Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 68

Source: Carnal0wnage and Attack Research Blog

Articles recieved 19/02/2024
Article: Kubernetes: open etcd - published over 5 years ago.
Content: Quick post on Kubernetes and open etcd (port 2379) "etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative." -from: https://coreos....
https://blog.carnal0wnage.com/2019/01/kubernetes-open-etcd.html 
🔥🔥
 
Published: 2019 01 06 14:00:00
Received: 2024 02 19 11:44:47
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: cAdvisor - published over 5 years ago.
Content: "cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers." runs on port 4194 Links: https://kubernetes.io/docs/tasks/debug-application-cluster/resourc...
https://blog.carnal0wnage.com/2019/01/kubernetes-cadvisor.html 
🔥🔥
 
Published: 2019 01 06 14:00:00
Received: 2024 02 19 11:44:47
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kubelet API containerLogs endpoint - published over 5 years ago.
Content: How to get the info that kube-hunter reports for open /containerLogs endpoint Vulnerabilities +---------------+-------------+------------------+----------------------+----------------+ | LOCATION       CATEGORY     | VULNERABILITY    | DESCRIPTION          | EVIDENCE       | +---------------+-------------+------------------+----------------------+-------...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html 
🔥🔥
 
Published: 2019 01 11 14:00:00
Received: 2024 02 19 11:44:47
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kubernetes Dashboard - published over 5 years ago.
Content: Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it. Usually found on port 30000 kube-hunter finding for it: Vulnerabilities +-----------------------+---------------+----------------------+----------------------+------------------+ | LOCATION     ...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html 
🔥🔥
 
Published: 2019 01 11 14:00:00
Received: 2024 02 19 11:44:46
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: unauth kublet API 10250 basic code exec - published over 5 years ago.
Content: Unauth API access (10250) Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option. Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the ...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2024 02 19 11:44:46
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: unauth kublet API 10250 token theft & kubectl - published over 5 years ago.
Content: Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec kube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods With that data, you can craft your post request to exec within a pod so we can poke around.  Example request: curl -k -XPOST "https://k8-node:102...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250_16.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2024 02 19 11:44:46
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kube-Hunter 10255 - published over 5 years ago.
Content: Below is some sample output that mainly is here to see what open 10255 will give you and look like.  What probably of most interest is the /pods endpoint or the /metrics endpoint or the /stats endpoint $ ./kube-hunter.py Choose one of the options below: 1. Remote scanning      (scans one or more specific IPs or DNS names) 2. Subnet sc...
https://blog.carnal0wnage.com/2019/01/kubernetes-kube-hunter-10255.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2024 02 19 11:44:46
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with new exploits pt1 - published about 5 years ago.
Content: Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including ...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html 
🔥🔥
 
Published: 2019 02 26 18:46:00
Received: 2024 02 19 11:44:45
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with exploits pt2 - CVE-2019-1003000 - published about 5 years ago.
Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the following exploit came up while searching. What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploi...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html 
🔥🔥
 
Published: 2019 02 27 20:23:00
Received: 2024 02 19 11:44:45
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - SECURITY-200 / CVE-2015-5323 PoC - published about 5 years ago.
Content: API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials. Affected versions All Jenkins main line releases up to and including 1.63...
https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html 
🔥🔥
 
Published: 2019 02 28 00:14:00
Received: 2024 02 19 11:44:45
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - SECURITY-180/CVE-2015-1814 PoC - published about 5 years ago.
Content: Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 Burp output Validate new token works ...
https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html 
🔥🔥
 
Published: 2019 02 28 00:51:00
Received: 2024 02 19 11:44:45
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - decrypting credentials.xml - published about 5 years ago.
Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.Secret Screenshot...
https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html 
🔥🔥
 
Published: 2019 02 28 15:22:00
Received: 2024 02 19 11:44:45
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - Identify IP Addresses of nodes - published about 5 years ago.
Content: While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes.  You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI. Stackoverflow link: https://stackoverflow.com/questions/149303...
https://blog.carnal0wnage.com/2019/03/jenkins-identify-ip-addresses-of-nodes.html 
🔥🔥
 
Published: 2019 03 05 02:16:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with exploits pt3 - CVE-2019-1003000 - published about 5 years ago.
Content: References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln versions: Jenkins < 2.137 (preauth) Pipeline: Declarative Plugin up to and including 1.3.4 Pipeline: Groovy Plugin up to and including 2.61 Script Secur...
https://blog.carnal0wnage.com/2019/03/jenkins-messing-with-exploits-pt3-cve.html 
🔥🔥
 
Published: 2019 03 05 03:26:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Minecraft Mod, Mother's Day, and A Hacker Dad - published almost 5 years ago.
Content: Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate. When I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these ...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-mothers-day-and-hacker-dad.html 
🔥🔥
 
Published: 2019 05 13 15:59:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Devoops: Nomad with raw_exec enabled - published over 4 years ago.
Content: "Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators......
https://blog.carnal0wnage.com/2019/12/devoops-nomad-with-rawexec-enabled.html 
🔥🔥
 
Published: 2019 12 16 16:43:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: What is your GCP infra worth?...about ~$700 [Bugbounty] - published about 4 years ago.
Content: BugBounty story #bugbountytips A fixed but they didn't pay the bugbounty story... Timeline: reported 21 Oct 2019 validated at Critical  23 Oct 2019 validated as fixed 30 Oct 2019 Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019 Information provided for payment 16 Nov 2019 13 March 2020 - Never paid - blog post posted 19 March 2020  - received...
https://blog.carnal0wnage.com/2020/03/what-is-your-gcp-infra-worthabout-700.html 
🔥🔥
 
Published: 2020 03 14 02:10:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ - published about 4 years ago.
Content: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true...
https://blog.carnal0wnage.com/2020/04/the-duality-of-attackers-or-why-bad.html 
🔥🔥
 
Published: 2020 04 27 16:36:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: WeirdAAL update - get EC2 snapshots - published almost 4 years ago.
Content: I watched a good DEF CON video on abusing public AWS Snapshotshttps://www.youtube.com/watch?v=-LGR63yCTtsI, of course, wanted to check this out. There are tens of thousands of public snapshots in the various regions.  The talk outlines what you can do with these and Bishop Fox released a tool to do it https://github.com/BishopFox/dufflebag. I wanted to scrip...
https://blog.carnal0wnage.com/2020/05/weirdaal-update-get-ec2-snapshots.html 
🔥🔥
 
Published: 2020 05 18 00:01:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
11:44 Kubernetes: open etcd
🔥🔥
11:44 Kubernetes: cAdvisor
🔥🔥
11:44 Kubernetes: Kubelet API containerLogs endpoint
🔥🔥
11:44 Kubernetes: Kubernetes Dashboard
🔥🔥
11:44 Kubernetes: unauth kublet API 10250 basic code exec
🔥🔥
11:44 Kubernetes: unauth kublet API 10250 token theft & kubectl
🔥🔥
11:44 Kubernetes: Kube-Hunter 10255
🔥🔥
11:44 Jenkins - messing with new exploits pt1
🔥🔥
11:44 Jenkins - messing with exploits pt2 - CVE-2019-1003000
🔥🔥
11:44 Jenkins - SECURITY-200 / CVE-2015-5323 PoC
🔥🔥
11:44 Jenkins - SECURITY-180/CVE-2015-1814 PoC
🔥🔥
11:44 Jenkins - decrypting credentials.xml
🔥🔥
11:44 Jenkins - Identify IP Addresses of nodes
🔥🔥
11:44 Jenkins - messing with exploits pt3 - CVE-2019-1003000
🔥🔥
11:44 Minecraft Mod, Mother's Day, and A Hacker Dad
🔥🔥
11:44 Devoops: Nomad with raw_exec enabled
🔥🔥
11:44 What is your GCP infra worth?...about ~$700 [Bugbounty]
🔥🔥
11:44 The Duality of Attackers - Or Why Bad Guys are a Good Thing™
🔥🔥
11:44 WeirdAAL update - get EC2 snapshots
🔥🔥
Articles recieved 31/03/2023
Article: Kubernetes: open etcd - published over 5 years ago.
Content: Quick post on Kubernetes and open etcd (port 2379) "etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative." -from: https://coreos....
https://blog.carnal0wnage.com/2019/01/kubernetes-open-etcd.html 
🔥🔥
 
Published: 2019 01 06 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: cAdvisor - published over 5 years ago.
Content: "cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers." runs on port 4194 Links: https://kubernetes.io/docs/tasks/debug-application-cluster/resourc...
https://blog.carnal0wnage.com/2019/01/kubernetes-cadvisor.html 
🔥🔥
 
Published: 2019 01 06 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Master Post - published over 5 years ago.
Content: I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter. Talks you should watch if you are interested in Kubernetes: Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman https://www.youtube.com/watch?v=v...
https://blog.carnal0wnage.com/2019/01/kubernetes-master-post.html 
🔥🔥
 
Published: 2019 01 07 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kubelet API containerLogs endpoint - published over 5 years ago.
Content: How to get the info that kube-hunter reports for open /containerLogs endpoint Vulnerabilities +---------------+-------------+------------------+----------------------+----------------+ | LOCATION       CATEGORY     | VULNERABILITY    | DESCRIPTION          | EVIDENCE       | +---------------+-------------+------------------+----------------------+-------...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html 
🔥🔥
 
Published: 2019 01 11 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kubernetes Dashboard - published over 5 years ago.
Content: Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it. Usually found on port 30000 kube-hunter finding for it: Vulnerabilities +-----------------------+---------------+----------------------+----------------------+------------------+ | LOCATION     ...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html 
🔥🔥
 
Published: 2019 01 11 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: List of ports - published over 5 years ago.
Content: Other Kubernetes ports What are some of the visible ports used in Kubernetes? 44134/tcp - Helmtiller, weave, calico 10250/tcp - kubelet (kublet exploit) No authN, completely open /pods /runningpods /containerLogs 10255/tcp - kublet port (read-only) /stats /metrics /pods 4194/tcp - cAdvisor 2379/tcp - etcd (see it on other ports though) Etcd hold...
https://blog.carnal0wnage.com/2019/01/kubernetes-list-of-ports.html 
🔥🔥
 
Published: 2019 01 14 21:31:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: unauth kublet API 10250 basic code exec - published over 5 years ago.
Content: Unauth API access (10250) Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option. Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the ...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: unauth kublet API 10250 token theft & kubectl - published over 5 years ago.
Content: Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec kube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods With that data, you can craft your post request to exec within a pod so we can poke around.  Example request: curl -k -XPOST "https://k8-node:102...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250_16.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kube-Hunter 10255 - published over 5 years ago.
Content: Below is some sample output that mainly is here to see what open 10255 will give you and look like.  What probably of most interest is the /pods endpoint or the /metrics endpoint or the /stats endpoint $ ./kube-hunter.py Choose one of the options below: 1. Remote scanning      (scans one or more specific IPs or DNS names) 2. Subnet sc...
https://blog.carnal0wnage.com/2019/01/kubernetes-kube-hunter-10255.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Abusing Docker API | Socket - published over 5 years ago.
Content: Notes on abusing open Docker sockets This wont cover breaking out of docker containers Ports: usually 2375 & 2376 but can be anything Refs: https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0 https://www.slideshare.net/BorgHan/hacking-docker-the-easy-way https://blog.secureideas.com/2018/05/escaping-the-wha...
https://blog.carnal0wnage.com/2019/02/abusing-docker-api-socket.html 
🔥🔥
 
Published: 2019 02 01 13:32:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with new exploits pt1 - published about 5 years ago.
Content: Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including ...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html 
🔥🔥
 
Published: 2019 02 26 18:46:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with exploits pt2 - CVE-2019-1003000 - published about 5 years ago.
Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the following exploit came up while searching. What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploi...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html 
🔥🔥
 
Published: 2019 02 27 20:23:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins Master Post - published about 5 years ago.
Content: A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2 Using the terminal plugin to get RCE https://sharadchhetri.com/2018/12/02/managing-jenkins-plugins...
https://blog.carnal0wnage.com/2019/02/jenkins-master-post.html 
🔥🔥
 
Published: 2019 02 27 21:46:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - SECURITY-200 / CVE-2015-5323 PoC - published about 5 years ago.
Content: API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials. Affected versions All Jenkins main line releases up to and including 1.63...
https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html 
🔥🔥
 
Published: 2019 02 28 00:14:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - SECURITY-180/CVE-2015-1814 PoC - published about 5 years ago.
Content: Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 Burp output Validate new token works ...
https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html 
🔥🔥
 
Published: 2019 02 28 00:51:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - decrypting credentials.xml - published about 5 years ago.
Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.Secret Screenshot...
https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html 
🔥🔥
 
Published: 2019 02 28 15:22:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - Identify IP Addresses of nodes - published about 5 years ago.
Content: While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes.  You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI. Stackoverflow link: https://stackoverflow.com/questions/149303...
https://blog.carnal0wnage.com/2019/03/jenkins-identify-ip-addresses-of-nodes.html 
🔥🔥
 
Published: 2019 03 05 02:16:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with exploits pt3 - CVE-2019-1003000 - published about 5 years ago.
Content: References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln versions: Jenkins < 2.137 (preauth) Pipeline: Declarative Plugin up to and including 1.3.4 Pipeline: Groovy Plugin up to and including 2.61 Script Secur...
https://blog.carnal0wnage.com/2019/03/jenkins-messing-with-exploits-pt3-cve.html 
🔥🔥
 
Published: 2019 03 05 03:26:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - CVE-2018-1000600 PoC - published about 5 years ago.
Content: second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915 This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new j...
https://blog.carnal0wnage.com/2019/03/jenkins-cve-2018-1000600-poc.html 
🔥🔥
 
Published: 2019 03 05 19:01:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Minecraft Mod, Mother's Day, and A Hacker Dad - published almost 5 years ago.
Content: Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate. When I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these ...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-mothers-day-and-hacker-dad.html 
🔥🔥
 
Published: 2019 05 13 15:59:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Minecraft Mod, Follow up, and Java Reflection - published almost 5 years ago.
Content: After yesterday's post, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggesti...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-follow-up-and-java.html 
🔥🔥
 
Published: 2019 05 14 19:17:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Devoops: Nomad with raw_exec enabled - published over 4 years ago.
Content: "Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators......
https://blog.carnal0wnage.com/2019/12/devoops-nomad-with-rawexec-enabled.html 
🔥🔥
 
Published: 2019 12 16 16:43:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: What is your GCP infra worth?...about ~$700 [Bugbounty] - published about 4 years ago.
Content: BugBounty story #bugbountytips A fixed but they didn't pay the bugbounty story... Timeline: reported 21 Oct 2019 validated at Critical  23 Oct 2019 validated as fixed 30 Oct 2019 Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019 Information provided for payment 16 Nov 2019 13 March 2020 - Never paid - blog post posted 19 March 2020  - received...
https://blog.carnal0wnage.com/2020/03/what-is-your-gcp-infra-worthabout-700.html 
🔥🔥
 
Published: 2020 03 14 02:10:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ - published about 4 years ago.
Content: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true...
https://blog.carnal0wnage.com/2020/04/the-duality-of-attackers-or-why-bad.html 
🔥🔥
 
Published: 2020 04 27 16:36:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
08:24 Kubernetes: open etcd
🔥🔥
08:24 Kubernetes: cAdvisor
🔥🔥
08:24 Kubernetes: Master Post
🔥🔥
08:24 Kubernetes: Kubelet API containerLogs endpoint
🔥🔥
08:24 Kubernetes: Kubernetes Dashboard
🔥🔥
08:24 Kubernetes: List of ports
🔥🔥
08:24 Kubernetes: unauth kublet API 10250 basic code exec
🔥🔥
08:24 Kubernetes: unauth kublet API 10250 token theft & kubectl
🔥🔥
08:24 Kubernetes: Kube-Hunter 10255
🔥🔥
08:24 Abusing Docker API | Socket
🔥🔥
08:24 Jenkins - messing with new exploits pt1
🔥🔥
08:24 Jenkins - messing with exploits pt2 - CVE-2019-1003000
🔥🔥
08:24 Jenkins Master Post
🔥🔥
08:24 Jenkins - SECURITY-200 / CVE-2015-5323 PoC
🔥🔥
08:24 Jenkins - SECURITY-180/CVE-2015-1814 PoC
🔥🔥
08:24 Jenkins - decrypting credentials.xml
🔥🔥
08:24 Jenkins - Identify IP Addresses of nodes
🔥🔥
08:24 Jenkins - messing with exploits pt3 - CVE-2019-1003000
🔥🔥
08:24 Jenkins - CVE-2018-1000600 PoC
🔥🔥
08:24 Minecraft Mod, Mother's Day, and A Hacker Dad
🔥🔥
08:24 Minecraft Mod, Follow up, and Java Reflection
🔥🔥
08:24 Devoops: Nomad with raw_exec enabled
🔥🔥
08:24 What is your GCP infra worth?...about ~$700 [Bugbounty]
🔥🔥
08:24 The Duality of Attackers - Or Why Bad Guys are a Good Thing™
🔥🔥
Articles recieved 06/06/2021
Article: Kubernetes: open etcd - published over 5 years ago.
Content: Quick post on Kubernetes and open etcd (port 2379)"etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative."-from: https://coreos.com/...
https://blog.carnal0wnage.com/2019/01/kubernetes-open-etcd.html 
🔥🔥
 
Published: 2019 01 06 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: cAdvisor - published over 5 years ago.
Content: "cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers."runs on port 4194Links:https://kubernetes.io/docs/tasks/debug-application-cluster/resource-usa...
https://blog.carnal0wnage.com/2019/01/kubernetes-cadvisor.html 
🔥🔥
 
Published: 2019 01 06 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Master Post - published over 5 years ago.
Content: I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter.Talks you should watch if you are interested in Kubernetes:Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesamanhttps://www.youtube.com/watch?v=vTgQLzeB...
https://blog.carnal0wnage.com/2019/01/kubernetes-master-post.html 
🔥🔥
 
Published: 2019 01 07 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kubelet API containerLogs endpoint - published over 5 years ago.
Content: How to get the info that kube-hunter reports for open /containerLogs endpointVulnerabilities+---------------+-------------+------------------+----------------------+----------------+| LOCATION       CATEGORY     | VULNERABILITY    | DESCRIPTION          | EVIDENCE       |+---------------+-------------+------------------+----------------------+---------------...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html 
🔥🔥
 
Published: 2019 01 11 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kubernetes Dashboard - published over 5 years ago.
Content: Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it.Usually found on port 30000kube-hunter finding for it:Vulnerabilities+-----------------------+---------------+----------------------+----------------------+------------------+| LOCATION              ...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html 
🔥🔥
 
Published: 2019 01 11 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: List of ports - published over 5 years ago.
Content: Other Kubernetes portsWhat are some of the visible ports used in Kubernetes?44134/tcp - Helmtiller, weave, calico10250/tcp - kubelet (kublet exploit)No authN, completely open/pods/runningpods/containerLogs10255/tcp - kublet port (read-only)/stats/metrics/pods4194/tcp - cAdvisor2379/tcp - etcd (see it on other ports though)Etcd holds all the configsConfig sto...
https://blog.carnal0wnage.com/2019/01/kubernetes-list-of-ports.html 
🔥🔥
 
Published: 2019 01 14 21:31:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: unauth kublet API 10250 basic code exec - published over 5 years ago.
Content: Unauth API access (10250)Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option.Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the contain...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: unauth kublet API 10250 token theft & kubectl - published over 5 years ago.
Content: Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & execkube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running podsWith that data, you can craft your post request to exec within a pod so we can poke around. Example request:curl -k -XPOST "https://k8-node:10250/run/kube-...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250_16.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Kubernetes: Kube-Hunter 10255 - published over 5 years ago.
Content: Below is some sample output that mainly is here to see what open 10255 will give you and look like.  What probably of most interest is the /pods endpointor the /metrics endpointor the /stats endpoint $ ./kube-hunter.pyChoose one of the options below:1. Remote scanning      (scans one or more specific IPs or DNS names)2. Subnet scanning      (scans subnets ...
https://blog.carnal0wnage.com/2019/01/kubernetes-kube-hunter-10255.html 
🔥🔥
 
Published: 2019 01 16 14:00:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Abusing Docker API | Socket - published over 5 years ago.
Content: Notes on abusing open Docker socketsThis wont cover breaking out of docker containersPorts: usually 2375 & 2376 but can be anythingRefs:https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0https://www.slideshare.net/BorgHan/hacking-docker-the-easy-wayhttps://blog.secureideas.com/2018/05/escaping-the-whale-things-...
https://blog.carnal0wnage.com/2019/02/abusing-docker-api-socket.html 
🔥🔥
 
Published: 2019 02 01 13:32:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with new exploits pt1 - published about 5 years ago.
Content: Jenkins notes for:https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlhttp://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlto download old jenkins WAR fileshttp://updates.jenkins-ci.org/download/war/1st bug in the blog is a username enumeration bug inJenkins weekly up to and including 2.145Jenkins...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html 
🔥🔥
 
Published: 2019 02 26 18:46:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with exploits pt2 - CVE-2019-1003000 - published about 5 years ago.
Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants.While not totally related to the blog post and tweet the following exploit came up while searching.What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploits. ...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html 
🔥🔥
 
Published: 2019 02 27 20:23:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins Master Post - published about 5 years ago.
Content: A collection of posts on attacking Jenkinshttp://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.htmlManipulating build steps to get RCEhttps://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2Using the terminal plugin to get RCEhttps://sharadchhetri.com/2018/12/02/managing-jenkins-plugins/Getting st...
https://blog.carnal0wnage.com/2019/02/jenkins-master-post.html 
🔥🔥
 
Published: 2019 02 27 21:46:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - SECURITY-200 / CVE-2015-5323 PoC - published about 5 years ago.
Content: API tokens of other users available to adminsSECURITY-200 / CVE-2015-5323API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials.Affected versionsAll Jenkins main line releases up to and including 1.637All Jenkins ...
https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html 
🔥🔥
 
Published: 2019 02 28 00:14:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - SECURITY-180/CVE-2015-1814 PoC - published about 5 years ago.
Content: Forced API token changeSECURITY-180/CVE-2015-1814https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-changeAffected VersionsAll Jenkins releases <= 1.605All LTS releases <= 1.596.1PoCTested against Jenkins 1.605Burp outputValidate new token works...
https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html 
🔥🔥
 
Published: 2019 02 28 00:51:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - decrypting credentials.xml - published about 5 years ago.
Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way:hashed_pw='$PASSWORDHASH'passwd = hudson.util.Secret.decrypt(hashed_pw)println(passwd)You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.SecretScreenshot belowCo...
https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html 
🔥🔥
 
Published: 2019 02 28 15:22:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - Identify IP Addresses of nodes - published about 5 years ago.
Content: While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes.  You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI.Stackoverflow link: https://stackoverflow.com/questions/14930329...
https://blog.carnal0wnage.com/2019/03/jenkins-identify-ip-addresses-of-nodes.html 
🔥🔥
 
Published: 2019 03 05 02:16:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - messing with exploits pt3 - CVE-2019-1003000 - published about 5 years ago.
Content: References:https://www.exploit-db.com/exploits/46453http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlThis post covers the Orange Tsai Jenkins pre-auth exploitVuln versions: Jenkins < 2.137 (preauth)Pipeline: Declarative Plugin up to and including 1.3.4Pipeline: Groovy Plugin up to and including 2.61Script Security Plugin ...
https://blog.carnal0wnage.com/2019/03/jenkins-messing-with-exploits-pt3-cve.html 
🔥🔥
 
Published: 2019 03 05 03:26:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Jenkins - CVE-2018-1000600 PoC - published about 5 years ago.
Content: second exploit from the blog posthttps://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlChained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRFhttps://jenkins.io/security/advisory/2018-06-25/#SECURITY-915This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new jenkins in...
https://blog.carnal0wnage.com/2019/03/jenkins-cve-2018-1000600-poc.html 
🔥🔥
 
Published: 2019 03 05 19:01:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Minecraft Mod, Mother's Day, and A Hacker Dad - published almost 5 years ago.
Content: Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate.When I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these Yo...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-mothers-day-and-hacker-dad.html 
🔥🔥
 
Published: 2019 05 13 15:59:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Minecraft Mod, Follow up, and Java Reflection - published almost 5 years ago.
Content: After yesterday's post, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggesti...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-follow-up-and-java.html 
🔥🔥
 
Published: 2019 05 14 19:17:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: Devoops: Nomad with raw_exec enabled - published over 4 years ago.
Content: "Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators......
https://blog.carnal0wnage.com/2019/12/devoops-nomad-with-rawexec-enabled.html 
🔥🔥
 
Published: 2019 12 16 16:43:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: What is your GCP infra worth?...about ~$700 [Bugbounty] - published about 4 years ago.
Content: BugBounty story #bugbountytipsA fixed but they didn't pay the bugbounty story...Timeline:reported 21 Oct 2019validated at Critical  23 Oct 2019validated as fixed 30 Oct 2019Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019Information provided for payment 16 Nov 201913 March 2020 - Never paid - blog post posted19 March 2020  - received bounty of $5...
https://blog.carnal0wnage.com/2020/03/what-is-your-gcp-infra-worthabout-700.html 
🔥🔥
 
Published: 2020 03 14 02:10:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ - published about 4 years ago.
Content: The Duality of Attackers - Or Why Bad Guys are a Good Thing™It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true they...
https://blog.carnal0wnage.com/2020/04/the-duality-of-attackers-or-why-bad.html 
🔥🔥
 
Published: 2020 04 27 16:36:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Article: WeirdAAL update - get EC2 snapshots - published almost 4 years ago.
Content: I watched a good DEF CON video on abusing public AWS Snapshotshttps://www.youtube.com/watch?v=-LGR63yCTtsI, of course, wanted to check this out. There are tens of thousands of public snapshots in the various regions.  The talk outlines what you can do with these and Bishop Fox released a tool to do it https://github.com/BishopFox/dufflebag. I wanted to scrip...
https://blog.carnal0wnage.com/2020/05/weirdaal-update-get-ec2-snapshots.html 
🔥🔥
 
Published: 2020 05 18 00:01:00
Received: 2021 06 06 09:05:30
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
09:05 Kubernetes: open etcd
🔥🔥
09:05 Kubernetes: cAdvisor
🔥🔥
09:05 Kubernetes: Master Post
🔥🔥
09:05 Kubernetes: Kubelet API containerLogs endpoint
🔥🔥
09:05 Kubernetes: Kubernetes Dashboard
🔥🔥
09:05 Kubernetes: List of ports
🔥🔥
09:05 Kubernetes: unauth kublet API 10250 basic code exec
🔥🔥
09:05 Kubernetes: unauth kublet API 10250 token theft & kubectl
🔥🔥
09:05 Kubernetes: Kube-Hunter 10255
🔥🔥
09:05 Abusing Docker API | Socket
🔥🔥
09:05 Jenkins - messing with new exploits pt1
🔥🔥
09:05 Jenkins - messing with exploits pt2 - CVE-2019-1003000
🔥🔥
09:05 Jenkins Master Post
🔥🔥
09:05 Jenkins - SECURITY-200 / CVE-2015-5323 PoC
🔥🔥
09:05 Jenkins - SECURITY-180/CVE-2015-1814 PoC
🔥🔥
09:05 Jenkins - decrypting credentials.xml
🔥🔥
09:05 Jenkins - Identify IP Addresses of nodes
🔥🔥
09:05 Jenkins - messing with exploits pt3 - CVE-2019-1003000
🔥🔥
09:05 Jenkins - CVE-2018-1000600 PoC
🔥🔥
09:05 Minecraft Mod, Mother's Day, and A Hacker Dad
🔥🔥
09:05 Minecraft Mod, Follow up, and Java Reflection
🔥🔥
09:05 Devoops: Nomad with raw_exec enabled
🔥🔥
09:05 What is your GCP infra worth?...about ~$700 [Bugbounty]
🔥🔥
09:05 The Duality of Attackers - Or Why Bad Guys are a Good Thing™
🔥🔥
09:05 WeirdAAL update - get EC2 snapshots
🔥🔥

Get your Free Scan and Score Certificate

Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate

Get your repeat Free Scan and Score Certificate

Cyber Tzar Score Summary
Cyber Tzar Score Summary

Cyber Security Made Simple

Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained

Cyber Tzar Platform Highlights

Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 68
  • "Home" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Authors is the most poorly serviced field in the articles we see from cyber security news providers.
  • Only Published Date selections use the articles Published Date (for ordering and grouping).
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • Return to the top of this page "Go Now"

Custom HTML Block

Click to Open Code Editor