Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
Posts by Tags
6502
AES
API
python-fmrest compatibility with the new FileMaker 17 Data API
A few hours ago FileMaker 17 was released, and with it an updated Data API, which is now finally out of trial phase.
AWS
Connecting to a private Windows EC2 instance without exposing RDP to the internet
Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this.
Terraform: Change EC2 user_data without recreating instance
When you have set up your infrastructure with Terraform and then do any change to the user_data of a EC2 instance, Terraform will detect the change and gener...
Database backups via mysqldump: from MariaDB container to S3
For a little side project I wanted an easy way to perform regular backups of a MariaDB database and upload the resultant dump gzipped to S3.
Resolving import issues when deploying Python code to AWS Lambda
AWS Lambda is Amazon’s “serverless” compute platform that basically lets you run code without thinking (too much) of servers. I used Lambda in the past, thou...
Active Directory
CRTP Certification Review
A couple of days ago I took the exam for the CRTP certification by Pentester Academy. In this review I want to give a quick overview of the course contents, ...
Alternate Data Streams
Hidden in plain sight: Alternate Data Streams
Have you ever wondered how a file in a file listing is shown with size 0 bytes but can still contain data? Or maybe wondered where all that meta data is stor...
Apache
Running Flask on macOS with mod_wsgi/wsgi-express
Tutorial on setting up your Flask application to run on macOS with WSGI
Aranet4
Reading Aranet4 sensor data from Python
How to get current readings from your Aranet4 CO2 monitor
Assembly
Exploring the fmp12 file format; or: what was my password again?
An exploration of the fmp12 file format and account and password storage
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
Bash
Database backups via mysqldump: from MariaDB container to S3
For a little side project I wanted an easy way to perform regular backups of a MariaDB database and upload the resultant dump gzipped to S3.
Hack the Box Write-up #2: Networked
Write-up of “Networked” from Hack The Box
Using vi commands in your bash shell
Entering a long shell command and then moving the cursor around to correct parts of it always felt a bit clunky to me. I remembered some of the <ctrl>/...
Binary Exploitation
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Disabling NX in Linux via Kernel Parameter (using GRUB)
To boot Linux without Data Execution Prevention, so that the OS doesn’t mark certain memory regions as non-executable, we…
Bokeh
Bokeh plots with Flask and AJAX
Tutorial on creating Bokeh plots with an AJAX data source, served from an existing Flask app.
Boto
Resolving import issues when deploying Python code to AWS Lambda
AWS Lambda is Amazon’s “serverless” compute platform that basically lets you run code without thinking (too much) of servers. I used Lambda in the past, thou...
Brute-forcing
Hack the Box Write-up #8: Fuse
Write-up of “Fuse” from Hack The Box
Hack the Box Write-up #7: Bart
Write-up of “Bart” from Hack The Box
Bypass
Bypassing regular expression checks with a line feed
Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious.
CRTP
CRTP Certification Review
A couple of days ago I took the exam for the CRTP certification by Pentester Academy. In this review I want to give a quick overview of the course contents, ...
CVE
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
Certifications
CRTP Certification Review
A couple of days ago I took the exam for the CRTP certification by Pentester Academy. In this review I want to give a quick overview of the course contents, ...
Cheat sheet
LaTeX mathematics cheat sheet
LaTeX is the de facto standard typesetting system for scientific writing. Find a a cheat sheet with the most frequent used mathematics commands here.
Command Injection
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
Hack the Box Write-up #3: Netmon
Write-up of “Netmon” from Hack The Box
Hack the Box Write-up #2: Networked
Write-up of “Networked” from Hack The Box
Cracking
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
Cron
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
Cryptography
Exploring the fmp12 file format; or: what was my password again?
An exploration of the fmp12 file format and account and password storage
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
Curl
Reading sniffed SSL/TLS traffic from curl with Wireshark
If you want to debug/inspect/analyze SSL/TLS traffic made by curl, you can easily do so by setting the environment variable SSLKEYLOGFILE to a file path of y...
DNS
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
Debugging stories: What’s that 404 error?
Here is a little story about resolving an issue with a web site that turned out not to be an issue with a web site :-)
Databases
Database backups via mysqldump: from MariaDB container to S3
For a little side project I wanted an easy way to perform regular backups of a MariaDB database and upload the resultant dump gzipped to S3.
Debugging
Remote debugging Claris Data API
When debugging code that integrates with the Claris FileMaker Data API, it is sometimes helpful to trace a request from your app all the way to the code of t...
Remote debugging NodeJS apps
When you want to debug an application in an environment which is hard to replicate locally and/or you cannot install additional software on the machine it is...
Debugging Jupyter notebooks
While searching for ways to debug code in a Jupyter notebook, I found a lot of outdated posts. So I decided to quickly write up my findings.
DevOps
Terraform: Change EC2 user_data without recreating instance
When you have set up your infrastructure with Terraform and then do any change to the user_data of a EC2 instance, Terraform will detect the change and gener...
Getting started with Terraform and Infrastructure as Code
Introduction on how to write infrastructure resource definitions and execute them using Terraform.
Directory Traversal
Python tarfile directory traversal
Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in arc...
nginx alias misconfiguration allowing path traversal
I recently came across an nginx server that had a vulnerable alias configuration which allowed anyone to read files outside the intended directory. In the fo...
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box
Docker
Database backups via mysqldump: from MariaDB container to S3
For a little side project I wanted an easy way to perform regular backups of a MariaDB database and upload the resultant dump gzipped to S3.
Dockerfile Entrypoint: “file not found”
I was working with a fairly simple Dockerfile, defining an entrypoint and always got a “not found” error when trying to run the container.
Connecting to a host service from within a container using Docker for Mac
Use host.docker.internal to connect to your host machine.
EC2
Connecting to a private Windows EC2 instance without exposing RDP to the internet
Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this.
ESXi
Running ESXi on Intel NUC8i7HVK (with 64 GB of RAM)
I recently bought an Intel NUC8i7HVK to work as an ESXi host. In this post I walk you through the process of installation and initial setup.
El Capitan
Sharing a VPN connection with another device on macOS Sierra/El Capitan
There are multiple reasons why you would want to share a VPN connection from your Mac with another device. Maybe you have to install a proprietary VPN client...
Excel
Load password protected Excel files into Pandas DataFrame
When trying to read an Excel file into a Pandas DataFrame gives you the following error, the issue might be that you are dealing with a password protected Ex...
Comparing two Excel columns with Pandas and Numpy
Having been asked multiple times if I can quickly compare two numeric columns from an excel file, I set up a small Jupyter notebook (and an R script) to show...
Exponents
The basics of Logarithms – with examples
Logarithms are widely used in computer science (e.g. for algorithm analyses, floating point number limitations, scaling data, feature transformations). Not c...
File formats
Exploring the fmp12 file format; or: what was my password again?
An exploration of the fmp12 file format and account and password storage
File transfer
Splitting a binary into chunks on Linux, and re-combining them on Windows
Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into p...
Flask
Bokeh plots with Flask and AJAX
Tutorial on creating Bokeh plots with an AJAX data source, served from an existing Flask app.
Running Flask on macOS with mod_wsgi/wsgi-express
Tutorial on setting up your Flask application to run on macOS with WSGI
Forensics
Exploring the fmp12 file format; or: what was my password again?
An exploration of the fmp12 file format and account and password storage
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
GDB
Exploring the fmp12 file format; or: what was my password again?
An exploration of the fmp12 file format and account and password storage
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
GRUB
Disabling NX in Linux via Kernel Parameter (using GRUB)
To boot Linux without Data Execution Prevention, so that the OS doesn’t mark certain memory regions as non-executable, we…
HTTP
Info leaks via buffered output on HTTP redirects
Writing data to the output buffer before deciding that the response to the current HTTP request should actually be a redirect (for example when an unauthenti...
Hardware
Building a 6502 Computer
My notes of building a computer based on the 6502 microprocessor following Ben Eater’s design.
IPv4
Basic understanding of IPv4 addresses
In a recent project I needed to anonymize IP addresses in tracking data. While masking a few bits from an IP address is not so interesting, it’s a good excus...
IPv6
Basic understanding of IPv4 addresses
In a recent project I needed to anonymize IP addresses in tracking data. While masking a few bits from an IP address is not so interesting, it’s a good excus...
IaC
Terraform: Change EC2 user_data without recreating instance
When you have set up your infrastructure with Terraform and then do any change to the user_data of a EC2 instance, Terraform will detect the change and gener...
Getting started with Terraform and Infrastructure as Code
Introduction on how to write infrastructure resource definitions and execute them using Terraform.
Information Disclosure
Info leaks via buffered output on HTTP redirects
Writing data to the output buffer before deciding that the response to the current HTTP request should actually be a redirect (for example when an unauthenti...
Input Validation
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Invoke-WebRequest
HTTP requests with PowerShell’s Invoke-WebRequest – by Example
A few examples on how to do http requests via PowerShell’s Invoke-Webrequest cmdlet.
Iodine
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
JavaScript
SVG and JavaScript: transform viewport coordinates into element coordinates
A couple of months ago I built a JavaScript application that allows adding points and labels to locations on a building floorplan. The whole canvas (not HTML...
Jupyter
Display inline images in a Jupyter notebook with Matplotlib
Today I was working with the MNIST handwritten digits data and wanted to display a few images in a Jupyter notebook. After looking at PIL, then Pillow, I fou...
Debugging Jupyter notebooks
While searching for ways to debug code in a Jupyter notebook, I found a lot of outdated posts. So I decided to quickly write up my findings.
LLDB
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
LXC
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
LaTeX
LaTeX mathematics cheat sheet
LaTeX is the de facto standard typesetting system for scientific writing. Find a a cheat sheet with the most frequent used mathematics commands here.
Lambda
Resolving import issues when deploying Python code to AWS Lambda
AWS Lambda is Amazon’s “serverless” compute platform that basically lets you run code without thinking (too much) of servers. I used Lambda in the past, thou...
Laravel
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
Linux
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
Handling and confirming (interrupt) signals in Python
Learn how to handle interrupts and other signals in Python.
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box
Splitting a binary into chunks on Linux, and re-combining them on Windows
Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into p...
Disabling NX in Linux via Kernel Parameter (using GRUB)
To boot Linux without Data Execution Prevention, so that the OS doesn’t mark certain memory regions as non-executable, we…
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
Hack the Box Write-up #5: TartarSauce
Write-up of “TartarSauce” from Hack The Box
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
Hack the Box Write-up #2: Networked
Write-up of “Networked” from Hack The Box
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
Local File Disclosure
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
Log Poisoning
Hack the Box Write-up #7: Bart
Write-up of “Bart” from Hack The Box
Logarithms
The basics of Logarithms – with examples
Logarithms are widely used in computer science (e.g. for algorithm analyses, floating point number limitations, scaling data, feature transformations). Not c...
Logging
Watch a log file and send new lines to an HTTP endpoint – with log2http
Recently, I wanted to watch a couple of log files for new entries and have them sent to an http endpoint for collection and later analysis. I did a quick res...
Malware
Hidden in plain sight: Alternate Data Streams
Have you ever wondered how a file in a file listing is shown with size 0 bytes but can still contain data? Or maybe wondered where all that meta data is stor...
MathJax
LaTeX mathematics cheat sheet
LaTeX is the de facto standard typesetting system for scientific writing. Find a a cheat sheet with the most frequent used mathematics commands here.
Matplotlib
Display inline images in a Jupyter notebook with Matplotlib
Today I was working with the MNIST handwritten digits data and wanted to display a few images in a Jupyter notebook. After looking at PIL, then Pillow, I fou...
Meta
A few updates
After having neglected my blog over the last few months, I want to start posting more frequently again (New Year’s resolutions and all that).
MySQL
Database backups via mysqldump: from MariaDB container to S3
For a little side project I wanted an easy way to perform regular backups of a MariaDB database and upload the resultant dump gzipped to S3.
MySQL case-sensitive LIKE search
When searching for partial strings in MySQL with LIKE you will match case-insensitive by default*.
NAT
Sharing a VPN connection with another device on macOS Sierra/El Capitan
There are multiple reasons why you would want to share a VPN connection from your Mac with another device. Maybe you have to install a proprietary VPN client...
NTFS
Hidden in plain sight: Alternate Data Streams
Have you ever wondered how a file in a file listing is shown with size 0 bytes but can still contain data? Or maybe wondered where all that meta data is stor...
Networking
Connecting to a host service from within a container using Docker for Mac
Use host.docker.internal to connect to your host machine.
Splitting a binary into chunks on Linux, and re-combining them on Windows
Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into p...
Reading sniffed SSL/TLS traffic from curl with Wireshark
If you want to debug/inspect/analyze SSL/TLS traffic made by curl, you can easily do so by setting the environment variable SSLKEYLOGFILE to a file path of y...
Pivoting: Setting up a port proxy with netsh on Windows
Pivot by setting up a portproxy between your machine and a machine in another network using “netsh interface portproxy add v4tov4 listenport= connectport= co...
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
Networks
Basic understanding of IPv4 addresses
In a recent project I needed to anonymize IP addresses in tracking data. While masking a few bits from an IP address is not so interesting, it’s a good excus...
NodeJS
Remote debugging Claris Data API
When debugging code that integrates with the Claris FileMaker Data API, it is sometimes helpful to trace a request from your app all the way to the code of t...
Remote debugging NodeJS apps
When you want to debug an application in an environment which is hard to replicate locally and/or you cannot install additional software on the machine it is...
Numpy
Count elementwise matches for two NumPy arrays
Let’s say we have two integer NumPy arrays and want to count the number of elementwise matches.
Comparing two Excel columns with Pandas and Numpy
Having been asked multiple times if I can quickly compare two numeric columns from an excel file, I set up a small Jupyter notebook (and an R script) to show...
Indexing: A few handy ways to access NumPy arrays
The following code snippets should serve as an (incomplete) cheat sheet for accessing NumPy arrays. All examples expect an import numpy as np.
ODBC
Working with FileMaker data in Python
This is an old post. You may also be interested in accessing your FileMaker database via the new Data API. I wrote a Python wrapper to make it easier: python...
Open Source
python-fmrest compatibility with the new FileMaker 17 Data API
A few hours ago FileMaker 17 was released, and with it an updated Data API, which is now finally out of trial phase.
PBKDF2
Exploring the fmp12 file format; or: what was my password again?
An exploration of the fmp12 file format and account and password storage
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
PHP
Info leaks via buffered output on HTTP redirects
Writing data to the output buffer before deciding that the response to the current HTTP request should actually be a redirect (for example when an unauthenti...
PRTG
Hack the Box Write-up #3: Netmon
Write-up of “Netmon” from Hack The Box
Pandas
Load password protected Excel files into Pandas DataFrame
When trying to read an Excel file into a Pandas DataFrame gives you the following error, the issue might be that you are dealing with a password protected Ex...
Pandas: Select rows that match a string
Micro tutorial: select rows of a Pandas DataFrame that match a (partial) string.
Comparing two Excel columns with Pandas and Numpy
Having been asked multiple times if I can quickly compare two numeric columns from an excel file, I set up a small Jupyter notebook (and an R script) to show...
Working with FileMaker data in Python
This is an old post. You may also be interested in accessing your FileMaker database via the new Data API. I wrote a Python wrapper to make it easier: python...
Pickle
Exploiting Python pickles
How unpickling untrusted data can lead to remote code execution.
Pivoting
Pivoting: Setting up a port proxy with netsh on Windows
Pivot by setting up a portproxy between your machine and a machine in another network using “netsh interface portproxy add v4tov4 listenport= connectport= co...
PowerShell
Running commands in a specific user context in PowerShell
Using the Invoke-Command Cmlet, you can execute a script block in the security context of a different user.
HTTP requests with PowerShell’s Invoke-WebRequest – by Example
A few examples on how to do http requests via PowerShell’s Invoke-Webrequest cmdlet.
Proxies
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Pivoting: Setting up a port proxy with netsh on Windows
Pivot by setting up a portproxy between your machine and a machine in another network using “netsh interface portproxy add v4tov4 listenport= connectport= co...
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
RDP
Connecting to a private Windows EC2 instance without exposing RDP to the internet
Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this.
REST
python-fmrest compatibility with the new FileMaker 17 Data API
A few hours ago FileMaker 17 was released, and with it an updated Data API, which is now finally out of trial phase.
RFI
Hack the Box Write-up #5: TartarSauce
Write-up of “TartarSauce” from Hack The Box
Registry
Hack the Box Write-up #7: Bart
Write-up of “Bart” from Hack The Box
Regular Expressions
Bypassing regular expression checks with a line feed
Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious.
Remote code execution
Exploiting Python pickles
How unpickling untrusted data can lead to remote code execution.
Reverse Engineering
Uploading files to FileMaker Server without a Pro client
Back in the dark ages the FileMaker Server admin console (then Java Web Start) allowed you to remotely upload new fmp12 files to the server. For some reason ...
Ruby
Bypassing regular expression checks with a line feed
Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious.
SMB
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
Hack the Box Write-up #8: Fuse
Write-up of “Fuse” from Hack The Box
SQL
SQL: Get the count of related records
Micro tutorial: SQL select the count of related records and sort by it.
SQL Injection
Hack the Box Write-up #4: Cronos
Write-up of “Cronos” from Hack The Box
SSH
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Tunneling network traffic over DNS with Iodine and a SSH SOCKS proxy
Setting up a DNS tunnel and SOCKS proxy to send/receive data via restricted networks.
SSL
Reading sniffed SSL/TLS traffic from curl with Wireshark
If you want to debug/inspect/analyze SSL/TLS traffic made by curl, you can easily do so by setting the environment variable SSLKEYLOGFILE to a file path of y...
SSRF
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
SVG
SVG and JavaScript: transform viewport coordinates into element coordinates
A couple of months ago I built a JavaScript application that allows adding points and labels to locations on a building floorplan. The whole canvas (not HTML...
SeLoadDriverPrivilege
Hack the Box Write-up #8: Fuse
Write-up of “Fuse” from Hack The Box
Serialization
Exploiting Python pickles
How unpickling untrusted data can lead to remote code execution.
Serverless
Resolving import issues when deploying Python code to AWS Lambda
AWS Lambda is Amazon’s “serverless” compute platform that basically lets you run code without thinking (too much) of servers. I used Lambda in the past, thou...
Sets
Comparing two Excel columns with Pandas and Numpy
Having been asked multiple times if I can quickly compare two numeric columns from an excel file, I set up a small Jupyter notebook (and an R script) to show...
Sierra
VPN: Temporarily solve same subnet conflicts
I recently had the problem of needing to establish a connection to a server behind a VPN that was in the same subnet as the network I was connecting from. Ev...
Sharing a VPN connection with another device on macOS Sierra/El Capitan
There are multiple reasons why you would want to share a VPN connection from your Mac with another device. Maybe you have to install a proprietary VPN client...
Signals
Handling and confirming (interrupt) signals in Python
Learn how to handle interrupts and other signals in Python.
Socket.IO
FileMaker Server Admin Console: Access and Role Restriction Issues
Description of the issues I found in the implementation of various Admin Console restriction settings
Sudo
Beware of wilcards paths in sudo commands
Say you want to allow a non-root user on Linux to execute a couple of scripts as root or another user with more privileges. A common way of doing this is to ...
Systems Manager
Connecting to a private Windows EC2 instance without exposing RDP to the internet
Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this.
TCP/IP
Basic understanding of IPv4 addresses
In a recent project I needed to anonymize IP addresses in tracking data. While masking a few bits from an IP address is not so interesting, it’s a good excus...
Terraform
Terraform: Change EC2 user_data without recreating instance
When you have set up your infrastructure with Terraform and then do any change to the user_data of a EC2 instance, Terraform will detect the change and gener...
Getting started with Terraform and Infrastructure as Code
Introduction on how to write infrastructure resource definitions and execute them using Terraform.
Tomcat
Hack the Box Write-up #9: Tabby
Write-up of “Tabby” from Hack The Box
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
Hack the Box Write-up #1: Jerry
Write-up of “Jerry” from Hack The Box
Updates
A few updates
After having neglected my blog over the last few months, I want to start posting more frequently again (New Year’s resolutions and all that).
VPN
VPN: Temporarily solve same subnet conflicts
I recently had the problem of needing to establish a connection to a server behind a VPN that was in the same subnet as the network I was connecting from. Ev...
Sharing a VPN connection with another device on macOS Sierra/El Capitan
There are multiple reasons why you would want to share a VPN connection from your Mac with another device. Maybe you have to install a proprietary VPN client...
Virtualization
Running ESXi on Intel NUC8i7HVK (with 64 GB of RAM)
I recently bought an Intel NUC8i7HVK to work as an ESXi host. In this post I walk you through the process of installation and initial setup.
Visualization
Bokeh plots with Flask and AJAX
Tutorial on creating Bokeh plots with an AJAX data source, served from an existing Flask app.
WAR
Hack the Box Write-up #1: Jerry
Write-up of “Jerry” from Hack The Box
WSGI
Running Flask on macOS with mod_wsgi/wsgi-express
Tutorial on setting up your Flask application to run on macOS with WSGI
WebSockets
FileMaker Server Admin Console: Access and Role Restriction Issues
Description of the issues I found in the implementation of various Admin Console restriction settings
Windows
Connecting to a private Windows EC2 instance without exposing RDP to the internet
Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this.
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
CRTP Certification Review
A couple of days ago I took the exam for the CRTP certification by Pentester Academy. In this review I want to give a quick overview of the course contents, ...
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Hack the Box Write-up #8: Fuse
Write-up of “Fuse” from Hack The Box
Splitting a binary into chunks on Linux, and re-combining them on Windows
Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into p...
Hack the Box Write-up #7: Bart
Write-up of “Bart” from Hack The Box
Hack the Box Write-up #3: Netmon
Write-up of “Netmon” from Hack The Box
Running commands in a specific user context in PowerShell
Using the Invoke-Command Cmlet, you can execute a script block in the security context of a different user.
Hack the Box Write-up #1: Jerry
Write-up of “Jerry” from Hack The Box
Pivoting: Setting up a port proxy with netsh on Windows
Pivot by setting up a portproxy between your machine and a machine in another network using “netsh interface portproxy add v4tov4 listenport= connectport= co...
HTTP requests with PowerShell’s Invoke-WebRequest – by Example
A few examples on how to do http requests via PowerShell’s Invoke-Webrequest cmdlet.
Hidden in plain sight: Alternate Data Streams
Have you ever wondered how a file in a file listing is shown with size 0 bytes but can still contain data? Or maybe wondered where all that meta data is stor...
Running a script in the Windows Local System account
Today I needed to debug a scheduled script and test its behavior when run in the Windows Local System account instead of my regular domain user’s (this was o...
Wireshark
Uploading files to FileMaker Server without a Pro client
Back in the dark ages the FileMaker Server admin console (then Java Web Start) allowed you to remotely upload new fmp12 files to the server. For some reason ...
Reading sniffed SSL/TLS traffic from curl with Wireshark
If you want to debug/inspect/analyze SSL/TLS traffic made by curl, you can easily do so by setting the environment variable SSLKEYLOGFILE to a file path of y...
Wordpress
Hack the Box Write-up #5: TartarSauce
Write-up of “TartarSauce” from Hack The Box
X-Forwarded-For
FileMaker Server Admin Console: Access and Role Restriction Issues
Description of the issues I found in the implementation of various Admin Console restriction settings
XML
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
XXE
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
allgood
allgood.systems: get a Slack message when your server goes down
I was recently asked if it’s possible to post a message to a Slack channel whenever the state of a monitor on allgood.systems changes (for example, a web ser...
allgood.systems: Monitoring the duration of your background jobs
Since the launch of allgood.systems you were able to monitor if your background jobs, scheduled tasks, cron jobs, etc. were running whenever you expected the...
Monitoring FileMaker scheduled scripts
Tutorial about monitoring FileMaker scheduled scripts for uptime
Monitor websites and detect when cron jobs and scheduled tasks are not running
TL;DR Want to monitor your websites or get notified when your cron jobs or scheduled tasks are not running when they are supposed to run? Check out https://a...
authbind
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
bleak
Reading Aranet4 sensor data from Python
How to get current readings from your Aranet4 CO2 monitor
crontab
UnicodeError when running Python script via macOS LaunchAgent
If you are getting UnicodeErrors when reading/manipulating files using a Python script launched by a LaunchAgent or crontab, the problem might lie in the “cu...
Using launchd agents to schedule scripts on macOS
Even though launchd has been around for quite some time now, I was still using crontab for scheduling some of my scripts until recently. Since launchd Launch...
launchctl
UnicodeError when running Python script via macOS LaunchAgent
If you are getting UnicodeErrors when reading/manipulating files using a Python script launched by a LaunchAgent or crontab, the problem might lie in the “cu...
Using launchd agents to schedule scripts on macOS
Even though launchd has been around for quite some time now, I was still using crontab for scheduling some of my scripts until recently. Since launchd Launch...
launchd
Using launchd agents to schedule scripts on macOS
Even though launchd has been around for quite some time now, I was still using crontab for scheduling some of my scripts until recently. Since launchd Launch...
log2http
Watch a log file and send new lines to an HTTP endpoint – with log2http
Recently, I wanted to watch a couple of log files for new entries and have them sent to an http endpoint for collection and later analysis. I did a quick res...
macOS
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
Handling and confirming (interrupt) signals in Python
Learn how to handle interrupts and other signals in Python.
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
Connecting to a host service from within a container using Docker for Mac
Use host.docker.internal to connect to your host machine.
UnicodeError when running Python script via macOS LaunchAgent
If you are getting UnicodeErrors when reading/manipulating files using a Python script launched by a LaunchAgent or crontab, the problem might lie in the “cu...
Using launchd agents to schedule scripts on macOS
Even though launchd has been around for quite some time now, I was still using crontab for scheduling some of my scripts until recently. Since launchd Launch...
VPN: Temporarily solve same subnet conflicts
I recently had the problem of needing to establish a connection to a server behind a VPN that was in the same subnet as the network I was connecting from. Ev...
Running Flask on macOS with mod_wsgi/wsgi-express
Tutorial on setting up your Flask application to run on macOS with WSGI
Sharing a VPN connection with another device on macOS Sierra/El Capitan
There are multiple reasons why you would want to share a VPN connection from your Mac with another device. Maybe you have to install a proprietary VPN client...
nginx
nginx alias misconfiguration allowing path traversal
I recently came across an nginx server that had a vulnerable alias configuration which allowed anyone to read files outside the intended directory. In the fo...
procdump
Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
python-fmrest
python-fmrest compatibility with the new FileMaker 17 Data API
A few hours ago FileMaker 17 was released, and with it an updated Data API, which is now finally out of trial phase.
A few updates
After having neglected my blog over the last few months, I want to start posting more frequently again (New Year’s resolutions and all that).
systemd
Hack the Box Write-up #5: TartarSauce
Write-up of “TartarSauce” from Hack The Box
tar
Hack the Box Write-up #5: TartarSauce
Write-up of “TartarSauce” from Hack The Box
tarfile
Python tarfile directory traversal
Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in arc...
vi/vim
Using vi commands in your bash shell
Entering a long shell command and then moving the cursor around to correct parts of it always felt a bit clunky to me. I remembered some of the <ctrl>/...
wget
Hack the Box Write-up #6: Kotarak
Write-up of “Kotarak” from Hack The Box
xlwings
Load password protected Excel files into Pandas DataFrame
When trying to read an Excel file into a Pandas DataFrame gives you the following error, the issue might be that you are dealing with a password protected Ex...