HTB Web challenge EasterBunny – Hints!

Posted on May 10, 2022 by osco.se

Some hints to the web challenge EasterBunny @ HTB:

Look into if you can poison some header.
Find the postman.

Hope you find the correct Path..Good luck!

HTB Web challenge Neonify – Hints!

Posted on April 29, 2022 by osco.se

If you struggle with the web challenge Neonify at HTB, here comes some hints!

Look in to the end of the line?
Where is flag?

May the encoding be with you..
Good luck and let me know if any hint was useful!

.NET core web app using SSL – SEC_ERROR_INADEQUATE_KEY_USAGE

Posted on April 29, 2022 by osco.se

If there is problems start a local development server in .net core version 6 web app using SSL. You can disable SSL in the launch profile. When I started a new website today in the local dev I got the error message “SEC_ERROR_INADEQUATE_KEY_USAGE”. I tried to copy the personal certificate in the certificate manager but that didn’t work. So I decided to disable SSL instead. This is how you can disable SSL in the local dev:
1. Right click on project name in solution explorer and select Properties.
2. Select Debug > General.
3. Click on link Open launch profile.
4. In the IIS Express section untick “Use SSL”.
5. Hit F5 to start website without SSL.

Big logfiles in VSLogs

Posted on February 2, 2022 by osco.se

If you have problems with the disk space suddenly being depleted. Could this be due to large auto-generated log files in VSLogs (../AppData/Local/Temp/VSLogs). This problem seems to have been around for a while and there is also an ongoing case about this (https://developercommunity.visualstudio.com/t/vs-2019-created-big-size-svclog-files-in-temp-path/ 1517476). Currently running VS2022 – Version 17.0.5. 60GB of logfiles generated. It probably would have been more if the disk space haven’t been depleted.

UseStatusCodePagesWithReExecute .net 6

Posted on January 26, 2022 by osco.se

I got some problem when trying to use custom error pages in a .net 6 mvc web app. Using UseStatusCodePagesWithReExecute to redirect to an error controller on exceptions like 404 or 500 response status. But the error controller never got fired. Discovered that this problem was due to that the UseStatusCodePagesWithReExecute call needs to be called before app.UseRouting() in Startup.cs. Else it didn’t work for me!

startup — Hope this helps someone who is experiencing the same problem!

Changing password on a user using MMC

Posted on December 9, 2021 by osco.se

Warning message below is from changing a password on a user in Microsoft Management Console (MMC) Windows 10. The warning message was quite funny, it’s in Swedish but the warning is: ..”Only use this command if a user has forgotten their password and does not have a floppy recovery disc”..Anyone using floppy disc’s these days?

SSL certificate import to IIS “Specified logon session does not exist”

Posted on October 27, 2021 by osco.se

Have been struggling a bit to import a SSL certificate generated by certbot (Let’s Encrypt) on an IIS server.

Reproduction of error

1. Create SSL certificate with certbot using command:
certbot -d domain.com -d www.domain.com --manual --preferred-challenges dns certonly

2. Certificates and keys are created in files: “cert.pem”, “chain.pem”, “fullchain.pem” and “privkey.pem”. So far so good!

3. Create a PFX-file to import to the IIS server using:

openssl pkcs12 -export -out "myfilename.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile fullchain.pem

4. PFX file created! Let’s import this to Server Certificates. Key is marked as exportable in the import. Importing then goes without any problem.

5. When re-binding the domain to use this new certificate following error occurs:

specified-logon — A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520).

How to fix this error?

The problem seems to be in the certificate file (PFX) itself. Something went wrong when it was created. So I tried to re-create the PFX and changed the last parameter to use “chain.pem” instead and this solved the problem! So command line to create a PFX-file with certificate files from certbot should be:

openssl pkcs12 -export -out "myfilename.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile chain.pem

Hope this help anyone struggling with this issue!

Change keyboard layout in Kali Linux

Posted on October 11, 2021 by osco.se

Default keyboard layout for Kali Linux is english. One command you can use for changing keyboard layout is:
setxkbmap <lang-code>

So for instance if you would like to change the layout to swedish the command is:
setxkbmap se

Convert SSL certificate to PFX using OpenSSL

Posted on December 12, 2020 by osco.se

If you want to create a password protected PFX file from certificate file and a private key you can use OpenSSL. Follow these steps to create a PFX file.

1. Download the SSL/TLS tookit from https://www.openssl.org.
2. Run this command in a terminal window:
“{PATH}\openssl.exe” pkcs12 -export -out “{PATH}\{filename-of-pfx}.pfx” -inkey “{PATH}{filename-of-key}.key” -in “{PATH}{filename-of-certificate}.crt” -certfile {PATH}{filename-of-ca-bundle}.crt
3. Choose a password for the pfx file.
4. Done, the pfx file is now created at specified path.

.NET MVC – Illegal characters in path

Posted on May 5, 2020 by osco.se

Scenario
Render a ASP.NET MVC Razor view with a model from the controller.

Error / Exception
System.ArgumentException: Illegal characters in path.

Cause
The model from the controller was returning JSON and the view had declared “@model string” to handle the JSON.

Solution
Updates in both controller and view. Change controller return type from string to the object.

Controller
Original: return View(JsonConvert.SerializeObject(List));
Change to: return View(List);

View
Original: @model string
Change to: @model List<object>

Osco.se

A notebook
Is also seen at MSDN

Author Archives: osco.se