The Technetium Show

Decided to see about getting my little own radio show over at Rochester Free Radio 106.3FM

It was a interesting experience, the station staff are very friendly and after a brief email chain and a in-person interview. I am now the proud host of The Technetium Show. Picked out a piece of music that I liked, made up some banners and started to get to work on content. I mostly want to cover Internet news, Internet Drama (4chan shenanigans), Gaming, Computer Security and even do on the air Q&A with the community.

2018/07/20 11:10 · jrwr

Installing Ubuntu on a HP ZBook 15 G4

Man what a ride, This is what you have to do to install Ubuntu with a GUI

Install using UEFI PXE ( into the bare ubuntu installer, right before the tasksel entry (when it asks you what desktop to install) switch to another console and chroot /target

once in there you are going to want to add a initramfs blacklist

nano /etc/modprobe.d/blacklist-nouveau.conf

``` blacklist nouveau blacklist lbm-nouveau options nouveau modeset=0 alias nouveau off alias lbm-nouveau off ```

2018/04/20 08:29 · jrwr


2018 - Year One for me

CTF Grandmaster, My players had a great time this year. I'm the guy in the crazy hat :)

2018/04/17 15:08 · jrwr

NOAA's NNVL Earth Products Directory Traversal Vulnerability

While looking for a nice new wallpaper, I came across this page: Earth Daily Color It's very nice, so I hit the download button and noticed I got a path of this:

Strange, There is a full path to the file I had requested. I wonder if there is any input checking at all.


Nope! It downloaded the server's passwd! At this point I completely stopped and starting finding out a way to get ahold of NOAA, I found the webmaster [at] email address, wrote a little letter explaining the issue and waited…

Two months (April 2017) later after getting no reply, I checked the URL again, I could still access the the file! Tried looking up their IT team but after some searching gave up and promptly forgot about it.

I'm happy to report that after checking today, The issue has been resolved! I do kind of wish that there was more publicly published methods of getting in contact with the correct people in the US Government when a citizen finds a Vulnerability. I am glad they did get it fixed, I enjoy NOAA's Products and wish they got more press then they do. Check out their NNVL FTP Sometime, Amazing Images to be had of the earth.

2017/05/12 22:36 · jrwr

OVH vRack Security Issue

tl;dr: OVH had an issue where your second network card was connected to other servers in the datacenter. This allowed you to run a DHCP server and offer a gateway. This also allows you to MITM several machines outbound traffic, I had 35 machines responding back with DHCP Leases and about 4 routing outbound traffic to me as their router.


I was messing around with ESXi and had an internal network with pfsense as a router VM. Attached the second NIC and noticed I got a dozen replies from servers I did not own.


Dumped ESXi and installed debian. ran a normal dnsmasq with some NATing IPTable rules. turned it on for about 10 minutes and noticed servers where starting to route outbound traffic over my machine. quickly turned off NAT and pushed down new leases without a gateway (To fix the remote machines so it would not be impacting)

Traffic was mostly API calls to remote servers, like twitter and a few outbound emails. Overall had about 4 machines sending traffic over my interface


Overall I discovered this issue on April 23rd 2017. the only main method of reporting a issue like this was on their project. I submitted it at 04:00 CEST and they responded by 11:00 CEST with

Hi, We have reviewed your report and we are able to understand the vulnerability submitted.

We will keep you informed immediately after evaluation. As said in the rules, please do not disclose your find publicly until you have received our approval. Regards, OVH security department.

At 14:00 CEST They responded with

It appear that your server Vrack has been wrongly configured. We have fix your case along with other customers impacted by this bug. We also have put a special monitoring to ensure that this bug never occur again.

Thanks for your report but it appear that it is out of scope as per rules. This means that you will not be eligible to monetary rewards.

As we have fix and modify our system following your report , you have been awarded a 100€ credit to be spend on OVH.COM. Could you give me you ovh client name (like aa123456-ovh) that I could credit ? With this credit, you would be able test dedicated servers, cdn, vrack, vmware managed private cloud, VPS, license, ip, sms and “.ovh” domain name.

Not bad, 17 hours to fix. I did respond with my OVH Handle, but I never did get the credit :( Also only 100 Euros for finding a way to MITM other customers machines was a little disappointing.

I do admit they do not have a posted bug bounty for internal security issues and it was nice of them to offer the credit to services in the first place.

2017/04/29 16:46 · jrwr

Older entries >>