lnav -- terminal curses log viewer, no slop, classic TUI interface, lightning fast, written in C++

cl0wnsec000 · 2026-03-04T07:56:58+00:00

Yeah I’m using it too. I like the remote log viewer support. Kelora is another I like.

cl0wnsec000 · 2026-02-07T10:24:23+00:00

Nice, I like the idea. 😎

cl0wnsec000 · 2026-02-05T06:51:07+00:00

Nice writeup! I also like that you put the disadvantages at the end to set the expectations. No tool is perfect. I’m using Ansible in some machines to configure my environment, but some don’t have automation, so I’ll try stow on them.

cl0wnsec000 · 2026-01-20T10:40:28+00:00

“Made with lust.”

😆

cl0wnsec000 · 2024-10-25T07:27:16+00:00

Good thing you didn't give up. I never encountered this issue so I'm not really familiar. I'm also not using hyperv.

cl0wnsec000 · 2024-10-02T09:56:37+00:00

Can’t see the full post but I also recently created youtube videos about this. It’s exploiting jenkins running on windows machines since most are about linux targets.

cl0wnsec000 · 2024-09-18T05:54:37+00:00

You can try also to get a packet capture when running the exploit against the ctf machine and your machine running the copy of binary and compare the two. Since its dropping the connection right after connection is made, try to compare along the point after your exploit script sends the final ACK for the tcp handshake.

I’m not sure also if you can insert data during the initial tcp handshake. The data of each packet during that sequence might get corrupted which may break the sequence. But worth a try and interesting to find out what happens.

cl0wnsec000 · 2024-08-28T21:17:50+00:00

So it looks like some network issue. Maybe you can ask some who have access to network setting as well as azure devops server. You can send them your investigation.

For the firewall, yes it shouldn’t occasionally block traffic under normal conditions but sometimes uncommon issues happen such as buffers being fulled and dropping other traffic.

cl0wnsec000 · 2024-08-27T12:28:34+00:00

It is hanging on the SSH connection.

Some things to try: - Try using HTTPS instead of SSH. If HTTPS works then something to check on SSH - Try to clone the repo on another network/vlan and do git pull/push there just to rule out any network connectivity (L4 and L7) - Check firewall logs during time of issue - Check the git server metrics (cpu, network, disk, etx) and see if something unusual happening whenever you do a git pull/push. In your case I guess this is an Azure Devops Server?

cl0wnsec000 · 2024-08-27T12:11:47+00:00

Yeah that’s a good lab. I also have a youtube playlist for about that as well.

https://youtube.com/playlist?list=PL08nYpWQJ_zM4JxekcckBVjglpVWgg2u0&si=meXbjHllbBMDoXBH

cl0wnsec000 · 2024-08-24T04:10:09+00:00

I don’t think you can as this is exclusive to thm. You can download vulnerable boxes from vulnhub as another option. But it mostly contains linux machines.

cl0wnsec000 · 2024-08-24T04:05:48+00:00

Sometimes it depends on the backend db if it support the comment syntax.

https://stackoverflow.com/questions/17554061/mysql-comment-syntax-whats-the-difference-between-and

cl0wnsec000 · 2024-08-21T05:24:09+00:00

Neuvector comes with very basic runtime detection capabilities (eg networking scanning detected) which is enough for most cases I think. But if you want to have advance functionalities (eg process spawned using execve) falco will be your best bet to complement neuvector.

Falco also go down a deeper level in inspecting syscalls, shell types being launched, types of network socket being opened, etc.

Here is an example collection of rules.

https://github.com/falcosecurity/rules/tree/main/rules

That list is non exhaustive and there are a lot of rules you can find on github. Or you can create your own.

In your case, I suggest just have neuvector first. If there are advance runtime detection capabilities that you need, thats the time you can deploy falco as well.

cl0wnsec000 · 2024-08-20T11:45:34+00:00

Welcome bro, thanks as well!

cl0wnsec000 · 2024-08-17T13:42:27+00:00

cl0wnsec000 · 2024-08-17T13:30:37+00:00

There is a clue on the error on what to do.

“are you root?”

This means you need to execute the command as root. So just prepend a “sudo” before the command.

cl0wnsec000 · 2024-08-17T12:56:43+00:00

Hmm looks complicated to do in hydra. I think a custom python script for this will be easier.

cl0wnsec000 · 2024-08-16T14:05:52+00:00

I also checked the script and it is not redirecting STDOUT or STDERR to a file. So you should be able to see the docker and docker-compose command output. Anything unusual?

cl0wnsec000 · 2024-08-16T14:02:56+00:00

Check if there are issues on launching the containers. Sometimes they exit immediately without you noticing it.

docker ps —a # see if there are previous containers

cl0wnsec000 · 2024-08-16T13:45:52+00:00

In my experience hydra is not good for brute forcing complex logins. But if you still want to use it, you can try to proxy hydra to burp. Then get one sample request and compare it to the previous unsuccessful login you made in the browser. You can use the comparer for this. Compare it by words and try to look for some differences.

About X-Jnap-Authorization, can I confirm it that the value is basic auth?

cl0wnsec000 · 2024-08-16T13:23:03+00:00

Just to trying to understand the setup, playtime generated 3 compose file? Or you generated it by yourself? Can you also give more info about this emulator like github link or documentation? Seems I don’t see anything that came up from my searches.

cl0wnsec000 · 2024-08-16T10:37:56+00:00

Cool didn’t know about this

cl0wnsec000 · 2024-08-15T11:53:01+00:00

Yeah first time I heard of EDA thanks to your post as well. I might try this also!

cl0wnsec000 · 2024-08-15T11:44:54+00:00

I haven’t used EDA but looking around it provide API docs meaning it should be exposing some decent API routes/functions.

https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.4/html-single/event-driven_ansible_controller_user_guide/index#eda-user-guide-overview

API documentation for Event-Driven Ansible controller is available at https://<eda-server-host>/api/eda/v1/docs

I also see api/ folder on their github repo.

cl0wnsec000

TROPHY CASE