Bypassing regular expression checks with a line feed
Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious.
Posts by Category
CTF
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box
Hack the Box Write-up #8: Fuse
Write-up of “Fuse” from Hack The Box
Splitting a binary into chunks on Linux, and re-combining them on Windows
Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into p...
Disabling NX in Linux via Kernel Parameter (using GRUB)
To boot Linux without Data Execution Prevention, so that the OS doesn’t mark certain memory regions as non-executable, we…
Exploiting Python pickles
How unpickling untrusted data can lead to remote code execution.
Hack the Box Write-up #7: Bart
Write-up of “Bart” from Hack The Box
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
Hack the Box Write-up #5: TartarSauce
Write-up of “TartarSauce” from Hack The Box
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
Hack the Box Write-up #3: Netmon
Write-up of “Netmon” from Hack The Box
Hack the Box Write-up #2: Networked
Write-up of “Networked” from Hack The Box
Hack the Box Write-up #1: Jerry
Write-up of “Jerry” from Hack The Box
Databases
MySQL case-sensitive LIKE search
When searching for partial strings in MySQL with LIKE you will match case-insensitive by default*.
SQL: Get the count of related records
Micro tutorial: SQL select the count of related records and sort by it.
FileMaker
FileMaker Server Admin Console: Access and Role Restriction Issues
Description of the issues I found in the implementation of various Admin Console restriction settings
Exploring the fmp12 file format; or: what was my password again?
An exploration of the fmp12 file format and account and password storage
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
Uploading files to FileMaker Server without a Pro client
Back in the dark ages the FileMaker Server admin console (then Java Web Start) allowed you to remotely upload new fmp12 files to the server. For some reason ...
Monitoring FileMaker scheduled scripts
Tutorial about monitoring FileMaker scheduled scripts for uptime
Remote debugging Claris Data API
When debugging code that integrates with the Claris FileMaker Data API, it is sometimes helpful to trace a request from your app all the way to the code of t...
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
Fix error 853 when encrypting FileMaker databases
Have you ever gotten the following error after trying to encrypt your FileMaker databases?
python-fmrest compatibility with the new FileMaker 17 Data API
A few hours ago FileMaker 17 was released, and with it an updated Data API, which is now finally out of trial phase.
Working with FileMaker data in Python
This is an old post. You may also be interested in accessing your FileMaker database via the new Data API. I wrote a Python wrapper to make it easier: python...
Hardware
Building a 6502 Computer
My notes of building a computer based on the 6502 microprocessor following Ben Eater’s design.
Reading Aranet4 sensor data from Python
How to get current readings from your Aranet4 CO2 monitor
Running ESXi on Intel NUC8i7HVK (with 64 GB of RAM)
I recently bought an Intel NUC8i7HVK to work as an ESXi host. In this post I walk you through the process of installation and initial setup.
JavaScript
SVG and JavaScript: transform viewport coordinates into element coordinates
A couple of months ago I built a JavaScript application that allows adding points and labels to locations on a building floorplan. The whole canvas (not HTML...
Mathematics
The basics of Logarithms – with examples
Logarithms are widely used in computer science (e.g. for algorithm analyses, floating point number limitations, scaling data, feature transformations). Not c...
LaTeX mathematics cheat sheet
LaTeX is the de facto standard typesetting system for scientific writing. Find a a cheat sheet with the most frequent used mathematics commands here.
Micro Tutorial
MySQL case-sensitive LIKE search
When searching for partial strings in MySQL with LIKE you will match case-insensitive by default*.
Running a script in the Windows Local System account
Today I needed to debug a scheduled script and test its behavior when run in the Windows Local System account instead of my regular domain user’s (this was o...
Load password protected Excel files into Pandas DataFrame
When trying to read an Excel file into a Pandas DataFrame gives you the following error, the issue might be that you are dealing with a password protected Ex...
Using vi commands in your bash shell
Entering a long shell command and then moving the cursor around to correct parts of it always felt a bit clunky to me. I remembered some of the <ctrl>/...
Count elementwise matches for two NumPy arrays
Let’s say we have two integer NumPy arrays and want to count the number of elementwise matches.
SQL: Get the count of related records
Micro tutorial: SQL select the count of related records and sort by it.
Pandas: Select rows that match a string
Micro tutorial: select rows of a Pandas DataFrame that match a (partial) string.
Miscellaneous
allgood.systems: get a Slack message when your server goes down
I was recently asked if it’s possible to post a message to a Slack channel whenever the state of a monitor on allgood.systems changes (for example, a web ser...
allgood.systems: Monitoring the duration of your background jobs
Since the launch of allgood.systems you were able to monitor if your background jobs, scheduled tasks, cron jobs, etc. were running whenever you expected the...
Uploading files to FileMaker Server without a Pro client
Back in the dark ages the FileMaker Server admin console (then Java Web Start) allowed you to remotely upload new fmp12 files to the server. For some reason ...
Monitoring FileMaker scheduled scripts
Tutorial about monitoring FileMaker scheduled scripts for uptime
Monitor websites and detect when cron jobs and scheduled tasks are not running
TL;DR Want to monitor your websites or get notified when your cron jobs or scheduled tasks are not running when they are supposed to run? Check out https://a...
A few updates
After having neglected my blog over the last few months, I want to start posting more frequently again (New Year’s resolutions and all that).
LaTeX mathematics cheat sheet
LaTeX is the de facto standard typesetting system for scientific writing. Find a a cheat sheet with the most frequent used mathematics commands here.
Python
Reading Aranet4 sensor data from Python
How to get current readings from your Aranet4 CO2 monitor
Handling and confirming (interrupt) signals in Python
Learn how to handle interrupts and other signals in Python.
Python tarfile directory traversal
Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in arc...
Bypassing regular expression checks with a line feed
Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious.
Exploiting Python pickles
How unpickling untrusted data can lead to remote code execution.
UnicodeError when running Python script via macOS LaunchAgent
If you are getting UnicodeErrors when reading/manipulating files using a Python script launched by a LaunchAgent or crontab, the problem might lie in the “cu...
Watch a log file and send new lines to an HTTP endpoint – with log2http
Recently, I wanted to watch a couple of log files for new entries and have them sent to an http endpoint for collection and later analysis. I did a quick res...
python-fmrest compatibility with the new FileMaker 17 Data API
A few hours ago FileMaker 17 was released, and with it an updated Data API, which is now finally out of trial phase.
Using launchd agents to schedule scripts on macOS
Even though launchd has been around for quite some time now, I was still using crontab for scheduling some of my scripts until recently. Since launchd Launch...
Load password protected Excel files into Pandas DataFrame
When trying to read an Excel file into a Pandas DataFrame gives you the following error, the issue might be that you are dealing with a password protected Ex...
Bokeh plots with Flask and AJAX
Tutorial on creating Bokeh plots with an AJAX data source, served from an existing Flask app.
The basics of Logarithms – with examples
Logarithms are widely used in computer science (e.g. for algorithm analyses, floating point number limitations, scaling data, feature transformations). Not c...
Count elementwise matches for two NumPy arrays
Let’s say we have two integer NumPy arrays and want to count the number of elementwise matches.
Running Flask on macOS with mod_wsgi/wsgi-express
Tutorial on setting up your Flask application to run on macOS with WSGI
Pandas: Select rows that match a string
Micro tutorial: select rows of a Pandas DataFrame that match a (partial) string.
Comparing two Excel columns with Pandas and Numpy
Having been asked multiple times if I can quickly compare two numeric columns from an excel file, I set up a small Jupyter notebook (and an R script) to show...
Display inline images in a Jupyter notebook with Matplotlib
Today I was working with the MNIST handwritten digits data and wanted to display a few images in a Jupyter notebook. After looking at PIL, then Pillow, I fou...
Debugging Jupyter notebooks
While searching for ways to debug code in a Jupyter notebook, I found a lot of outdated posts. So I decided to quickly write up my findings.
Resolving import issues when deploying Python code to AWS Lambda
AWS Lambda is Amazon’s “serverless” compute platform that basically lets you run code without thinking (too much) of servers. I used Lambda in the past, thou...
Indexing: A few handy ways to access NumPy arrays
The following code snippets should serve as an (incomplete) cheat sheet for accessing NumPy arrays. All examples expect an import numpy as np.
Working with FileMaker data in Python
This is an old post. You may also be interested in accessing your FileMaker database via the new Data API. I wrote a Python wrapper to make it easier: python...
R Stats
Comparing two Excel columns with Pandas and Numpy
Having been asked multiple times if I can quickly compare two numeric columns from an excel file, I set up a small Jupyter notebook (and an R script) to show...
Security
FileMaker Server Admin Console: Access and Role Restriction Issues
Description of the issues I found in the implementation of various Admin Console restriction settings
Exploring the fmp12 file format; or: what was my password again?
An exploration of the fmp12 file format and account and password storage
Connecting to a private Windows EC2 instance without exposing RDP to the internet
Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this.
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
Beware of wilcards paths in sudo commands
Say you want to allow a non-root user on Linux to execute a couple of scripts as root or another user with more privileges. A common way of doing this is to ...
Python tarfile directory traversal
Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in arc...
nginx alias misconfiguration allowing path traversal
I recently came across an nginx server that had a vulnerable alias configuration which allowed anyone to read files outside the intended directory. In the fo...
Bypassing regular expression checks with a line feed
Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious.
Info leaks via buffered output on HTTP redirects
Writing data to the output buffer before deciding that the response to the current HTTP request should actually be a redirect (for example when an unauthenti...
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
CRTP Certification Review
A couple of days ago I took the exam for the CRTP certification by Pentester Academy. In this review I want to give a quick overview of the course contents, ...
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box
Hack the Box Write-up #8: Fuse
Write-up of “Fuse” from Hack The Box
Disabling NX in Linux via Kernel Parameter (using GRUB)
To boot Linux without Data Execution Prevention, so that the OS doesn’t mark certain memory regions as non-executable, we…
Exploiting Python pickles
How unpickling untrusted data can lead to remote code execution.
Hack the Box Write-up #7: Bart
Write-up of “Bart” from Hack The Box
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
Hack the Box Write-up #5: TartarSauce
Write-up of “TartarSauce” from Hack The Box
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
Hack the Box Write-up #3: Netmon
Write-up of “Netmon” from Hack The Box
Running commands in a specific user context in PowerShell
Using the Invoke-Command Cmlet, you can execute a script block in the security context of a different user.
Hack the Box Write-up #2: Networked
Write-up of “Networked” from Hack The Box
Hack the Box Write-up #1: Jerry
Write-up of “Jerry” from Hack The Box
Reading sniffed SSL/TLS traffic from curl with Wireshark
If you want to debug/inspect/analyze SSL/TLS traffic made by curl, you can easily do so by setting the environment variable SSLKEYLOGFILE to a file path of y...
Pivoting: Setting up a port proxy with netsh on Windows
Pivot by setting up a portproxy between your machine and a machine in another network using “netsh interface portproxy add v4tov4 listenport= connectport= co...
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
Hidden in plain sight: Alternate Data Streams
Have you ever wondered how a file in a file listing is shown with size 0 bytes but can still contain data? Or maybe wondered where all that meta data is stor...
Systems
Connecting to a private Windows EC2 instance without exposing RDP to the internet
Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this.
Beware of wilcards paths in sudo commands
Say you want to allow a non-root user on Linux to execute a couple of scripts as root or another user with more privileges. A common way of doing this is to ...
Handling and confirming (interrupt) signals in Python
Learn how to handle interrupts and other signals in Python.
Terraform: Change EC2 user_data without recreating instance
When you have set up your infrastructure with Terraform and then do any change to the user_data of a EC2 instance, Terraform will detect the change and gener...
Database backups via mysqldump: from MariaDB container to S3
For a little side project I wanted an easy way to perform regular backups of a MariaDB database and upload the resultant dump gzipped to S3.
Dockerfile Entrypoint: “file not found”
I was working with a fairly simple Dockerfile, defining an entrypoint and always got a “not found” error when trying to run the container.
Connecting to a host service from within a container using Docker for Mac
Use host.docker.internal to connect to your host machine.
Splitting a binary into chunks on Linux, and re-combining them on Windows
Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into p...
Disabling NX in Linux via Kernel Parameter (using GRUB)
To boot Linux without Data Execution Prevention, so that the OS doesn’t mark certain memory regions as non-executable, we…
Getting started with Terraform and Infrastructure as Code
Introduction on how to write infrastructure resource definitions and execute them using Terraform.
Running commands in a specific user context in PowerShell
Using the Invoke-Command Cmlet, you can execute a script block in the security context of a different user.
Running ESXi on Intel NUC8i7HVK (with 64 GB of RAM)
I recently bought an Intel NUC8i7HVK to work as an ESXi host. In this post I walk you through the process of installation and initial setup.
Pivoting: Setting up a port proxy with netsh on Windows
Pivot by setting up a portproxy between your machine and a machine in another network using “netsh interface portproxy add v4tov4 listenport= connectport= co...
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
HTTP requests with PowerShell’s Invoke-WebRequest – by Example
A few examples on how to do http requests via PowerShell’s Invoke-Webrequest cmdlet.
Hidden in plain sight: Alternate Data Streams
Have you ever wondered how a file in a file listing is shown with size 0 bytes but can still contain data? Or maybe wondered where all that meta data is stor...
UnicodeError when running Python script via macOS LaunchAgent
If you are getting UnicodeErrors when reading/manipulating files using a Python script launched by a LaunchAgent or crontab, the problem might lie in the “cu...
Debugging stories: What’s that 404 error?
Here is a little story about resolving an issue with a web site that turned out not to be an issue with a web site :-)
Running a script in the Windows Local System account
Today I needed to debug a scheduled script and test its behavior when run in the Windows Local System account instead of my regular domain user’s (this was o...
Using launchd agents to schedule scripts on macOS
Even though launchd has been around for quite some time now, I was still using crontab for scheduling some of my scripts until recently. Since launchd Launch...
Using vi commands in your bash shell
Entering a long shell command and then moving the cursor around to correct parts of it always felt a bit clunky to me. I remembered some of the <ctrl>/...
Basic understanding of IPv4 addresses
In a recent project I needed to anonymize IP addresses in tracking data. While masking a few bits from an IP address is not so interesting, it’s a good excus...
VPN: Temporarily solve same subnet conflicts
I recently had the problem of needing to establish a connection to a server behind a VPN that was in the same subnet as the network I was connecting from. Ev...
Running Flask on macOS with mod_wsgi/wsgi-express
Tutorial on setting up your Flask application to run on macOS with WSGI
Sharing a VPN connection with another device on macOS Sierra/El Capitan
There are multiple reasons why you would want to share a VPN connection from your Mac with another device. Maybe you have to install a proprietary VPN client...
Web
Remote debugging Claris Data API
When debugging code that integrates with the Claris FileMaker Data API, it is sometimes helpful to trace a request from your app all the way to the code of t...
Remote debugging NodeJS apps
When you want to debug an application in an environment which is hard to replicate locally and/or you cannot install additional software on the machine it is...
HTTP requests with PowerShell’s Invoke-WebRequest – by Example
A few examples on how to do http requests via PowerShell’s Invoke-Webrequest cmdlet.