CCD (img) images are created by CloneCD and therefore, proprietary. To be able mount them on Linux, you have to convert them to ISO images. ccd2iso tool comes to help for this purpose. ccdiso image.img image.iso You know the rest; mount -o loop,ro image.iso /your_mountpoint
[NetSec] Keeping Authentication Tokens Safe
An authentication token should not be left as it is in the database; that's common sense. But, applying a heavy hashing algorithm to secure it, also doesn't make much sense. Why? Authentication token, if it is created properly (128bits etc), is already very secure by itself. And by its nature, it doesn't contain any username… Continue reading [NetSec] Keeping Authentication Tokens Safe
[CTF] CTFLearn.com – Basic Injection
Ok, here is the solution for the very basic SQL injection CTF located on https://web.ctflearn.com/web4/. When you load the page you see this: There is nothing to do here, except entering some inputs, which leads nowhere. So, I checked the source code of the webpage. Very simple stuff, but look at that comment line. I tried… Continue reading [CTF] CTFLearn.com – Basic Injection
[NetSec] Firewall Bursting
Firewalls these days are packed with wide range of UTM capabilities like IPS, anti-virus, application filtering and web filtering. All these features might add huge constraint on the device itself, as they require higher CPU and memory resources than simple packet filtering by ip addresses and port numbers. This might become an even bigger problem… Continue reading [NetSec] Firewall Bursting
[NetSec] Fortigate Policy Exporter
I wrote a very simple yet useful script to export Fortigate firewall policies in CSV format. As you may see, what it does is simply catching the keywords from the fields that we want to export and print the output directly to a file called output.csv. It is also on Github under GPL. # Fortigate… Continue reading [NetSec] Fortigate Policy Exporter
[NetSec] Beware of the “D” State
When you issue the top command on a Fortigate firewall, you see the states of the processes along with the other information such as CPU and memory usage. Here is an example: Run Time: 356 days, 7 hours and 13 minutes 13U, 0N, 22S, 65I; 15972T, 7794F, 1013KF ipsengine 12441 S < 27.4 1.0 ipsengine… Continue reading [NetSec] Beware of the “D” State
[WriteUp] – OVERTHEWIRE – LEVIATHAN
Level 0 ssh leviathan0@leviathan.labs.overthewire.org -p 2223 User / Pass : leviathan0 / leviathan0 leviathan0@leviathan:~$ ls -la total 28 drwxr-xr-x 4 leviathan0 leviathan0 4096 Aug 30 19:22 . drwxr-xr-x 11 root root 4096 Aug 30 19:22 .. drwxr-x--- 2 leviathan1 leviathan0 4096 Jun 15 11:38 .backup -rw-r--r-- 1 leviathan0 leviathan0 220 Apr 9 2014 .bash_logout -rw-r--r--… Continue reading [WriteUp] – OVERTHEWIRE – LEVIATHAN
[Retro] WiModem232 For The Amiga
Another glorious day for my beloved Amiga. Jim Drew is testing his new Amiga device called WiModem232, and it is a wireless modem for all Amigas via RS-232. As it is known, Amiga's serial port is fairly slow for today's standards, but fortunately, there are some serial device driver replacements which provide up to 115.2Kbps… Continue reading [Retro] WiModem232 For The Amiga
[WriteUp] Tr0ll
Let's scan our network to find the machine first. nmap -sn 172.18.2.0/24 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-11 13:39 +03 Nmap scan report for 172.18.2.1 Host is up (0.019s latency). MAC Address: 00:50:56:01:06:28 (VMware) Nmap scan report for 172.18.2.144 Host is up (0.00065s latency). MAC Address: 08:00:27:62:C8:63 (Oracle VirtualBox virtual NIC) Nmap… Continue reading [WriteUp] Tr0ll
[Fix] IIS Can Not Find The Proxy.Pac
You want to host your PAC file on your IIS enabled Windows server. You setup the server, you copy your PAC file to the root directory of the web server (Default: C:\inetpub\wwwroot), and you try to access your PAC file by typing http://your_server/proxy.pac. And you are surprised by the fact that the server gives you… Continue reading [Fix] IIS Can Not Find The Proxy.Pac