font size, but instead scaling my variable font size (10px to 20px) based on the ratio of the browser font size to the default. If the reader has set the font size to be 20% larger than the default, then my font sizes will be 20% larger, so 10px becomes 12px and 20px becomes 24px. I made the layout match the font size change by changing the "breakpoint" sizes and the paragraph sizes to use rem units instead.

Since the browser defaults to 16px = 1rem, the simplest thing to do is to divide all px sizes by 16 to make them rem units. For example, the paragraph size of 660px becomes 660÷16 = 41.25rem. However, that doesn't handle all the corner cases.

Sizes inside diagrams, including font sizes and line widths, were already scaled to the diagram's size. And I made the diagram's size responsive to the browser size in phase two. So that means sizes inside diagrams should stay as px units.

Secondly, on some versions of Safari, @media queries work better with em sizes than with rem sizes. So I used em for those.

Third, I had picked sizes like 600px because it was a nice round number. Converting it to 34.375rem makes me wonder: does it really need to be 600px, or could it have been 35rem. This is similar to a problem with Metric vs English units. Why does Coca Cola have 12oz cans (355mL) but 2L bottles (67.6oz)? It's a "nice" number in one unit but not the other. I had previously used px so I picked sizes that were nice in that unit, but now that I'm using rem I may change the sizes slightly to be nice in that unit instead.

I first made this change on my main stylesheet that I share for all my pages, then went through hundreds of pages and made individual adjustments to them. Since my diagrams are generated in Javascript, I also had to adjust the code for some pages to work.

I tested this change by changing my browser's default font size and then browsing my pages. I think it works pretty well. If you see any layout issues, let me know!

Thursday, April 9, 2020

All Aboard The S.S. Anne!

My first morning in Vermilion City, I found myself down at the docks pushing my way through the crowds. Vermilion Port was easily the busiest place I'd ever been in my life up to that point. The sheer number of ships and trucks moving goods in and out of the Kanto region was overwhelming. Even still, the S.S. Anne stood out of the crowd as a majestic ocean liner built for luxurious and excessive lifestyles. It's glorious, gleaming white hull was a beacon you could see almost anywhere in Vermilion City. I'd had my eye on her since I came into town the night before and I had no trouble finding my way to the pier at which she was docked. Getting on to that pier without a ticket or an invitation to the tournament was a trial all its own. I spent most of the morning looking for a way past security.
The story of how I got aboard the S.S. Anne is a story of chance encounters and dumb luck. The first of which was a man fishing off the end of an unused pier. I was attempting to get a better vantage point of the S.S. Anne at the time, but I was also curious about the old fisherman. I sat with him a moment and he showed me how he supported himself just fishing up Pokémon out of the Vermilion Bay. After spending perhaps half an hour watching and listening to his old fish tales, he offered me one of his old rods that he wasn't too attached to. I was surprised at his generosity and thanked him graciously. He said the old rod wasn't great at pulling up any big catches, but it was a good starter rod to learn how to handle myself. I was eager to try it out.

There didn't seem to be any restrictions posted on where you were allowed to fish in Vermilion Port, so I plopped myself down right at the edge of the S.S.Anne pier. I cast my line into the waters and waited. Patiently. For a long time. As I sat there on the edge of the dock, I could hear battles going on the deck above me. I could hear the whoops and cheers of the gathered crowds as local trainers, decadent cruise passengers, and members of the crew fought for fun and money. I knew that as long as there were trainers ready to battle, the registration for this exhibition would be open, but I had to get aboard soon.
There was a tug on the line! A new type of Pokémon battle had begun. It was my strength and determination against that of whatever was on the other end of that line. I struggled for several minutes, worried that this old rod would snap clear in half at the tension on the line. Finally, a red scaled fish Pokémon lurched out of the water and flopped on to the pier. I frowned slightly. It was a Magikarp. I should have known. It was too weak to weaken, so I had Arnold put it to sleep and I carefully tried to get it into a Pokéball. The damn thing casually slapped 4 of my balls into the ocean in its fitful slumber before finally being secured in the 5th ball. I named him Royal, and although he was weak now, I had some big dreams for Royal in the distant future.
I had no idea at the time, but the entire Magikarp episode was being watched by a gentleman nearby. I called out Royal to get a good look at him and size up his potential - which admittedly was limited right now. As I was gazing down at him, a firm hand clasped my shoulder.
"I say, good show, old sport. Good show."
"Thank you," I managed to sputter in sudden confusion.
"Oh, I daresay, where are my manners? My name is Reginald and I'm the Chairman of the Pokémon Fan Club. We are headquartered right here in Vermilion City! I have personally collected over 100 Pokémon and I'm very fussy when it comes to Pokémon. I see you are less fussy and I admire your spirit, old sport." He motioned to Royal. "I could never bother myself with Pokémon like that, but there is something special about you. Come now, join me aboard the S.S. Anne, would you? I can see you are itching to join the tournament. Meanwhile, let me tell you all about my favorite Pokémon, Rapidash. It is the most spectacular and ravishing of all the Pokémon, don't you agree?"
All I really heard was "join me aboard the S.S. Anne" and I was packing up my belongings as quickly as I could. While Chairman Reginald prattled on and on about Rapidash, my attention was mainly focused on shoving the old rod into my backpack, and making sure my Boulder and Cascade Badges were clearly visible. I wanted everyone to know how far I'd come as we made our way on board the cruise ship.

Once aboard, I listened to Chairmain Reginald talk about Rapidash for what felt like ~~an eternity~~ a polite amount of time considering the great favor he'd just done for me. Eventually I excused myself and I found my way to the registration desk. I showed off my two badges and was put into a mid-level bracket. The tournament was scored on a point system where trainers lost the most points when their Pokémon fainted, and since I was determined not to allow them to faint I was sure to score very highly in the preliminary matches.
All the matches were happening along the promenade deck with spectators above able to look down into most of the arenas that were setup. As I stood along the promenade, it was crowded and difficult to see much, but I managed to push my way toward my first match-up near the aft of the ship. I was going to face off against an older gentlemen who happened to be a passenger aboard the cruise wanting to test his skill against the Kanto trainers. I was nervous, but also excited. He opened with a Growlithe - a Pokémon I'd never seen before. It was obviously a fire-type and so Douglas was the right choice. He needed the battle experience, as well.
Growlithe was faster than I anticipated! He landed a desperate attack on Douglas's head which nearly incapacitated him. I was shocked. I'd almost lost a Pokémon due to my overconfidence in type match-ups. I switched out Douglas for Rascal Jr. hoping to get the edge in speed. My swap paid off because Rascal Jr. landed a monstrous hyper fang on this Growlithe and knocked it completely out. The crowd went wild at this turn around and I remember how uplifting it made me feel. I couldn't help from smiling like a fool.
The passenger tossed out another Growlithe who met the same OHKO fate to the power of Rascal Jr. To punctuate just how amazing Rascal's victory over the Growlithe duo actually was, Rascal Jr. evolved into a Raticate in front of the entire crowd. It generated some hushed awe from the spectators, but I was just ecstatic to see Rascal Jr. grow in power. Rascal and I were victorious in our first match, but there were still several more ahead of us before we'd meet with the captain.

Current Team:
Attacks in Blue are recently learned.

Bill's Storage: Shakespear (Spearow) & Royal (Magikarp)

Old Man Daycare: Charlie (Pidgey)