Infinity

New Year's Eve 2019 seems infinitely far in the past. It was the first day news about this mysterious disease had been published in my country. Yet it seems infinitely far away at that time, somewhere in China. Today we see something glowing at the end of a weird long corridor. Despite horrible news, I … Continue reading Infinity

Simple Ping Sweep, Port Scan, and Getting Output from Blind Remote Command Execution

Just dumping some quick and dirty one-liners! These are commands I had used to explore locked-down Windows and Linux machines, using bash or powershell when no other binaries were available or could be transferred to the boxes easily. Trying to ping all hosts in a subnet Linux for i in $(seq 1 254); do host=192.168.0.$i; … Continue reading Simple Ping Sweep, Port Scan, and Getting Output from Blind Remote Command Execution

Echo Unreadable Hex Characters in Windows: forfiles

How to transfer small files to a locked-down Windows machine? When there is no option to copy, ftp, or http GET a file. When powershell is blocked so that you can only use Windows cmd commands? My first choice would be to use certutil: certutil is a built-in tool for certificate and PKI management. It … Continue reading Echo Unreadable Hex Characters in Windows: forfiles

Unintended 2nd Order SQL Injection

Why I am not afraid of the AI / Big Data / Cloud powered robot apocalypse. SQL order injection means to run custom SQL queries through web interfaces because the input to the intended query is not sanitized, like appending the infamous ' OR '1'='1 to a user name or search term. It is 2nd … Continue reading Unintended 2nd Order SQL Injection

A Color Box. Lost in Translation

It was that time again. The Chief Engineer had rebuilt the technical room from scratch. Each piece of heavy equipment had a new place, each pipe and wire was reborn in a new incarnation (German stories here.) The control system was turned upset down as well, and thus the Data Kraken was looking at its … Continue reading A Color Box. Lost in Translation

Hacking

I am joining the ranks of self-proclaimed productivity experts: Do you feel distracted by social media? Do you feel that too much scrolling feeds transforms your mind - in a bad way? Solution: Go find an online platform that will put your mind in a different state. Go hacking on hackthebox.eu. I have been hacking … Continue reading Hacking

Cloudy Troubleshooting (2)

Unrelated to part 1 - but the same genre. Actors this time: File Cloud: A cloud service for syncing and sharing files. We won't drop a brand name, will we? Client: Another user of File Cloud. [Redacted]: Once known for reliability and as The Best Network. Dark Platform: Wannabe hackers' playground. elkement: Somebody who sometimes just wants to be an … Continue reading Cloudy Troubleshooting (2)

Where Are the Files? [Winsol – UVR16x2]

Recently somebody has asked me where the log files are stored. This question is more interesting then it seems. We are using the freely programmable controller UVR16x2 (and its predecessor) UVR1611) ... .. and their Control and Monitoring Interface - CMI: The CMI is a data logger and runs a web server. It logs data … Continue reading Where Are the Files? [Winsol – UVR16x2]

Cloudy Troubleshooting

Actors: Cloud: Service provider delivering an application over the internet. Client: Business using the Cloud Telco: Service provider operating part of the network infrastructure connecting them. elkement: Somebody who always ends up playing intermediary. ~ Client: Cloud logs us off ever so often! We can't work like this! elkement: Cloud, what timeouts do you use? … Continue reading Cloudy Troubleshooting

Let Your Hyperlinks Live Forever!

It is the the duty of a Webmaster to allocate URIs which you will be able to stand by in 2 years, in 20 years, in 200 years. This needs thought, and organization, and commitment. (https://www.w3.org/Provider/Style/URI) Joel Spolsky did it:  I’m bending over backwards not to create “linkrot” — all old links to Joel on Software … Continue reading Let Your Hyperlinks Live Forever!

Reverse Engineering Fun

Recently I read a lot about reverse engineering -  in relation to malware research. I for one simply wanted to get ancient and hardly documented HVAC engineering software to work. The software in question should have shown a photo of the front panel of a device - knobs and displays - augmented with current system's … Continue reading Reverse Engineering Fun

The Orphaned Internet Domain Risk

I have clicked on company websites of social media acquaintances, and something is not right: Slight errors in formatting, encoding errors for special German characters. Then I notice that some of the pages contain links to other websites that advertize products in a spammy way. However, the links to the spammy sites are embedded in … Continue reading The Orphaned Internet Domain Risk

Other People Have Lives – I Have Domains

These are just some boring update notifications from the elkemental Webiverse. The elkement blog has recently celebrated its fifth anniversary, and the punktwissen blog will turn five in December. Time to celebrate this - with new domain names that says exactly what these sites are - the 'elkement.blog' and the 'punktwissen.blog' (Edit: which now - … Continue reading Other People Have Lives – I Have Domains

Ice Storage Hierarchy of Needs

Data Kraken - the tentacled tangled pieces of software for data analysis - has a secret theoretical sibling, an older one: Before we built our heat source from a cellar, I developed numerical simulations of the future heat pump system. Today this simulation tool comprises e.g. a model of our control system, real-live weather data, … Continue reading Ice Storage Hierarchy of Needs

My Data Kraken – a Shapeshifter

I wonder if Data Kraken is only used by German speakers who translate our hackneyed Datenkrake - is it a word like eigenvector? Anyway, I need this animal metaphor, despite this post is not about facebook or Google. It's about my personal Data Kraken - which is a true shapeshifter like all octopuses are. (Because … Continue reading My Data Kraken – a Shapeshifter

My Flat-File Database

A brief update on my web programming project. I have preferred to create online text by editing simple text files; so I only need a text editor and an FTP client as management tool. My 'old' personal and business web pages are currently created dynamically in the following way: [Code for including a script (including … Continue reading My Flat-File Database

Interrupting Regularly Scheduled Programming …

(... for programming.) Playing with websites has been a hobby of mine since nearly two decades. What has intrigued me was the combination of different tasks, appealing to different moods - or modes: Designing the user interface and organizing content. Writing the actual content, and toggling between creative and research mode. Developing the backend: database … Continue reading Interrupting Regularly Scheduled Programming …

Waging a Battle against Sinister Algorithms

I have felt a disturbance of the force. As you might expect from a blog about anything, this one has a weird collection of unrelated top pages and posts. My WordPress Blog Stats tell me I am obviously an internet authority on: how rodents get into kitchen appliances, about the physics of a spinning toy, … Continue reading Waging a Battle against Sinister Algorithms

What I Never Wanted to Know about Security but Found Extremely Entertaining to Read

This is in praise of Peter Gutmann's book draft Engineering Security, and the title is inspired by his talk Everything You Never Wanted to Know about PKI but were Forced to Find Out. Chances are high that any non-geek reader is already intimidated by the acronym PKI - sharing the links above on LinkedIn I have been … Continue reading What I Never Wanted to Know about Security but Found Extremely Entertaining to Read

Fragile Technology? (Confessions of a Luddite Disguised as Tech Enthusiast)

I warn you - I am in the mood for random long-winded philosophical ramblings. I have graduated recently again, denying cap-and-gown costume as I detest artificial Astroturf traditions such as re-importing academic rituals from the USA to Europe. A Subversive El(k)ement fond of uniforms would not be worth the name. However, other than that I … Continue reading Fragile Technology? (Confessions of a Luddite Disguised as Tech Enthusiast)