now think about what you've done

2018-11-29
HTML Animations - javascript but how?

So I was working on a side project that I use as a landing page for a placeholder website. I was orginially using just div’s with javascript moving the div’s around the screen and it worked fine…but I really like SVG…so I rewrote the page to use SVG instead.

Now its not taking advantage of any SVG Animations, or any specific animation framework…because as of this writing there isn’t a standardized support across all browsers and platforms: see here

I will say based on my previous experience inside Microsoft I’m not terribly suprized that IE/Edge is the holdout for the SVG SMIL Animation standard. They simply have a different primary audience, and the general population is the secondary audience. Not to say that they don’t care (they do very much), but when push comes to shove the enterprise customers will override the general population for the IE/Edge designers…IMHO…but who’s to say things can’t change, they often do.

Read More

2018-05-18
HTTPS, GIT, and Enterprise certficates

So I was setting up my GOGS internally so my sons could have a place to push code (and so I could host my many never-completed projects) and I ran across an issue with git not liking my certificate on the HTTPS server. Its not self-signed, but it is from my internal CA. This is windows-land so its already trusted (AD CS) by the OS, but apparently not by the default git install. The specific issue was this [with some redaction]:

1
2
Cloning into '{PROJECT}'...
fatal: unable to access 'https://{SERVER}/{USER}/{PROJECT.git/': SSL certificate problem: unable to get local issuer certificate

So I of course did some intertube-searching and came accross many an article about this same problem:

The all pretty much suggested the same thing (though depending on the date of the article the exact details change), use a custom CRT file with your root cert…well guess what…IT DID NOT WORK!!!

So it was mildly frustrating that everyone keeps saying to do the same thing and it will work. People were even commenting on how it worked for them…yet it doesn’t for me…HENCE THIS BLOG POST!!!

After tooling around with ProcMon and watching the git executables NOT read the CRT over and over again (despite being correctly set in .gitconfig) I was leaning towards a bug in git…but just because I can blame someone else for the problem doesn’t help me solve the issue.

I next went and took a look at all the different settings that were currently set in the various git config files:

1
git config --list --show-origin

From this I ran across the setting http.sslbackend and began to wonder what other backends were available since openssl isn’t doing the trick for me. That line of thinking lead me to this post: git not working after setting http.sslBackend config…which had this command: git config --global http.sslBackend schannel

oh boy…use the windows native schannel as the SSL backend…I’m sold…and guess what…IT WORKS!!!

So there you go, no mucking around with custom CRT files just use what you’ve already got setup in the windows cert stores!

YMMV

Read More

2018-01-22
New HTML Experiments

So I’ve recently had a few automation random ideas. The problem was that it was such a small automation and I wanted it to be useable anywhere, so I wrote it in a single HTML page and the code is in Javascript.

Read More

2016-08-21
My First ScreenSaver - an obsession in VB6

So back when I first started writing code, I was had this obsession with screen savers. I don’t really know why but I loved screen savers that were not repetitive, ones that changed over time and did something. Like any of the following:

…and my personal favorite:

but nowadays I don’t download screen savers unless I can compile from source…

anyways, at one time I attempted to create my own in VB (why VB…well that’s a post in itself) based on the Space Combat screen saver, but I didn’t have fancy graphics. So I used basic sprites and freely available images found on various corners of the InterTubes:

AGX-04 Deathstar Easter Bunny Ghost 2 H2o Happy Face Hitchhiker's Guy LOMPSTER M Falcon MA-04X Pac Ghost Radish RB-79 Slave 1 Space Ship Sunburst

If you want to take a look you can download it, or with the VB source

Read More

2016-08-15
2016 Palo Alto Labyrenth CTF Doc 05

Again the fifth challenge is a zip file: 01E1B7BCFB39B4A666475991AF11C5762A489F9395C48B4E156526E1C6E4573F

But I have to first admit that I solved this one third, not fifth…in fact I got a message when I tried to submit the fifth challenge solution early that I had to do them in order. How did I do them out of order you ask? well remember in the very first document there was an extra .7z file inside the zip. This was a 7Zip archive that contained ALL of the challenges (go look for yourself).

So running it through FileId showed only a little bit of macros:

1
2
3
4
5
Sub excelulate()

Application.Quit

End Sub

So I crack the file open in Microsoft Excel….hmmm its only asking for a value and a button. You click the button and it says you stink and opens calc.exe. Wait what? there’s no macro’s how is this happening? So I open the file in eDoc. What is eDoc you say? its a GUI application for looking at the streams and folders inside an Ole Structured Storage container. I don’t have a link for it as the company that produced it no longer exists, but I still have the binary…besides a very similar tool is SSView by MiTec (in fact is in many ways better…but eDoc lets me search for hex/ascii values and do inline editing).

So perusing through the hex view of the Workbook stream (i.e. where the actual workbooks live) we can easily see calc.exe (around stream offset 0x5b90 as well as other places) and several other strings that were NOT on the three sheets when we opened Excel eariler….HIDDEN SHEETS.

So open up excel, right click on and of the sheet names and click unhide…a little dialog opens up and we can unhide the secret sheet. But wait it looks empty. So we start looking through the formula values and eventually you will find cell A14 with this formula:

1
=IF(RUN(supersecret!F13))

So here you need to know excel forumlas and you will see that the notation they’re using shows there is ANOTHER hidden sheet. what? how can this be you ask? well turns out that excel has something called a VeryHidden sheet (see KB213609, or just search the InterTubes yourself)

Hmmm, so how do we unhide a very hidden sheet? well just fix it in VBA. So there’s already a function excelulate so I simply changed it to:

1
2
3
Sub excelulate()
ActiveWorkbook.Sheets("supersecret").Visible = True
End Sub

and then run it!

so we look at the newly discovered sheet and we find the crazy formula in F13:

1
=RETURN(EXACT(CONCATENATE(D7,A5,C5,B4,E20,B6,A8,B8,A12,B10,E10,C9,B13,D12,C11,B16,A25,A18,B19,C20,B21,B2,D23,B24,E4,B26,D16,A21,C14,A16),Sheet1!B3))

So I copy this into another cell in the same sheet, but modifiy at so:

1
=CONCATENATE(D7,A5,C5,B4,E20,B6,A8,B8,A12,B10,E10,C9,B13,D12,C11,B16,A25,A18,B19,C20,B21,B2,D23,B24,E4,B26,D16,A21,C14,A16)

but wait it doesn’t run it! this sheet is showing the forumlas instead of running them. No problem, I go back to the Sheet1 sheet and pick an empty cell and enter the formula:

1
=supersecret!F16

and poof! we have this value:

1
PAN{Exc3l4=3x7r3me1y4An7a5+!c}

we enter it into the CTF dialog

BOOM

completed!

Read More