Over the weekend, I participated in the Metasploit CTF. It was a lot of fun and I learned some new tricks as well as revisited some old tricks. While my team didn't finish in the top 5 this time, here's my writeups of the flags I worked on. My teammates may have their own writeups.
Author: h4ckNinja
I’m in your Chef Server
Before we get to breaking things, let's do a little background on Chef and why you should care. For pentesters and red teamers, offensively we care about the data and the impact these tools present to the organizations we serve. If you are on the blue team side and looking to defend, hopefully this post … Continue reading I’m in your Chef Server
The time I fought off a hacker … live
DisclaimerThis story includes events from my career. I may have to intentionally leave out details to avoid identification. You see it in TV shows and movies where someone is fighting a hacker. They go back and forth, turning each other's lights off, maybe trade witty banter as the camera goes back and forth, and it's … Continue reading The time I fought off a hacker … live
One of my exploits was on NCIS and Hollywood got it wrong
Imagine my surprise - and delight - when one of my exploits ended up on NCIS Season 16 Ep. 14 - Once Upon a Tim. Screenshot of "Once Upon a Tim" from NCIS Season 16 This exploit, from ExploitDB, takes advantage of a Remote Code Execution vulnerability in the software package H2 Database. What that … Continue reading One of my exploits was on NCIS and Hollywood got it wrong
[Advisory] Streamlabs Prime Website
About This is a disclosure for Streamlabs. Streamlabs is a company that offers tools for streamers on various platforms, such as alerts of follows, donations, or raids. They also offer tools like wheel spins that can be customized for the streamer. When a streamer sets up a profile on Streamlabs' customizable website, they can opt … Continue reading [Advisory] Streamlabs Prime Website
Reflections on my birthday
Every year when my birthday comes around, I try to use it as an opportunity to reflect on where I've been, where I am, and where I want to be. I try to use this as an opportunity to reflect positively, and maybe share some uplifting lessons I've learned. But as most of us know, … Continue reading Reflections on my birthday
What’s in a version number?
You're assessing a website. You get an HTTP response that looks like this: HTTP/2.0 200 OK content-type: text/html; charset=utf-8 expires: Sat, 01 Jan 2000 00:00:00 GMT x-frame-options: DENY x-powered-by: PHP/5.1.5 pragma: no-cache strict-transport-security: max-age=15552000; preload cache-control: private, no-cache, no-store, must-revalidate date: Tue, 18 Jun 2019 04:28:37 GMT X-Firefox-Spdy: h2 What do you report? If you've … Continue reading What’s in a version number?
Antsle: Initial thoughts
The Antsle is a slick piece of hardware that is billed as a "private cloud." Capable of running LXC and Docker containers and KVM virtual machines, its software, antMan, is a nice addition to an otherwise-limited set of options. antMan Within this interface, you can create new VMs, what they call antlets, in either a … Continue reading Antsle: Initial thoughts
Burp SSL_ERROR_RX_RECORD_TOO_LONG on Kali Linux
Browser displays this strange message SSL_ERROR_RX_RECORD_TOO_LONG on Kali is caused by using Java 11 (installed and set to default in Kali). Even though Burp does send requests and receive the responses, for some odd reason, the browser receives this error from Burp. And to make things more confusing, there's no message in the Alerts tab … Continue reading Burp SSL_ERROR_RX_RECORD_TOO_LONG on Kali Linux
Git secret surfing
One-liner to checkout all git revisions Why? This will get you the ability to look through git history in a set of folders. This is especially useful when you need to find credentials that were removed from the current revision, but not changed. *cough* Let's break it down: git log --format=oneline | cut -d " … Continue reading Git secret surfing