beardyjay.co.uk

My main website source code, uses Hugo.
Log | Files | Refs

commit 9c4cf78082e36736fb0fda284124872bbe8da591
parent faed8443eee8a14a4a6b1732877271d6ea302ee8
Author: Jay Scott <jay@beardyjay.co.uk>
Date:   Thu,  4 Apr 2019 13:00:41 +0100

redoing site theme

Diffstat:
A.gitmodules | 3+++
Aarchetypes/default.md | 6++++++
Aconfig.toml | 63+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Acontent/about.md | 34++++++++++++++++++++++++++++++++++
Acontent/projects/ansible_aws_vpc_role.md | 23+++++++++++++++++++++++
Acontent/projects/aws_ami_security_research.md | 34++++++++++++++++++++++++++++++++++
Acontent/projects/docker_images.md | 28++++++++++++++++++++++++++++
Acontent/projects/gnu_make_dotfile_management.md | 26++++++++++++++++++++++++++
Acontent/projects/linux_gaming_aggregate.md | 27+++++++++++++++++++++++++++
Acontent/projects/linux_gaming_alexa_skill.md | 24++++++++++++++++++++++++
Acontent/projects/trawlling_gliffy.md | 71+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
RLICENSE -> old/LICENSE | 0
RMakefile -> old/Makefile | 0
RREADME.md -> old/README.md | 0
Rbuild_pages -> old/build_pages | 0
Rdata/old.txt -> old/data/old.txt | 0
Rdata/projects.txt -> old/data/projects.txt | 0
Rlayout/footer.html -> old/layout/footer.html | 0
Rlayout/header.html -> old/layout/header.html | 0
Rposts/about.md -> old/posts/about.md | 0
Rposts/aws_ami_security_research.md -> old/posts/aws_ami_security_research.md | 0
Rposts/gnu_make_dotfile_management.md -> old/posts/gnu_make_dotfile_management.md | 0
Rposts/i_got_a_wifi_pineapple.md -> old/posts/i_got_a_wifi_pineapple.md | 0
Rposts/project_ideas.md -> old/posts/project_ideas.md | 0
Rposts/static_site_generator_bloat.md -> old/posts/static_site_generator_bloat.md | 0
Rposts/trawlling_gliffy.md -> old/posts/trawlling_gliffy.md | 0
Cstatic/favicon.ico -> old/static/favicon.ico | 0
Aold/static/files/ami_search.py | 37+++++++++++++++++++++++++++++++++++++
Aold/static/files/security/Big-Lick-File-Manager.txt | 48++++++++++++++++++++++++++++++++++++++++++++++++
Aold/static/files/security/Big-Lick-Mailing-List.txt | 23+++++++++++++++++++++++
Aold/static/files/security/Big-Lick-Website-Backup.txt | 50++++++++++++++++++++++++++++++++++++++++++++++++++
Aold/static/files/security/Caught in a Honeypot - The Analysis.pdf | 0
Aold/static/files/security/Million-Dollar-Text-Links-exploit.txt | 63+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aold/static/files/security/PHP-SiteLock-exploit.txt | 73+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aold/static/files/security/arcade-trade-script-exploit.txt | 68++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aold/static/files/security/aterr-exploits.txt | 101+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aold/static/files/security/filecopa-exploit.txt | 65+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aold/static/files/security/star-articles-exploit.txt | 66++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aold/static/files/security/trawling_gliffy_for_sensitive_data.pdf | 0
Aold/static/img/logo.png | 0
Rstatic/img/rants/aws_ami_1.png -> old/static/img/rants/aws_ami_1.png | 0
Rstatic/img/rants/aws_ami_2.png -> old/static/img/rants/aws_ami_2.png | 0
Rstatic/img/rants/bloat-hexo.png -> old/static/img/rants/bloat-hexo.png | 0
Rstatic/img/rants/bloat-jekyll.png -> old/static/img/rants/bloat-jekyll.png | 0
Rstatic/img/rants/bloat-next.png -> old/static/img/rants/bloat-next.png | 0
Rstatic/img/rants/bloat-nuxt.png -> old/static/img/rants/bloat-nuxt.png | 0
Rstatic/img/rants/wifipine.png -> old/static/img/rants/wifipine.png | 0
Aold/static/img/wallpaper.png | 0
Aresources/_gen/assets/scss/scss/coder.scss_fd4b5b3f9a48bc0c7f005d2f7a4cc30f.content | 412+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aresources/_gen/assets/scss/scss/coder.scss_fd4b5b3f9a48bc0c7f005d2f7a4cc30f.json | 2++
Astatic/favicon-16x16.png | 0
Astatic/favicon-32x32.png | 0
Mstatic/favicon.ico | 0
Astatic/img/projects/alexa_skill_1.png | 0
Astatic/img/projects/alexa_skill_2.png | 0
Astatic/img/projects/ansible_vpc_role_1.png | 0
Astatic/img/projects/aws_ami_1.png | 0
Astatic/img/projects/aws_ami_2.png | 0
Astatic/img/projects/dockerimages_1.png | 0
Astatic/img/projects/dockerimages_2.png | 0
Astatic/img/projects/linux_gaming_agg1.png | 0
Astatic/img/projects/linux_gaming_agg2.png | 0
Athemes/hugo-coder | 1+
63 files changed, 1348 insertions(+), 0 deletions(-)

diff --git a/.gitmodules b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "themes/hugo-coder"] + path = themes/hugo-coder + url = https://github.com/luizdepra/hugo-coder.git diff --git a/archetypes/default.md b/archetypes/default.md @@ -0,0 +1,6 @@ +--- +title: "{{ replace .Name "-" " " | title }}" +date: {{ .Date }} +draft: true +--- + diff --git a/config.toml b/config.toml @@ -0,0 +1,63 @@ +baseurl = "https://beardyjay.co.uk" +title = "beardyjay.co.uk" +theme = "hugo-coder" +languagecode = "en" +defaultcontentlanguage = "en" + +paginate = 20 +canonifyurls = true + +PygmentsStyle = "monokai" +pygmentscodefences = true +pygmentscodefencesguesssyntax = true + +[params] + author = "Jay Scott" + info = "AWS DevOps Engineer & Linux Specialist" + description = "Simplicity is the ultimate sophistication." + keywords = "devops,cloudops,aws" + avatarurl = "img/logo.png" + favicon_32 = "/favicon-32x32.png" + favicon_16 = "/favicon-16x16.png" + + footercontent = "Simplicity is the ultimate sophistication." + + + dateFormat = "2006" + hidecredits = true + hidecopyright = true + rtl = false + math = false + custom_css = ["css/custom.css"] + +# Social links +[[params.social]] + name = "Github" + icon = "fab fa-github fa-2x" + weight = 1 + url = "https://github.com/beardyjay/" +[[params.social]] + name = "DockerHub" + icon = "fab fa-docker fa-2x" + weight = 2 + url = "https://cloud.docker.com/u/beardyjay/" +[[params.social]] + name = "Linkedin" + icon = "fab fa-linkedin fa-2x" + weight = 3 + url = "https://www.linkedin.com/in/beardyjay" +[[params.social]] + name = "Twitter" + icon = "fab fa-twitter fa-2x" + weight = 4 + url = "https://twitter.com/beardyjay/" + +# Menu links +[[menu.main]] + name = "Projects" + weight = 3 + url = "/projects/" +[[menu.main]] + name = "About" + weight = 1 + url = "/about/" diff --git a/content/about.md b/content/about.md @@ -0,0 +1,34 @@ ++++ +title = "My life In a nutshell" +slug = "about" ++++ + +* Got a 386, installed Slackware +* The world of hacking(good type) began +* Left high school +* Worked as a [ASP](https://en.wikipedia.org/wiki/Active_Server_Pages) developer +* Went to college +* Played with a lot of [crackme's](https://en.wikipedia.org/wiki/Crackme) +* Website named UK hacker book +* Got a HNC: computing +* Wrote an exam paper for college, no joke +* Got a HND: software development +* Website removed from hacker book (lol) +* Went to uni and got a computer science degree, learnt more in college tbh! +* Created a [honeypot +network](https://git.beardyjay.co.uk/ssh_honeypot/files.html) +* Worked at an ISP as a Linux sysadmin +* Worked in a data centre as as NOC/Linux admin +* Learned automation Chef/Ansible etc +* Switched over to a new job doing DevOps +* First conference, +[LinuxCon](https://events17.linuxfoundation.org/events/archive/2013/linuxcon-europe) +* Tracked a hacker group with some aussie feds via my honeypot network +* Tool I made named in a [security book](https://www.amazon.co.uk/Open-Source-Intelligence-Techniques-INFOrmation/dp/149427535X)! +* [LPI](https://www.lpi.org/) certified!, LFCS-1500-0294-0100! +* Hello docker! +* Went to [Securi-Tay](https://securi-tay.co.uk/)....meh +* New DevOps role +* ... so much stuff during this part ... +* [AWS](https://aws.amazon.com/certification/) certified! +* Wrote this stuff. diff --git a/content/projects/ansible_aws_vpc_role.md b/content/projects/ansible_aws_vpc_role.md @@ -0,0 +1,23 @@ ++++ +date = "2018-01-10" +title = "Ansible AWS VPC Role" +slug = "ansible-aws-vpc-role" +tags = [] +categories = [] ++++ + +[**Github Source**](https://github.com/beardyjay/ansible_aws_vpc) + +> Ansible role I created for provisioning an AWS VPC with multiple subnets, internet & NAT +gateways and routing. Include this role within your playbook to easily +provision a complete AWS VPC. + +**Tech Stack** + +* Ansible +* AWS VPC + +**Screenshot** + +![screenshot](/img/projects/ansible_vpc_role_1.png) + diff --git a/content/projects/aws_ami_security_research.md b/content/projects/aws_ami_security_research.md @@ -0,0 +1,34 @@ ++++ +date = "2017-12-01" +title = "AWS AMI Security Research" +slug = "aws-ami-security-research" +tags = [] +categories = [] ++++ + +I was shocked to see how many public AMI were to be found containing private data. Amazon Machine Images are basically a VM skeleton containing a **root volume**, **access information** and **block device mapping**. Having an AMI makes deploying custom instances really easy and also enables other services such as Auto scaling possible. + +**What is problem?** + +By default when you create a AMI they are set to private meaning that only you can access these, this is good! However, if the AMI is set to public it means that anyone can deploy a EC2 instance based on your custom AMI which will include the root volume you attached to it. + +Amazon allow you to search for AMI’s that have been made public either via the AWS CLI tool or via the AWS console. Doing a search for AMIs for keywords like **internal**, **data** or **customer** returns a surprising amount of results. You can also dump all the public AMI data via the AWS CLI and parse/search it as you like. + +![screenshot](/img/projects/aws_ami_1.png) + +Below is a screenshot of a AMI tagged as **internal** deployed on a t2.micro. It shows the bash history of everything that was done. This was just one of many images that I found like this so if you have any AMI’s on AWS then please double check and make sure they are set to private else you may be exposing some critical data! + +![screenshot](/img/projects/aws_ami_2.png) + +When I was looking into this I found loads of data such as: + +* API tokens +* Bash history +* MySQL username & passwords +* Username & passwords +* Source code for applications +* SSH Private keys (.ppk) + +**What can I do?** + +Amazon provide a [best practice guide](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html) on how to share AMI’s so have I a look at this if you are actually wanting to share a AMI. AMIs are region specific and this means that other AWS regions may have other AMIs so its worth checking them all. To make this easier for you I have created a python script which will search all [AWS regions](http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region) and list any that are public. You can download the script directly from here - [AMI public search script](https://beardyjay.co.uk/files/ami_search.py). diff --git a/content/projects/docker_images.md b/content/projects/docker_images.md @@ -0,0 +1,28 @@ ++++ +date = "2018-09-10" +title = "Docker Images" +slug = "docker-images" +tags = [] +categories = [] ++++ + +[**Github Source**](https://github.com/beardyjay/dockerimages) | [**Dockerhub**](https://cloud.docker.com/u/beardyjay/) + +> A varied selection of docker images I have created and maintain, these are heavily focused on +security and operations tooling. The pre-built images can be found on my +Dockerhub profile page. + +**Docker Images** + +* Asterisk +* DNSRecon +* HTCap +* Mailcatcher +* TheHarvester +* Warvox + +**Screenshots** + +![screenshot](/img/projects/dockerimages_1.png) +![screenshot](/img/projects/dockerimages_2.png) + diff --git a/content/projects/gnu_make_dotfile_management.md b/content/projects/gnu_make_dotfile_management.md @@ -0,0 +1,26 @@ ++++ +date = "2017-11-01" +title = "GNU Make Dotfile Management" +slug = "gnu-make-dotfile-management" +tags = [] +categories = [] ++++ + +Everyone knows about pushing your dotfiles to [github](https://github.com)/[bitbucket](https://bitbucket.com) or whatever version control provider you like best but not many people implement a way to copy or link the dotfiles. + +Lots of people use [bloated](https://rubygems.org/gems/dotfiles) [gems](https://github.com/technicalpickles/homesick) to manage the linking or even write their own. For me though these are just over-engineered for my needs and completely unnecessary. My solution is to use a tool that will be already on everyone's machine (most likely) [GNU/Make](http://www.gnu.org/software/make/) - nice and straight forward! + +Below is a copy of my Makefile which I used to keep my desktop and my laptop in sync. You can also find it on my [git account](http://git.beardyjay.co.uk/dotfiles). + +**Makefile** + +```bash +DOTFILES = $(shell pwd) +all : linkfiles linkfolders linkmisc +linkfiles:: bashrc vimrc xinitrc Xresources + for file in $^; do ln -fs $(DOTFILES)/$$file ${HOME}/.$$file; done +linkfolders:: vim ncmpcpp + for folder in $^; do ln -fns $(DOTFILES)/$$folder ${HOME}/.$$folder; done +linkmisc:: bin dwm + for folder in $^; do ln -fns $(DOTFILES)/$$folder ${HOME}/$$folder; done +``` diff --git a/content/projects/linux_gaming_aggregate.md b/content/projects/linux_gaming_aggregate.md @@ -0,0 +1,27 @@ ++++ +date = "2018-10-10" +title = "Linux Gaming Aggregate" +slug = "linux-gaming-aggregate" +tags = [] +categories = [] ++++ + +[**Github Source**](https://github.com/beardyjay/linuxgaming) + +> A web application focused on Linux gaming news. +> Collects and stores information from various sources such as Twitch & Youtube API's and RSS feeds with a MongoDB collection. + +**Tech Stack** + +* Python 3.6 +* Flask +* MongoDB +* Amazon AWS EBS +* Gitlab CI +* SemanticUI + +**Screenshots** + +![screenshot](/img/projects/linux_gaming_agg1.png) +![screenshot](/img/projects/linux_gaming_agg2.png) + diff --git a/content/projects/linux_gaming_alexa_skill.md b/content/projects/linux_gaming_alexa_skill.md @@ -0,0 +1,24 @@ ++++ +date = "2018-08-10" +title = "Linux Gaming Alexa Skill" +slug = "linux-gaming-alexa-skill" ++++ + +[**Github Source**](https://github.com/beardyjay/linux_gaming_skill) | [**Amazon Store**](https://www.amazon.co.uk/beardyjay-Linux-Gaming-News/dp/B07C9V3NSH/) + +> With a simple Alexa command this skill fetches and parses the +> latest articles posted on the popular Linux gaming site gamingonlinux.com. + +**Tech Stack** + +* Python 2.7 +* Zappa +* Lambda +* AWS Alexa Developer Tools +* Amazon AWS Cloudformation + +**Screenshots** + +![screenshot](/img/projects/alexa_skill_1.png) +![screenshot](/img/projects/alexa_skill_2.png) + diff --git a/content/projects/trawlling_gliffy.md b/content/projects/trawlling_gliffy.md @@ -0,0 +1,71 @@ ++++ +date = "2016-08-03" +title = "Trawling Gliffy for Sensitive Data" +slug = "trawling-gliffy-for-sensitive-data" +tags = [] +categories = [] ++++ + +Gliffy.com is a tool that allows you to draw various diagrams ranging from flowcharts to network diagrams. Gliffy has various tiers of membership, the one that we are interested in is the free tier - the limitation of this tier is that your diagrams are marked as read only to the public. + + +## The Issue + +When you create a new diagram a unique identifier (ID) is assigned to that diagram, you would think that the ID would be randomly generated, however, this is not the case. All that Gliffy seem to do is increment the previously generated ID by 1, no matter if its a private or public diagram. + +If you come across a diagram which is private you get an "Unauthorized" message with a 401 HTTP status code. Also, if the user has removed the diagram and you then try to access the ID, you will get an "Not Found" error and a 404 HTTP status code. + +Using these helpful error codes, it is a trivial process to [create a script](http://fpaste.org/251177/38639697/) to download any diagram that has not been set to private or hasn't been removed by the user. Relying on human error, and with the help of Gliffy's ID generation, let's see what we can find... + +## The Results + +After a I looked at a few random ID's, it seemed to be that any diagrams created with a 8XXXXXX ID were first created in late 2014 until 2015, so that's the range I've stuck with. After creating a bash script, running it over a 4 hour period I managed to find and download **3,252** public diagrams from a total of **26,000** ID's scanned. Initially I cherry picked a few diagrams and the results were eye opening, ranging from full network diagrams to user authentication processes containing username / passwords. + +**Example 1**: + +This redacted diagram showed a wealth of information such as: + + - Public IP Address + - Private IP Address + - Company Name + - Company Remote Locations + - Line Numbers (Ref) + + +**REMOVED** + +**Example 2**: + +I had to heavily redacted this particular diagram as it was one of most technically rich diagrams from the sample I downloaded. + + - Public IP Address + - Private IP Address + - Firewall Rules + - IPSec Tunnel Information + - Company branding + - Company Name + - Company Remote Locations + +**REMOVED** + +## The Fix + +Don't use the free account for real world diagrams. + +Gliffy could help the situation by not making the IDs so linear. I did contact Gliffy to ask if they had any intention on fixing the way the IDs are generated to reduce this risk, I received this reply: + +> Hi Jay, +> +> Thanks for using Gliffy. We unfortunately do not have any current +> plans to change this. +> +> We have voted for it on your behalf in our public forum located here: +> http://support.gliffy.com/entries/20133138-Make-public-document-URLs-much-harder-to-guess-or-brute-force-attack +> +> We take these requests very seriously. The votes and comments these +> receive help us to gauge public interest and assist us in allocating +> resources for future development. +> +> Thank you, Katy + +So it appears that Gliffy have known about this issue since 2011 when it was first brought up on there forums. If they haven't "fixed" it in 4 years I suspect they never will... diff --git a/LICENSE b/old/LICENSE diff --git a/Makefile b/old/Makefile diff --git a/README.md b/old/README.md diff --git a/build_pages b/old/build_pages diff --git a/data/old.txt b/old/data/old.txt diff --git a/data/projects.txt b/old/data/projects.txt diff --git a/layout/footer.html b/old/layout/footer.html diff --git a/layout/header.html b/old/layout/header.html diff --git a/posts/about.md b/old/posts/about.md diff --git a/posts/aws_ami_security_research.md b/old/posts/aws_ami_security_research.md diff --git a/posts/gnu_make_dotfile_management.md b/old/posts/gnu_make_dotfile_management.md diff --git a/posts/i_got_a_wifi_pineapple.md b/old/posts/i_got_a_wifi_pineapple.md diff --git a/posts/project_ideas.md b/old/posts/project_ideas.md diff --git a/posts/static_site_generator_bloat.md b/old/posts/static_site_generator_bloat.md diff --git a/posts/trawlling_gliffy.md b/old/posts/trawlling_gliffy.md diff --git a/static/favicon.ico b/old/static/favicon.ico Binary files differ. diff --git a/old/static/files/ami_search.py b/old/static/files/ami_search.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python +# +# Search all of your own AMIs for any that are public on +# all known regions. +# +# jay@beardyjay.co.uk +# + +import boto.ec2 +import os +import sys + +access_key = "enter key" +access_id = "enter id" + +fmt = '{0:15} {1:15} {2:15} {3:20}' + +# Dont use boto to get regions as some return 401, gov regions +regions = ['us-east-1','us-west-1','us-west-2','eu-west-1','sa-east-1', + 'ap-southeast-1','ap-southeast-2','ap-northeast-1', + 'ap-northeast-2','eu-central-1'] + +print(fmt.format("Name", "ID", "State", "Region")) +for region in regions: + ec2_connection = boto.ec2.connect_to_region(region, + aws_secret_access_key=access_key, + aws_access_key_id=access_id) + + images = ec2_connection.get_all_images( + owners='self', + filters={ + 'is_public': 'true', + }, + ) + + for image in images: + print(fmt.format(image.name,image.id,image.state,region)) diff --git a/old/static/files/security/Big-Lick-File-Manager.txt b/old/static/files/security/Big-Lick-File-Manager.txt @@ -0,0 +1,48 @@ + + +Name Big Lick Media: FIle Manager +Severity High +Vendor www.biglickmedia.com +Authors jay@jayscott.co.uk +Date 10th Jan 2009 +Status Vendor has NOT been informed + + +DESCRIPTION + +Multiple vulnerabilities affect this web application. On a side note, BLM: File +Manager seems to using the code from the GPL licenced web app PHPFM +tsk tsk... These vulnerabilities should also be present on PHPFM but this +has been untested. The vulnerabilities work in both Multi-User and +Single-User versions. + + +EXPLOIT 1 + +View any file on the server when permissions allow the web server to open them: + +To view the applications configuration file and file manager source code: + +index.php?&path=&filename=./config.php&action=edit +index.php?&path=./inc/&filename=filebrowser.php&action=edit + +Change path variable to "path" and "filename" to the file you wish +to edit ( if permissions allow) or view. + + +EXPLOIT 2 + +Delete any file on the server with poorly configured permissions: + +Delete the index.php file: + +/index.php?&path=&filename=index.php&action=delete + +Change path variable to "path" and "filename" to the file you wish +to remove. + + +EXPLOIT 3 + +Creating a user, set the default folder to /etc for example and you can view the +contents of this folder. Not so good for shared hosting environment. diff --git a/old/static/files/security/Big-Lick-Mailing-List.txt b/old/static/files/security/Big-Lick-Mailing-List.txt @@ -0,0 +1,23 @@ + + +Name Big Lick Media: Mailing List +Severity High +Vendor www.biglickmedia.com +Authors jay@jayscott.co.uk +Date 10th Jan 2009 +Status Vendor has NOT been informed + + +DESCRIPTION + +Poor coding allows anyone to download a file on the host without +requiring authentication. + + +EXPLOIT + +Simply go to the following address in a web browser. Change the file +variable to the file you wish to download. + +<path to application>/dl.php?file=/etc/fstab + diff --git a/old/static/files/security/Big-Lick-Website-Backup.txt b/old/static/files/security/Big-Lick-Website-Backup.txt @@ -0,0 +1,50 @@ + + +Name Big Lick Media: Website Backup +Severity High +Vendor www.biglickmedia.com +Authors jay@jayscott.co.uk +Date 10th Jan 2009 +Status Vendor has NOT been informed + + +DESCRIPTION + +Poor coding allows anyone to download a file on the host without +requiring authentication. + + +EXPLOIT + +Simply go to the following address in a web browser. Change the file +variable to the file you wish to download. + +<path to application>/download.php?file=/etc/fstab + + +VULNERABLE CODE + +$filename = $_GET['file']; + +// required for IE, otherwise Content-disposition is ignored +if(ini_get('zlib.output_compression')) + ini_set('zlib.output_compression', 'Off'); + +$file_extension = strtolower(substr(strrchr($filename,"."),1)); + +switch( $file_extension ) +{ + case "gz": $ctype="application/x-gzip"; break; + case "zip": $ctype="application/zip"; break; + default: $ctype="application/download"; +} +header("Pragma: public"); // required +header("Expires: 0"); +header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); +header("Cache-Control: private",false); // required for certain browsers +header("Content-Type: $ctype"); +header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" ); +header("Content-Transfer-Encoding: binary"); +header("Content-Length: ".filesize($filename)); +readfile("$filename"); +exit(); diff --git a/old/static/files/security/Caught in a Honeypot - The Analysis.pdf b/old/static/files/security/Caught in a Honeypot - The Analysis.pdf Binary files differ. diff --git a/old/static/files/security/Million-Dollar-Text-Links-exploit.txt b/old/static/files/security/Million-Dollar-Text-Links-exploit.txt @@ -0,0 +1,63 @@ + + + Million Dollar Text Links + Authentication bypass + =========================== + + + + + APP SUMMARY + ____________ + + Now that the market is overcrowded with million dollar graphic + pages where the users get links back to their site, here is how + you can add your "twist" to encash the million dollar craze. + Use this script to generate adsense revenue, promote your + links, get backward links to your site or simply to manage your + link exchange. + + + + IMPACT + _______ + + Leads to full administration rights of the admin panel. + + + + VERSIONS + _________ + + Vulnerable systems: All versions + + Immune systems: None + + + + DESCRIPTION #1 + ______________ + + No authentication checks on the admin home page allows anyone to + just browse to the admin contol panel and bypass the login + procedure. + + + Proof of Concept: + -> http://www.kalptarudemos.com/demo/million/admin.home.php + + Fix: + -> None given. + + + + ADDITIONAL INFO + _______________ + + + Vendor URL - http://www.cmsnx.com/product.about.php?id=12 + Underlying OS - Linux (Any), UNIX (Any), Windows (Any) + Credit - Jay Scott <jay@jayscott.co.uk + Message History - Vendor Contacted. + No reply after 30 days + diff --git a/old/static/files/security/PHP-SiteLock-exploit.txt b/old/static/files/security/PHP-SiteLock-exploit.txt @@ -0,0 +1,73 @@ + + + PHP SiteLock + Insecure Cookie Handling + =========================== + + + + + SUMMARY + ________ + + PHP Site Lock: A highly secure website login script which has + features like User Authentication & Management, Website + Password Protection , protection of pdf , images , etc. + + + + IMPACT + _______ + + Leads to full administration rights of the admin panel. + + + + VERSIONS + _________ + + Vulnerable systems: All versions + + Immune systems: None + + + + DESCRIPTION #1 + ______________ + + Insecure cookie handling allows anyone to simply create a custom cookie + with the values below. This will allow full access to the admin panel. + + Name - user_type + Content - admin + Path - / + + Name - login_name + Content - admin + Path - / + + Name - login_id + Content - 0 + Path - / + + + Proof of Concept: + -> javascript:document.cookie="user_type=admin; path=/" + -> javascript:document.cookie="login_name=admin; path=/" + -> javascript:document.cookie="login_id=0; path=/" + + Fix: + -> None given. + + + + ADDITIONAL INFO + _______________ + + + Vendor URL - www.phpsitelock.com + Underlying OS - Linux (Any), UNIX (Any), Windows (Any) + Credit - Jay Scott <jay@jayscott.co.uk + Message History - Vendor Contacted. + No reply after 30 days + diff --git a/old/static/files/security/arcade-trade-script-exploit.txt b/old/static/files/security/arcade-trade-script-exploit.txt @@ -0,0 +1,68 @@ + + + Arcade Trade Script + Insecure Cookie Handling + =========================== + + + + + SUMMARY + ________ + + Arcade Trade Script is a full arcade site CMS (Content Management System) + with easy customization and advanced traffic trading system built in. + With ATS you will hardly ever have to FTP anything. Almost all files, + pages, and meta tags can be edited from the admin panel. ATS is extremely + easy to use and works for both regular arcades and full blown traffic + trading arcades. + + Please note that this issue has now been fixed! + + + + IMPACT + _______ + + Leads to full administration rights on the CMS admin panel. + + + + VERSIONS + _________ + + Vulnerable systems: ATS versions prior to 1.0 + + Immune systems: None + + + + DESCRIPTION #1 + ______________ + + Insecure cookie handling allows anyone to simply create a custom cookie + with the values below. This will allow full access to the admin panel. + + Name - adminLoggedIn + Content - true + Path - / + + + Proof of Concept: + -> javascript:document.cookie="adminLoggedIn=true; path=/" + + Fix: + -> None given. + + + + ADDITIONAL INFO + _______________ + + + Vendor URL - www.arcadetradescript.com + Underlying OS - Linux (Any), UNIX (Any), Windows (Any) + Credit - Jay Scott <jay@jayscott.co.uk + Message History - Vendor notifyied and problem fixed + the following day. + diff --git a/old/static/files/security/aterr-exploits.txt b/old/static/files/security/aterr-exploits.txt @@ -0,0 +1,101 @@ + +Aterr Forums Multiple Vulnerabilities + + + +SUMMARY +-------- + +Aterr is a threaded forum system allowing registered visitors to express +their opinions, discuss topics, and debate with other visitors. A threaded +forum system differs from regular, flat forum systems in that once posted, +a thread can fork, allowing visitors to reply directly to other posts. aterr +also provides a customisable permissions system, the ability to nest forums, +and moderation tools. + + + +IMPACT +------- + +Can lead to Disclosure of system information, Disclosure of user information +and Modification of forum setup. + + + +VERSIONS +--------- + +Vulnerable systems: + * Aterr versions prior to 0.4 + +Immune systems: + * Aterr version 0.5 + + + +DESCRIPTION #1 - Modification of Forum Setup +-------------- + +The file forums.php fails to check that an administrator has the correct +privileges to log into the admin panel and edit the forum setup such as +changing the logo, title etc. + + +Proof of Concept: + + www.yoursite.com/forums/forums.php?op=admin&sub=config + +Fix: + +Add the following too forums.php starting at line 1393 : + + 1393 : if (!permission::has_flag('forums', F_FORUM_EDIT)) + 1394 : { + 1395 : redirect('http://' . $config['domain_name'] . $config['install_path'] . forums::furl('admin')); + 1396 : } + + + +DESCRIPTION #2 - Disclosure of User Information +-------------- + +Not filtering HTML of the Topic header allows XSS exploits to be added to +any forum post. + + +Proof of Concept: + +Enter the following as a topic header: + <script>alert(document.cookie); </script> + +FIX: + +None given, upgrade to new version. + + + +DESCRIPTION #3 - Disclosure of System Information +-------------- + +No check is made to see if a vaild profile has been selected. When a invaild +profile has been requested the forum discloses full path information to the +user. + + +Proof of Concept: + + www.yoursite.com/forums/accounts.php?op=viewprofile&u= + +FIX: + +None given, upgrade to new version. + + +ADDITIONAL INFORMATION +----------------------- + +Vendor URL - http://chimaera.starglade.org +Underlying OS - Linux (Any), UNIX (Any), Windows (Any) +Credit - Jay Scott <jay@jayscott.co.uk +Message History - None diff --git a/old/static/files/security/filecopa-exploit.txt b/old/static/files/security/filecopa-exploit.txt @@ -0,0 +1,65 @@ + +FileCOPA FTP Server + + + +SUMMARY +-------- + +FileCOPA takes the hard work out of running an FTP Server. The FileCOPA +FTP Server Software installs on any version of the Microsoft Windows +operating system with just a few clicks of the mouse and automatically +configures itself for anonymous operation. + + + +IMPACT +------- + +Can lead to Denial of Service Attack and remote system access. + + + +VERSIONS +--------- + +Vulnerable systems: + * Unknown version number. + * Version released 10/11/2005 + +Immune systems: + * Version released after 28/11/2005 + + + +DESCRIPTION +------------ + +FileCOPA fails to check the CWD buffer the length of the input in +the CMD FTP command. If you pass 1036 characters to CWD it will crash +the FTP server allowing no more connections to the service. + + +Proof of Concept: + + POC C code for a DOS attack and remote access exploit was given + to the vendor. The POC is not for public release. + + +Fix: + + Upgrade to latest version. + + + + +ADDITIONAL INFORMATION +----------------------- + +Vendor URL - http://www.filecopa.com/ +Underlying OS - Windows (Any) +Credit - Jay Scott <jay@jayscott.co.uk> + +History - 18/11/05 - Vendor Contacted + - 19/11/05 - Vendor Acknowledged + - 21/11/05 - New version released diff --git a/old/static/files/security/star-articles-exploit.txt b/old/static/files/security/star-articles-exploit.txt @@ -0,0 +1,66 @@ + + + Star Articles + Insecure Cookie Handling + =========================== + + + + + SUMMARY + ________ + + Ready to use article, news, joke, tutorial site script with + more features than you can think of . . . Manage a large + collection of articles, jokes , tutorials and anything else + for your niche and get features like automatic RSS + generation , easy contents syndication , automated link + exchange and everything else (Including inbuilt 13 POWERFUL + SEO TOOLS)that MAKES YOUR LIFE EASY. + + + IMPACT + _______ + + Leads to full administration rights on the CMS admin panel. + + + + VERSIONS + _________ + + Vulnerable systems: Versions prior to 5.0 + + Immune systems: None + + + + DESCRIPTION #1 + ______________ + + Insecure cookie handling allows anyone to simply create a custom cookie + with the values below. This will allow full access to the admin panel. + + Name - admin_user + Content - admin + Path - / + + + Proof of Concept: + -> javascript:document.cookie="admin_user=admin; path=/" + + Fix: + -> None given. + + + + ADDITIONAL INFO + _______________ + + + Vendor URL - www.stararticles.com + Underlying OS - Linux (Any), UNIX (Any), Windows (Any) + Credit - Jay Scott <jay@jayscott.co.uk + Message History - No response from vendor after + 30 days. + diff --git a/old/static/files/security/trawling_gliffy_for_sensitive_data.pdf b/old/static/files/security/trawling_gliffy_for_sensitive_data.pdf Binary files differ. diff --git a/old/static/img/logo.png b/old/static/img/logo.png Binary files differ. diff --git a/static/img/rants/aws_ami_1.png b/old/static/img/rants/aws_ami_1.png Binary files differ. diff --git a/static/img/rants/aws_ami_2.png b/old/static/img/rants/aws_ami_2.png Binary files differ. diff --git a/static/img/rants/bloat-hexo.png b/old/static/img/rants/bloat-hexo.png Binary files differ. diff --git a/static/img/rants/bloat-jekyll.png b/old/static/img/rants/bloat-jekyll.png Binary files differ. diff --git a/static/img/rants/bloat-next.png b/old/static/img/rants/bloat-next.png Binary files differ. diff --git a/static/img/rants/bloat-nuxt.png b/old/static/img/rants/bloat-nuxt.png Binary files differ. diff --git a/static/img/rants/wifipine.png b/old/static/img/rants/wifipine.png Binary files differ. diff --git a/old/static/img/wallpaper.png b/old/static/img/wallpaper.png Binary files differ. diff --git a/resources/_gen/assets/scss/scss/coder.scss_fd4b5b3f9a48bc0c7f005d2f7a4cc30f.content b/resources/_gen/assets/scss/scss/coder.scss_fd4b5b3f9a48bc0c7f005d2f7a4cc30f.content @@ -0,0 +1,411 @@ +*, +*:after, +*:before { + box-sizing: inherit; } + +html { + box-sizing: border-box; + font-size: 62.5%; } + +body { + color: #585858; + background-color: #FAFAFA; + font-family: Merriweather, Georgia, serif; + font-size: 1.6em; + font-weight: 300; + line-height: 1.8em; } + @media only screen and (max-width: 768px) { + body { + font-size: 1.6em; + line-height: 1.6em; } } + +a { + font-weight: 300; + color: #B21C0E; + text-decoration: none; } + a:focus, a:hover { + text-decoration: underline; } + +p { + margin: 2.0rem 0 2.0rem 0; } + +h1, +h2, +h3, +h4, +h5, +h6 { + font-family: Lato, Helvetica, sans-serif; + font-weight: 700; + color: #585858; + margin: 6.4rem 0 3.2rem 0; } + +h1 { + font-size: 3.2rem; + line-height: 3.6rem; } + @media only screen and (max-width: 768px) { + h1 { + font-size: 3.0rem; + line-height: 3.4rem; } } + +h2 { + font-size: 2.8rem; + line-height: 3.2rem; } + @media only screen and (max-width: 768px) { + h2 { + font-size: 2.6rem; + line-height: 3.0rem; } } + +h3 { + font-size: 2.4rem; + line-height: 2.8rem; } + @media only screen and (max-width: 768px) { + h3 { + font-size: 2.2rem; + line-height: 2.6rem; } } + +h4 { + font-size: 2.2rem; + line-height: 2.6rem; } + @media only screen and (max-width: 768px) { + h4 { + font-size: 2.0rem; + line-height: 2.4rem; } } + +h5 { + font-size: 2.0rem; + line-height: 2.4rem; } + @media only screen and (max-width: 768px) { + h5 { + font-size: 1.8rem; + line-height: 2.2rem; } } + +h6 { + font-size: 1.8rem; + line-height: 2.2rem; } + @media only screen and (max-width: 768px) { + h6 { + font-size: 1.6rem; + line-height: 2.0rem; } } + +b, strong { + font-weight: 700; } + +pre { + display: block; + font-family: "Source Code Pro", "Lucida Console", monospace; + font-size: 1.6rem; + font-weight: 400; + line-height: 2.6rem; + margin: 2.0rem 0 2.0rem 0; + padding: 2.0rem; + overflow-x: auto; } + pre code { + display: inline-block; + background-color: inherit; + color: inherit; } + +code { + font-family: "Source Code Pro", "Lucida Console", monospace; + font-size: 1.6rem; + font-weight: 400; + background-color: #E0E0E0; + color: #585858; + padding: 0.2rem 0.4rem 0.2rem 0.4rem; } + +blockquote { + border-left: 2px solid #E0E0E0; + padding-left: 2.0rem; + line-height: 2.2rem; + font-weight: 400; + font-style: italic; } + +th, td { + padding: 1.6rem; } + +table { + border-collapse: collapse; } + +table td, table th { + border: 2px solid #585858; } + +table tr:first-child th { + border-top: 0; } + +table tr:last-child td { + border-bottom: 0; } + +table tr td:first-child, +table tr th:first-child { + border-left: 0; } + +table tr td:last-child, +table tr th:last-child { + border-right: 0; } + +img { + max-width: 100%; } + +.wrapper { + display: flex; + flex-direction: column; + min-height: 100vh; + width: 100%; } + +.container { + margin: 0 auto; + max-width: 90.0rem; + width: 100%; + padding-left: 2.0rem; + padding-right: 2.0rem; } + +.fab { + font-weight: 400; } + +.fas { + font-weight: 700; } + +.float-right { + float: right; } + +.float-left { + float: left; } + +.fab { + font-weight: 400; } + +.fas { + font-weight: 900; } + +.content { + flex: 1; + display: flex; + margin-top: 1.6rem; + margin-bottom: 3.2rem; } + .content article header { + margin-top: 6.4rem; + margin-bottom: 3.2rem; } + .content article header h1 { + font-size: 4.2rem; + line-height: 4.6rem; + margin: 0; } + @media only screen and (max-width: 768px) { + .content article header h1 { + font-size: 4.0rem; + line-height: 4.4rem; } } + .content article footer { + margin-top: 4.0rem; } + .content article footer .see-also { + margin: 3.2rem 0; } + .content article footer .see-also h3 { + margin: 3.2rem 0; } + .content .post .post-title { + margin-bottom: .75em; } + .content .post .post-meta i { + text-align: center; + width: 1.6rem; + margin-left: 0; + margin-right: 0.5rem; } + .content .post .post-meta .date .posted-on { + margin-left: 0; + margin-right: 1.5rem; } + .content figure { + margin: 0; + padding: 0; } + .content figcaption p { + text-align: center; + font-style: italic; + font-size: 1.6rem; + margin: 0; } + +.avatar img { + width: 20rem; + height: auto; + border-radius: 50%; } + @media only screen and (max-width: 768px) { + .avatar img { + width: 10rem; } } + +.list ul { + margin: 3.2rem 0 3.2rem 0; + list-style: none; + padding: 0; } + .list ul li { + font-size: 1.8rem; } + @media only screen and (max-width: 768px) { + .list ul li { + margin: 1.6rem 0 1.6rem 0; } } + .list ul li .date { + display: inline-block; + width: 20.0rem; + text-align: right; + margin-right: 3.0rem; } + @media only screen and (max-width: 768px) { + .list ul li .date { + display: block; + text-align: left; } } + .list ul li .title { + font-size: 1.8rem; + color: #585858; + font-family: Lato, Helvetica, sans-serif; + font-weight: 700; } + .list ul li .title:hover, .list ul li .title:focus { + color: #B21C0E; } + +.centered { + display: flex; + align-items: center; + justify-content: center; } + .centered .about { + text-align: center; } + .centered .about h1 { + margin-top: 2.0rem; + margin-bottom: 0.5rem; } + .centered .about h2 { + margin-top: 1.0rem; + margin-bottom: 0.5rem; + font-size: 2.4rem; } + @media only screen and (max-width: 768px) { + .centered .about h2 { + font-size: 2.0rem; } } + .centered .about ul { + list-style: none; + margin: 3.0rem 0 1.0rem 0; + padding: 0; } + .centered .about ul li { + display: inline-block; + position: relative; } + .centered .about ul li a { + color: #585858; + text-transform: uppercase; + margin-left: 1.0rem; + margin-right: 1.0rem; + font-size: 1.6rem; } + .centered .about ul li a:hover, .centered .about ul li a:focus { + color: #B21C0E; } + @media only screen and (max-width: 768px) { + .centered .about ul li a { + font-size: 1.4rem; } } + .centered .about ul li a i { + font-size: 3.2rem; } + .centered .error { + text-align: center; } + .centered .error h1 { + margin-top: 2.0rem; + margin-bottom: 0.5rem; + font-size: 4.6rem; } + @media only screen and (max-width: 768px) { + .centered .error h1 { + font-size: 3.2rem; } } + .centered .error h2 { + margin-top: 2.0rem; + margin-bottom: 3.2rem; + font-size: 3.2rem; } + @media only screen and (max-width: 768px) { + .centered .error h2 { + font-size: 2.8rem; } } + +.navigation { + height: 6.0rem; + width: 100%; } + .navigation a, .navigation span { + display: inline; + font-size: 1.6rem; + font-family: Lato, Helvetica, sans-serif; + font-weight: 700; + line-height: 6.0rem; + color: #585858; } + .navigation a:hover, .navigation a:focus { + color: #B21C0E; } + .navigation .navigation-title { + letter-spacing: 0.1rem; + text-transform: uppercase; } + .navigation .navigation-list { + float: right; + list-style: none; + margin-bottom: 0; + margin-top: 0; } + @media only screen and (max-width: 768px) { + .navigation .navigation-list { + position: absolute; + top: 6.0rem; + right: 0; + z-index: 5; + visibility: hidden; + opacity: 0; + padding: 0; + max-height: 0; + width: 100%; + background-color: #FAFAFA; + border-top: solid 2px #E0E0E0; + border-bottom: solid 2px #E0E0E0; + transition: opacity 0.25s, max-height 0.15s linear; } } + .navigation .navigation-list .navigation-item { + float: left; + margin: 0; + position: relative; } + @media only screen and (max-width: 768px) { + .navigation .navigation-list .navigation-item { + float: none !important; + text-align: center; } + .navigation .navigation-list .navigation-item a, .navigation .navigation-list .navigation-item span { + line-height: 5.0rem; } } + .navigation .navigation-list .navigation-item a, .navigation .navigation-list .navigation-item span { + margin-left: 1.0rem; + margin-right: 1.0rem; } + @media only screen and (max-width: 768px) { + .navigation .navigation-list .menu-separator { + border-top: 2px solid #585858; + margin: 0 8.0rem; } + .navigation .navigation-list .menu-separator span { + display: none; } } + .navigation #menu-toggle { + display: none; } + @media only screen and (max-width: 768px) { + .navigation #menu-toggle:checked + label { + color: #E0E0E0; } + .navigation #menu-toggle:checked + label + ul { + visibility: visible; + opacity: 1; + max-height: 100rem; } } + .navigation .menu-button { + display: none; } + @media only screen and (max-width: 768px) { + .navigation .menu-button { + display: block; + font-size: 2.4rem; + font-weight: 400; + line-height: 6.0rem; + color: #585858; + cursor: pointer; } + .navigation .menu-button:hover, .navigation .menu-button:focus { + color: #B21C0E; } } + +.pagination { + margin-top: 6.0rem; + text-align: center; + font-family: Lato, Helvetica, sans-serif; } + .pagination li { + display: inline; + text-align: center; + font-weight: 700; } + .pagination li span { + margin: 0; + text-align: center; + width: 3.2rem; } + .pagination li a { + font-weight: 300; } + .pagination li a span { + margin: 0; + text-align: center; + width: 3.2rem; } + +.footer { + width: 100%; + text-align: center; + line-height: 2.0rem; + margin-bottom: 1.0rem; } + .footer a { + color: #B21C0E; } + +/*# sourceMappingURL=coder.css.map */+ \ No newline at end of file diff --git a/resources/_gen/assets/scss/scss/coder.scss_fd4b5b3f9a48bc0c7f005d2f7a4cc30f.json b/resources/_gen/assets/scss/scss/coder.scss_fd4b5b3f9a48bc0c7f005d2f7a4cc30f.json @@ -0,0 +1 @@ +{"Target":"css/coder.css","MediaType":"text/css","Data":{}}+ \ No newline at end of file diff --git a/static/favicon-16x16.png b/static/favicon-16x16.png Binary files differ. diff --git a/static/favicon-32x32.png b/static/favicon-32x32.png Binary files differ. diff --git a/static/favicon.ico b/static/favicon.ico Binary files differ. diff --git a/static/img/projects/alexa_skill_1.png b/static/img/projects/alexa_skill_1.png Binary files differ. diff --git a/static/img/projects/alexa_skill_2.png b/static/img/projects/alexa_skill_2.png Binary files differ. diff --git a/static/img/projects/ansible_vpc_role_1.png b/static/img/projects/ansible_vpc_role_1.png Binary files differ. diff --git a/static/img/projects/aws_ami_1.png b/static/img/projects/aws_ami_1.png Binary files differ. diff --git a/static/img/projects/aws_ami_2.png b/static/img/projects/aws_ami_2.png Binary files differ. diff --git a/static/img/projects/dockerimages_1.png b/static/img/projects/dockerimages_1.png Binary files differ. diff --git a/static/img/projects/dockerimages_2.png b/static/img/projects/dockerimages_2.png Binary files differ. diff --git a/static/img/projects/linux_gaming_agg1.png b/static/img/projects/linux_gaming_agg1.png Binary files differ. diff --git a/static/img/projects/linux_gaming_agg2.png b/static/img/projects/linux_gaming_agg2.png Binary files differ. diff --git a/themes/hugo-coder b/themes/hugo-coder @@ -0,0 +1 @@ +Subproject commit 81666ed54bb438f4af01fd4a111df8bd7d423120