Simple Ping Sweep, Port Scan, and Getting Output from Blind Remote Command Execution

Just dumping some quick and dirty one-liners! These are commands I had used to explore locked-down Windows and Linux machines, using bash or powershell when no other binaries were available or could be transferred to the boxes easily. Trying to ping all hosts in a subnet Linux for i in $(seq 1 254); do host=192.168.0.$i; … Continue reading Simple Ping Sweep, Port Scan, and Getting Output from Blind Remote Command Execution

Echo Unreadable Hex Characters in Windows: forfiles

How to transfer small files to a locked-down Windows machine? When there is no option to copy, ftp, or http GET a file. When powershell is blocked so that you can only use Windows cmd commands? My first choice would be to use certutil: certutil is a built-in tool for certificate and PKI management. It … Continue reading Echo Unreadable Hex Characters in Windows: forfiles

Ethereal @ hackthebox: Certificate-Related Rabbit Holes

This post is related to the 'insanely' difficult hackthebox machine Ethereal (created by egre55 and MinatoTW) that was recently retired. Beware - It is not at all a full comprehensive write-up! I zoom in on openssl, X.509 certificates, signing stuff, and related unnecessary rabbit holes that were particularly interesting to me - as somebody who … Continue reading Ethereal @ hackthebox: Certificate-Related Rabbit Holes

Certificates and PKI. The Prequel.

Some public key infrastructures run quietly in the background since years. They are half forgotten until the life of a signed file has come to an end - but then everything is on fire. In contrast to other seemingly important deadlines (Management needs this until XY or the world will come to an end!) this … Continue reading Certificates and PKI. The Prequel.

Modbus Server on Raspberry Pi as Babelfish for UVR16x2

Our main data logger is the Control and Monitoring Interface of the freely programmable controller UVR16x2. There are two pieces of hardware you need for logging - the actual control unit and the logger connected to the controller via the CAN bus. This 'architecture' might be due to historical reasons, but I like the separation … Continue reading Modbus Server on Raspberry Pi as Babelfish for UVR16x2

Unintended 2nd Order SQL Injection

Why I am not afraid of the AI / Big Data / Cloud powered robot apocalypse. SQL order injection means to run custom SQL queries through web interfaces because the input to the intended query is not sanitized, like appending the infamous ' OR '1'='1 to a user name or search term. It is 2nd … Continue reading Unintended 2nd Order SQL Injection

A Color Box. Lost in Translation

It was that time again. The Chief Engineer had rebuilt the technical room from scratch. Each piece of heavy equipment had a new place, each pipe and wire was reborn in a new incarnation (German stories here.) The control system was turned upset down as well, and thus the Data Kraken was looking at its … Continue reading A Color Box. Lost in Translation

Cyber Something

You know you have become a dinosaur when you keep using outdated terminology. Everybody else uses the new buzz word, but you just find it odd. But someday it will creep also into your active vocabulary. Then I will use the tag cyber something, like stating that I work with cyber-physical systems. But am I … Continue reading Cyber Something

Hacking

I am joining the ranks of self-proclaimed productivity experts: Do you feel distracted by social media? Do you feel that too much scrolling feeds transforms your mind - in a bad way? Solution: Go find an online platform that will put your mind in a different state. Go hacking on hackthebox.eu. I have been hacking … Continue reading Hacking

Cloudy Troubleshooting (2)

Unrelated to part 1 - but the same genre. Actors this time: File Cloud: A cloud service for syncing and sharing files. We won't drop a brand name, will we? Client: Another user of File Cloud. [Redacted]: Once known for reliability and as The Best Network. Dark Platform: Wannabe hackers' playground. elkement: Somebody who sometimes just wants to be an … Continue reading Cloudy Troubleshooting (2)