Sunday, May 17, 2020
Monday, April 27, 2020
The Duality of Attackers - Or Why Bad Guys are a Good Thing™
The Duality of Attackers - Or Why Bad Guys are a Good Thing™
The Duality of Attackers - Or Why Bad Guys are a Good Thing™ It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to ...
Read MoreFriday, March 13, 2020
What is your GCP infra worth?...about ~$700 [Bugbounty]
What is your GCP infra worth?...about ~$700 [Bugbounty]
BugBounty story #bugbountytips A fixed but they didn't pay the bugbounty story... Timeline: reported 21 Oct 2019 validated at Critical 23 Oct 2019 validated as fixed 30 Oct 2019 Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019 Information provided for ...
Read MoreMonday, December 16, 2019
Devoops: Nomad with raw_exec enabled
Devoops: Nomad with raw_exec enabled
"Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, ...
Read MoreTuesday, May 14, 2019
Minecraft Mod, Follow up, and Java Reflection
Minecraft Mod, Follow up, and Java Reflection
After yesterday's post, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having ...
Read MoreMonday, May 13, 2019
Minecraft Mod, Mother's Day, and A Hacker Dad
Minecraft Mod, Mother's Day, and A Hacker Dad
Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate. When I asked my son what ...
Read MoreTuesday, March 5, 2019
Jenkins - CVE-2018-1000600 PoC
Jenkins - CVE-2018-1000600 PoC
second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915 This affects the GitHub plugin that is installed ...
Read MoreMonday, March 4, 2019
Jenkins - messing with exploits pt3 - CVE-2019-1003000
Jenkins - messing with exploits pt3 - CVE-2019-1003000
References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln versions: Jenkins < 2.137 (preauth) Pipeline: Declarative Plugin up to ...
Read MoreJenkins - Identify IP Addresses of nodes
Jenkins - Identify IP Addresses of nodes
While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes. You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's ...
Read MoreThursday, February 28, 2019
Jenkins - decrypting credentials.xml
Jenkins - decrypting credentials.xml
If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You need to perform this on the the Jenkins system ...
Read More