Introduction When you don’t have Internet connection during a web application pentest and you still want to install some BApps in the Burp Suite, you have to download them manually from the BApp Store. If you use a lot extensions, this can be a tedious task. It’s possible to download all BApps using a little script to simplify this task. Script The following script can be used to download all Burp Suite BApps from the BApp Store: ...

Introduction In pentests, connecting devices to your own network can be very useful. This enables you to exfiltrate data, download tools, analyze the network traffic and even use a transparent HTTP proxy to intercept and manipulate traffic between the devices and servers. This approach helps finding potential security weaknesses in applications and network communications. In order to make this process easier, I created a script 802.11evil that starts a new Wi-Fi network which can then be used to analyze the network traffic of the connected clients and also perform some VPN bypasses. ...

Introduction Humble Book Bundle [1] has often very cool books about IT, hacking, security, programming, Linux, Unix, science and other geeky stuff. Sadly there is no reliable way to download all books. This post shows how you can download all books in a quick and reliable way using a bookmarklet. Precondition Of course, first you need to buy the Humble Book Bundle. For this example, I use the “Secure Your Stuff by Apress” Humble Book Bundle: ...

Introduction I was recently playing around with DNSSEC and figured out that the root DNS zone . uses NSEC and not NSEC3 to prove the absence of a resource record. This looked interesting to me and triggered some ideas. So I did some experiments and here are the results. TL;Dr: The most interesting facts: The root DNS zone uses NSEC can be therefore be DNSSEC zone walked There are more than 1500 TLDs More than 90% of all TLDs haven DNSSEC configured The most used algorithm for signing DNS zones is RSA/SHA-256 53 TLDs also use NSEC and can therefore also be DNSSEC zone walked Note: The results may not be exactly accurate because it was not always verified if every query was always successful. ...

Introduction In pentests, you often need to create X.509 certificates (e.g. for TLS) or Certificate Authorities (CAs) to mimic secure environments during your tests. Manually generating these certificates with tools like openssl can be time-consuming and error-prone, especially when you’re in a hurry. Who remembers all these commands? Whether you’re setting up a fake webserver for data exchange, a proxy setup, a machine-in-the-middle (MITM) attack, testing secure connections, or creating your own CA chain, manually generate these certificates should not take much time. ...

Introduction There was an advent calendar on http://xmas.rip/ that had a little network riddle every day: The riddles are very fun. I solved all except for the one on day 22. Here are my solutions. 1/TCP Day 1: Connect to port 1 using ncat and the -C option to send proper CRLF linebreaks. Sadly, the service does not support the HELP command that would output all services: $ ncat -C xmas.rip 1 HELP -Service name not found Ncat: Broken pipe. Start the wishlist service using the wishlist command: ...

Introduction WireGuard is a relatively new open-source software for creating VPN tunnels on the IP layer using state of the art cryptography. I attended a self-organized session by the creator and developer Jason Donenfeld at the 34c3 who explained how WireGuard works and how it can be used. I was quite impressed by it’s simplicity and gave it a try. It worked more or less out of the box. Now I created a more advanced setup for accessing my home network. ...

Introduction The RFC 4648 (The Base16, Base32, and Base64 Data Encodings) defines different methods to encode binary data. Every Unix like system has the tool base64 installed to encode and decode data using the base64 alphabet. This alphabet includes the characters A-Z, a-z, 0-9, +, / for the data and = for padding. The base16 encoding scheme, better known as hex encoding, uses the alphabet 0-9 and A-F. This encoding is case-insensitive. The GNU coreutils do not include a base16 tool. I searched for a hex encoding and decoding tool with the same functionality as base64 without success. That’s why I wrote a script so I can use it to hex encode and decode binary data. Basically, it’s a wrapper around some Perl code. ...

Introduction If you take a photo with your Jolla phone, the date and time is not saved in the EXIF data. I like to have these data stored in my pictures, so they can easy be renamed. I wrote a script to add the date and time to the EXIF data based on the timestamp on the filesystem. Script The script does the following: Add the EXIF timestamp according to the filesystem timestamp Renames the photo like YYYY-mm-dd_HH-MM-SS Rotates the photo correctly Here is the script: ...

Introduction This post describes an installation of Arch Linux with GPT (GUID partition table), LUKS (Linux Unified Key Setup) and LVM (Logical Volume Manager) with the basic graphical window manager i3. LVM is set up on top of LUKS. Systemd-boot is used as an EFI compatible boot manager. I wrote this post, so next time I don’t have to search all the information in the Arch Linux Wiki. For more details, consult the links in the reference section. ...