Create an empty repo Clone into new directory thusly: Create a Dockerfile, contents as follows: FROM centos:latest RUN echo “HELLO WORLD” Commit and push to repo git add -A git commit -m “First Post!” git push -u origin master Enable a git repository clone key – I’ll spare you the windows details. Copy clone URL Create…

Vlan tags are a supported feature of the MikroTik routers and switches. Generally speaking, the MikroTik treats all vlans as a seperate interface.  The vlan interface applied to an ethernet interface strips off vlan tags inbound, and tags outbound traffic destined for that specific vlan.  Below is a base configuration, with tower1 at left, and…

Preparing a CentOS 7 minimal installation for use in a VMware vSphere environment: Install CentOS7 Net-tools includes ifconfig which is required to take advantage of the Customization Specification Templates bzip2 is required by the VirtualBox Guest Additions cifs-utils is required to mount Samba shares yum install -y cifs-utils net-tools bzip2 If you are using Windows…

To deploy an os to a production ready environment, one must install the following first: Git for windows – ensure you allow adding to path variable, and include running unix tools natively. Ruby 2.1.7 – http://rubyinstaller.org/downloads/ Vagrant 1.7.4+ – https://www.vagrantup.com/ Next, we must run the dev kit installation – Ruby DevKit for 2.0+ mingw64-32-4.7.2 – http://rubyinstaller.org/downloads/ more detailed…

This is from a series of notes recovered from a broken instance of a note taking application I used in 2015. I had learned Vagrant and Puppet on the flight to Kansas City, and prepared a proof of concept. These are the notes resulting from the flight. In retrospect, I had no idea the expectation…

Below are my initial notes from disassembling the Cambium 2400 Subscriber Module. Powering up the subscriber module requires a 24v 400mA power supply; like the Ubiquiti power bricks.  To make a power cord to power using the Ubiquiti brick requires a cord with a normal Ethernet termination on one end and reverse Blues and Browns on…

After downloading, the first step was booting the vulnerable VM up, and starting a service scan using Nmap with Kali Linux.  While that’s left to simmer on the back burner, I begin with a browser, browsing directly to the IP address my router handed out via DHCP to the vulnerable virtual machine. Noticing port 80…

Import-Module ADDSDeploymentInstall-ADDSForest `-CreateDnsDelegation:$false `-DatabasePath “C:\Windows\NTDS” `-DomainMode “WinThreshold” `-DomainName “home.local” `-DomainNetbiosName “HOME” `-ForestMode “WinThreshold” `-InstallDns:$true `-LogPath “C:\Windows\NTDS” `-NoRebootOnCompletion:$false `-SysvolPath “C:\Windows\SYSVOL” `-Force:$true

If you followed the previous tutorial on Windows, you may be wondering how to connect. If you have the GNU/Linux subsystem installed on your Windows host, it is as simple as using SSH -i, for users of Putty, I present a brief tutorial. To connect, we must launch putty, and at the left, expand Connection,…

On a fresh Windows host, install virtualbox, Hyper-V or VMware Desktop. We use virtualbox from Oracle for this example. Get a vagrant box download started, I chose a centos6 build with puppet: Open a command propmt, use the following commands from vagrantup.com: You may select from http://www.vagrantbox.es/ or https://portal.cloud.hashicorp.com/vagrant/discover/jabreity/ for my boxes (Windows 11 is…

PCI Controller plus flex cable allows for the addition of a minimal video card. As of 2013, they are running FreeDOS. CN KBMS2 is the PS/2 keyboard header. After some trial and error with the creation of this cable (sacraficed a PS/2 keyboard) The completed cable was shrink wrapped. I was able to get beyond…

1. CSRF Tokens 2. SameSite Cookies 3. Referer-Based Validation 4. Burp Suite CSRF PoC Generation 5. Mitigations

Occasionally folks such as myself post encoded challenges, and use differing bases to keep challenges fresh and interesting. Often the number used can have a deeper meaning, or perhaps be gleaned from other context within a challenge.

Nearing the anniversary of one of my most popular blog posts, I decided to contribute a base64 sliding window encoder, allowing for ease of searching for concealed content. I invented this methodology of search out of need, and share it here for free for the benefit of all humanity.

Many folks may not realize this, but most WebRTC applications rely upon public-facing third party TURN servers for communication within applications. If you are using a third-party to facilitate TURN connections, you are potentially revealing the contents of your data. Often TURN server communications are done in cleartext, or using an oft-overlooked HTTPS version and…

The below vagrantfile describes the process required for compiling the latest Llama.cpp tools for use with local GGUF based models. This is useful, as the training tools have been removed from the current build of Llama.cpp, and they are simple to add if you know where to look. I will leave the sourcing of the…

Similar to Windows 11, the below vagrantfile deploys my custom build of Server 2022 with the intent of being as close to a default deployment as possible. The minimum modifications have been performed in order to facilitate use as a vagrant base. The base box is hosted in the Hashicorp cloud. This provides the basis…

Odoo is an open source ERP and CRM offering many e-commerce line of business applications in what can be surmised as a value play in the ERP market. With competitors offering similar products for thousands of dollars per month, this has become quite popular with many start-ups and brick and mortar integration vendors. This deployment…

Another useful tool I like to have available is a remote instance of Google’s multi-process and multi-threaded fuzzer. This allows for the use of a command-line interface via ssh on a remotely hosted machine. This can be deployed in the cloud, or in my instance, on a machine in another room, keeping my office cool…

The following vagrantfile describes a host configured to bring up the NSA’s Ghidra interactive debugger featuring disassembly tooling for a variety of processors. Using this vagrantfile to establish a remote session to the host will allow for the use of an SSH tunneled connection to an X11 session, and via session forwarding allow the use…

The following script provides the ability to automate the scraping of Google search engine results. The challenge is, you will be throttled while using this. I have taken no precautions against concealing the type and nature of requests. Typically, Google provides a warning page indicating you have exceeded the number of automated requests, and to…

Of note, many applications may not run correctly under Wine (Wine Is Not An Emulator) for a variety of reasons. Using Windows as a client operating system on a KVM/QEMU GNU/Linux host is an excellent approach to the challenge. The following provides an example of my Veilid Network Windows 11 testing host. This uses a…

Using WordPress for many websites over the years, I have hosted in a variety of public shared environments. Mitigating the challenges with such an arrangement has been interesting. Given the rising price associated with hosting, I decided I would move my hosting in-house. While this is not ideal for many individuals, this presented an opportunity…

I enjoyed the conference thoroughly, despite recovering from illness earlier this week. While I could attribute the low placement to illness, it was genuinely due to a lack of time and effort with a compressed week. 33rd is not inspiring performance, but the COBOL challenge was an enjoyable way to recover. Limited time resulted in…

Shell Command Reference Reboot to BIOS * Windows: * Linux: Find filename in filesystem containing flag * Windows: * Linux: Find key in file on filesystem * Windows: * Linux: Check DLL signature for list of files * Windows: Clean up Windows host temp files, and speed up UI by ensuring data read sequentially is…

Attending the prior years’ CTF, I was excited when I learned this years’ CTF was available publicly. Participating remotely, I placed 12th out of 66, which I felt was acceptable. I would like to thank the team for putting together quite an enjoyable weekend of hacking and study for me, a remote participant. Attached I…

If you’ve not been following, it’s a great time to catch up on recent developments.  The plot remains the same.  More Levietra spam, site still not completely clean.  To summarize the previous methods of removal: 1. validate changes to files by date.  Check out changed files versus known good – Again, the development GitHub proves…

Continuing from yesterday, the result of comparing the framework.php with an unexpected date to the original joomla files for that build (Folks, you can patch with individual files from GitHub.  Go back in time to about the same date as the non-hacked files indicated in the header, and click on raw) and we are left…

This is perhaps the most elegantly executed Joomla! search result hijack I have seen to date. Symptoms presented five days prior to the root of the issue being discovered. Unaware to anyone, Inbound google web crawls were being filled with spam for Levitra products, which was most definitely not what the client intended to sell.…

Recently a new client’s site we recently migrated in was not working correctly – the site browsed fine when you visit it directly, but incoming links from Facebook, Google, and Bing were being redirected to a domain name I couldn’t find anywhere in the site code. I like many others could find it easy to…