FUN WITH LINUX

Abusing a race condition in logrotate to elevate privileges

14 January 2019

Together with a friend we took part of the Capture The Flag at the 35C3. One challenge was that one:

Logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. It also gives you a root shell.

Read more..
Merry Christmas

24 December 2018

I wish you a merry christmas and a happy new year.

Read more..
What the hack is "E-Brief"

8 December 2018

This week I received an email from my bank company. They advertised that they are cooperating with the “Post”(Austrian mailprovider) and recommended to use “E-Brief” for notifications from them. My first thought was: “it’s E-Mail”. Because E-Brief translated from german means: “E-Mail”. So I took a look in the FAQ’s from the Post and they wrote things like(translated from German):

Your E-“Letter Box” from everywhere

High security

Read more..
Fourth Anniversary

7 November 2018

This blog really became 4 years old. When I started to write it was mostly for practicing written english. But my intention was always to give something back to the open-source community. I failed terribly with the first point. My english is as bad as it was before, but I have readers and get responses to some articles. It seems that I didn’t failed with “giving something back to the open-source community”.

Thank you to all my readers.

Read more..
Full Disclosure: Remote-Command-Execution in PHKP

8 October 2018

Overview

  • System affected: PHKP
  • Software-Version: including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b
  • User-Interaction: Not required
  • Impact: Remote-Code-Execution
  • CVE: CVE-2018-1000885
Read more..
Happy 20 Birthday to Nmap

1 September 2018

The legendary portscanner nmap was released 20 years ago in Phrack #51. Happy Birthday nmap.

nmap 20 birthday

Read more..
Happy Sysadminday

27 July 2018

Sysadmins are the heros who bring back our cat-pictures from the heights of the filesystem-tree. So let’s honour our firefighters of the internet.

Read more..
Now is a good time to backup our github-repos

7 June 2018

Many people are scared because Microsoft bought GitHub. I wonder why people are so shocked now. Github is just another cloud-thingy and cloud means: “it’s just the computer of someone else”. If “someone else” will shutdown or wipe his computer, then we better have backups. Having this in our minds I would say that it’s time to make (auto)backups. I wrote this little ruby-script that clones all public repositories of a user into a directory. If the repositories already exist locally, then this script will just make a “git-pull”.

Read more..
cryptorecord 0.9.2 released

17 May 2018

I proudly pronounce the first (pre-)release of cryptorecord. Cryptorecords is a ruby gem that provides an API and scripts for creating crypto-related dns-records(e.g. DANE). Currently it supports TLSA, OPENPGPKEYS and SSHFP but I plan to support other records in future. The API doesn’t create any keys or certificates. It just takes existing keyfiles to create the DNS-records.

Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti