Introduction This blogpost shows some useful configurations for the Mikrotik hAP ac² Wi-Fi router 1. These profiles I used for testing purposes are different combinations between switching only, NAT routing, Wi-Fi and LTE by connecting a phone via USB. Product Information The Mikrotik hAP ac² router has 5 Gigabit Ethernet ports, one with PoE, Wi-Fi and USB for 3G/4G support. Technical details 2: Description Configuration Product Name Mikrotik hAP ac² Product Page https://mikrotik.com/product/hap_ac2 Architecture 32 bit ARM OS RouterOS (https://wiki.mikrotik.com/wiki/Manual:TOC) RAM 128 MB Storage 16 MB Flash Ethernet 5 x 10/100/1000 Mbps ports Wireless 2.4 GHz (300 Mbps), 802.11b/g/n 5 GHz (867 Mbps), 802.11a/n/ac USB 1 port, can be used for tethering Power 12-28 V input, max. 21 W Usage Reset Reset the RouterOS configuration: ...

Introduction This post explains how you can manually open a LUKS encrypted logical volume, which can be useful if your encrypted system does not properly boot and you are trying to fix it from a live Linux or if you want to access an encrypted disk from another system. The following steps were performed using the live Linux Grml 1 on a system with LUKS full disk encryption that contains one volume group and several logical volumes. More information can be found in the manpages of the used tools 2 3 4 5 6. ...

Introduction There are a ton of ways to copy data between two systems. You can use a file sharing service on the Internet, transfer files via your self-hosted server or even use USB drives. This blog post shows a very simple and fast solution using IPv6 link-local addresses and a network cable. These link-local addresses allow you to communicate without the need of a router, Internet, static IP configuration or a DHCP server. You just need an Ethernet cable. ...

Introduction Last year, I bought the Birdie CO₂ monitor 1 to measure my CO₂values at home. This air quality meter resembles a canary bird, referencing the days where canaries were used in coal mines to detect deadly carbon monoxide. When these stopped singing (or even collapsed 😥), this was a sign that the air quality was poor, and the workers needed to leave the mines 2. This is how the Birdie looks when the air quality changes from good to bad and again from bad to good: ...

Introduction I recently uploaded a file to a Nextcloud instance. After the upload, I saw that the file timestamp in Nextcloud is already some months old. But I just uploaded it, right? I double checked and saw that it matches the one on my local file system. How is this possible? Is a web application really able to read the last modification timestamp of the file? Apparently. I was not aware of this. In this post, I explain how this works and why you might care about this. ...

Introduction In my last blog post (Scanning for IP-Forwarding Systems / Routers), I explained why it can be useful during pentests to identify IP-forwarding systems (also known as routers or gateways) and showcased a script that can be used to identify such systems. In this post, I’ll show how this can be done in IPv6 networks when your host has a routable IPv6 address configured. Script The script can be found on GitHub: ip6-forwarding-scanner. The usage is quite simple: ...

Introduction Systems which have IP forwarding or routing enabled (so called routers or gateways) will forward IP packets to other networks where the system is connected to. In pentests, it can be useful to search for such systems, because these systems could be used to access otherwise inaccessible networks and systems. I wrote a small script that automates this task. Script The script can be found on GitHub: ip-forwarding-scanner. The usage is quite simple: ...

Introduction The last few days, I was at the GPN22 in Karlsruhe with some friends from our LuXeria hackerspace. We participated in the CTF. Here are the solutions I wrote for the challenges we solved together. So Many Flags Description I heard you like flags, so I launched Chrome with a lot of flags so you can get your flag! The flag is in /flag.txt, and the bot will visit the HTML file you uploaded! ...

Introduction Wireshark 4.2.0 added a new functionality [1] that can be used to directly launch a web browser with the SSLKEYLOGFILE environment variable set, in order to easily sniff and decrypt TLS traffic from a started application. Howto This new feature can be found in the Tools menu and then under TLS Keylog Launcher (1). You can specify to which file where the SSLKEYLOGFILE variable should point to (2) in order to save the key material. Then, a command can be provided in the command line input field (3), which is then started with the SSLKEYLOGFILE variable set. If an application supports the SSLKEYLOGFILE mechanism [3], the TLS keys are the automatically stored in the configured file and Wireshark is able to decrypt the content (4) and show it in cleartext (5). ...

Introduction X.509 certificates are used to secure communications online by encrypting data and verifying identities, such as in HTTPS or VPNs. During penetration tests, it’s important to check if systems correctly handle cloned certificates. Cloned certificates are fake copies that look like real ones but aren’t properly signed by a trusted CA. I wrote a simple python script called dollyx509 that creates clones of X.509 certificates. Script and Usage The script can be found on GitHub: dollyx509. ...