Aléas numériques

Linux, infosec and whatever crosses my mind.


Privileges escalation using MySQL's User-Defined Functions

Hello there. Today, we’ll be escalating privileges, using MySQL UDF. MySQL User-Defined Functions In the MySQL universe, a function is a subprogram that can be used to perform more or less complex operations, and return the output that can later be used as a value. There are 2 kinds of functions: System functions: they are already defined by MySQL and are ready to use. User-defined functions: those functions are defined by the developers/administrators and added to MySQL.

Read more...

Generate secure passwords

For a few years now, I’ve been using pass(1) as my day-to-day password manager. It works like a charm, especially with rofi-pass. pass has a dedicated command to generate passwords, but it stores them in an encrypted file: $ pass generate foo [master 2db1669] Add generated password for foo. 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 foo.gpg The generated password for foo is: =>Jw'3;.#[3g6#Ey:k{BDuk^K It’s really cool, but as far as I know it is not possible to generate a password and print it on STDOUT without storing it in a file.

Read more...

How this site runs

This site had 3 different homes during the last 2 years. I’ll detail here how the different infrastructures looked like, and why I moved from one to another. A Kubernetes at home At the beginning, this website lived in a k3s cluster that I hosted at home. In order for me to practice and develop my Kubernetes skills outside from work, I bought a little Intel NUC (a CHUWI CoreBox i5 with 8GB of memory and 256GB of storage), running an Ubuntu 20.

Read more...

Supports d'enseignement

Depuis Septembre 2022, je suis enseignant vacataire à l’Université Claude Bernard Lyon 1. Je m’occupe de deux matières: “Programmation pour l’administration” et “Méthodes de la Sécurité des Systèmes”, dispensée à des étudiant·es de troisième année de licence. À travers ces deux matières, j’enseigne: le scripting shell avec Bash (~10 heures); une introduction à la programmation avec Go (~10 heures); la sécurité des systèmes et le hacking éthique (~34 heures). En tant que support de cours, j’utilise principalement des diaporamas, qui seront mis à dispo au fur et à mesures des années et matières sur ce site.

Read more...

Hash functions

This is the english translation of the first Offensive Security lesson I teach at uni. It is an introduction course to hash functions. Definition Uses of hash functions Passwords Integrity check Hash tables Putting it into practice: breaking hashes Definition Suppose you share a huge file with a friend, but you’re not sure if you both have the same version of the file. You could send your version of the file to your friend and he could compare it to his version.

Read more...

Terraform Cloud & .tfvars

Tl;Dr: rename the terraform.tfvars file into terraform.auto.tfvars when using Terraform Cloud. I had an interesting issue today while trying to deploy Terraform manifests. For simple projects which are handled by only few engineers, we use Terraform Cloud. It quite easy to use, handles pretty nicely the tfstate and has a good GitHub integration (here Terraform Cloud performing a terraform plan on a pull request): I created a variables.tf file, containing the following:

Read more...

Basics of concurrency in C

Table of contents Table of contents Threads creation Threads cancellation I developed a lot in Go recently, which is notably known for its ease of implementation of concurrent programs. Even if there can be more advanced topics1 about concurrency, it is pretty straightforward to launch a function in a new goroutine (a lightweight thread managed by the Go runtime): // this will launch the function foobar() // in a new goroutine go foobar() Let’s see how can write concurrent programs in C.

Read more...

First steps into shellcodes

Table of contents Table of contents Create the first payload Change the assembly code to avoid null bytes Automate opcodes extraction Shellcode development techniques JMP, CALL, POP Stack technique RIP relative addressing technique The term shellcode simply represents machine code in places where it is not normally found, such as a char array. Create the first payload First let’s create a simple payload: a one that just… exits. Here, with status code 0.

Read more...

Attacking DHCP

Table of contents Table of contents The DHCP protocol DHCP starvation attack DHCP rogue server attack How to protect This article will introduce 2 different kinds of DHCP attacks: DHCP starvation attack and DHCP rogue server attack. But first, some reminders. The DHCP protocol Dynamic Host Configuration Protocol allows computers to automatically receive IP addresses and network configuration from a DHCP server. Here is a typical IP address obtention :

Read more...
Previous Page 2 of 2