Rootcat

Rootcat https://rootcat.de/ Recent content on Rootcat Hugo -- gohugo.io en-en Thu, 18 Dec 2025 00:00:00 +0000 Rootcat hacked the Moon - It's all just Psyops Meow https://rootcat.de/blog/hackedmoon/ Thu, 18 Dec 2025 00:00:00 +0000 https://rootcat.de/blog/hackedmoon/ Hi, my name is rootcat and I hacked the moon. I know I know, you missed these blogposts, as people have been consistently telling me and 2025 was a year which - up until now - just had one post, to the voiced frustrations of some readers. So sorry, but you see there are reasons for this sparsity of blogpost entries this particular year. For once, I was busy successfully hacking the moon, making me probably the first human to have done so. The Cat Flap - How to really Purrsist in AWS Accounts https://rootcat.de/blog/thecatflap/ Wed, 19 Feb 2025 00:00:00 +0000 https://rootcat.de/blog/thecatflap/ Hi and Welcome to the The Cat Flap – Your Weird Guide to Building Next-Generation AWS REAL FAKE BACKDOORS. What are you worried about? Come get REAL FAKE BACKDOORS. Call us up, and order some real fake Backdoors today. Don’t even hesitate. Don’t even worry and don’t even give it a second thought. That’s our slogan - Me and Bens, over here with the Cat Flap. Excuse me Senior Rootcat, WTF is this about? The Darklands of Cyber Attribution - Klick the Link Aleksey https://rootcat.de/blog/darklandsofattribution/ Fri, 29 Nov 2024 00:00:00 +0000 https://rootcat.de/blog/darklandsofattribution/ Hi, my name is Michael and I am an APT. I gotta come clean with you, it’s finally time for this confession. In fact I believe I am more than one APT, I am actually part of multiple APT’s. International even, across the globe and across multiple scenes- from Scattered Spider to the CON, from the ShinyHunters to Muddled Libra, from Evil Corp to Indrik Spider, all me, probably I am also part of Techno Bears (APT69), nyan_pwn, PYSA, SiegedSec and Nonbinary Catgirls for a better Future Association. Do not work as a Hacker - A Warning to you all https://rootcat.de/blog/do_not_work_hacker24/ Tue, 18 Jun 2024 00:00:00 +0000 https://rootcat.de/blog/do_not_work_hacker24/ Hey rootcat, how can I start to learn hacking? Hello Mr. Rootcat, can you recommend a starting point, for me to learn penetration testing? Hola señor rootcat, can you help me land a job as a red teamer? Buddy, don’t! I’m warning you! Just don’t, I spray you with a water bottle! Let’s get one thing strait, this will not be a well-structured and thought-out, or balanced blogpost, this will just be a one-take rant with some fun and a little madness. Reverse Cyber Gatekeeping https://rootcat.de/blog/reverse_cybergate/ Mon, 29 Apr 2024 00:00:00 +0000 https://rootcat.de/blog/reverse_cybergate/ Gatekeeping can be understood as the activity of trying to control who gets particular resources, power, or opportunities, and who does not, possibly by limiting access to information. In terms of cyber topics that could be access to relevant information about security topics in order to understand, learn and develop expertise. So, people willing to learn about cyber security, hacking and the like are having the problem of finding information about these topics, are they being denied information by bad people? A Story About a Mail, but Not on How to Tell What’s Real https://rootcat.de/blog/issa-fish_april24/ Fri, 26 Apr 2024 00:00:00 +0000 https://rootcat.de/blog/issa-fish_april24/ This is a story about an email, about phishing, about AWS Security, and about our current timeline of confusion and rising madness where it is increasingly hard to tell what’s real. Yep, that’s it, that’s my introduction sentence, you just read it, I’m not taking it back. But don’t worry I give you some beat to listen to, while we descend into this story. Choose Recommended Beat 1 or Recommended Beat 2. AWS Organizations - Protect Member Accounts from the Separatists https://rootcat.de/blog/aws_seperatists/ Tue, 23 Jan 2024 00:00:00 +0000 https://rootcat.de/blog/aws_seperatists/ AWS Organizations work differently than Azure Tenants, or other hierarchical common IT-structures, due to AWS accounts being per default more of a standalone kind of thing. Every AWS account in an AWS Organization can be or become standalone, even if it was initially created via an organization. It is better to think of organizations more like an agreement between adult accounts, where they agree on the manager who can make the rules and the other accounts are allowed to join. Unintended Path to Exam Domination - AWS EC2 Meta-Data https://rootcat.de/blog/ec2-meta_may23/ Thu, 16 Nov 2023 00:00:00 +0000 https://rootcat.de/blog/ec2-meta_may23/ This is directed to everyone using aws EC2 for CTF’s, labs or offensive security exams. What prompted me to write this, is that the last three times in a row, whenever I found myself in an exam environment for pentesting/redteaming (and yes even one cloud exam), meta-data and user-data basically allowed to circumvent the exam or just strait up break out of the environment. I will not name any names here, instead I want to explain what the problem in this specific case is and provide resources and thoughts at the end in order to provide some help on this issue. Casino Breach - Cyberthrowback Fish Tank Hack https://rootcat.de/blog/cyberthrowbac_fishtank_ap23/ Tue, 18 Apr 2023 00:00:00 +0000 https://rootcat.de/blog/cyberthrowbac_fishtank_ap23/ Sometime in 2017, somewhere in North America, a casino is somehow robbed. The stolen goods: data exfiltrated via a networked temperature sensor in the aquarium in the lobby. Apparently, 10GB of internal data is said to have flowed out of the casino via the fish tank to an IP address in Finland. With such a starting point and all the cinematic associations, it’s not surprising that the fish tank hack quickly became a popular story. Rootcat Easteregg - The Hunt for red S3 https://rootcat.de/blog/easeregg_april23/ Fri, 14 Apr 2023 00:00:00 +0000 https://rootcat.de/blog/easeregg_april23/ This is the walkthrough and explanation for the S3 realistic misconfiguration used in the recent easter egg hunt on this blog. Read the rules and info here on my twitter thread. In short: On this blog, I hid some ascii kittens. Some were just for fun, others gave hints or contained information to find an S3 bucket. Finding the information for the S3 bucket is referred as phase one. The bucket itself had a security vulnerability I encountered in my real-world engagements and that I know a lot of people are not aware of, which is why I set it up this way so I could eggsplain it here. When Solo hacked the US Millitary - Cyberthrowback NASA Hacks https://rootcat.de/blog/cyberthrowbac_solo_nasa_mar23/ Thu, 30 Mar 2023 00:00:00 +0000 https://rootcat.de/blog/cyberthrowbac_solo_nasa_mar23/ The year 2001: Harry Potter, Training Day, The Lord of the Rings, Shrek and the first The Fast and the Furious hit theaters. The Gotthard Tunnel burns, 9/11 happens and the war on terror begins in Afghanistan, the XBOX, Windows XP and ITunes appear. The Mir space station crashes into the Pacific Ocean in a controlled manner, Teenage Dirtbag, Butterfly and Clint Eastwood are at the top of the charts. Aggro Berlin is founded, BoxeR wins the World Cyber Games in Starcraft: Brood War, Aaliyah dies in a plane crash and so-called fighting dogs are banned in Germany. When Elon doubled your Bitcoin - Cyberthrowback Twitter-Hack https://rootcat.de/blog/cyberthrowbac_twitter_hack_feb23/ Mon, 27 Feb 2023 00:00:00 +0000 https://rootcat.de/blog/cyberthrowbac_twitter_hack_feb23/ In July 2020, Elon Musk was probably wearing his spending pants, tweeting to his then 30 million or so followers: And Musk wasn’t alone in his generous offer to double his followers’ Bitcoins for charity; Bill Gates, Warren Buffet and many other celebrities also posted similar tweets. A total of 130 - including 45 prominent and high-reach - Twitter accounts became part of the scam, because of course this was not a generous offer from the rich and powerful, to give us a little money. From Minecraft to Deutsche Telekom - Cyberthrowback Mirai https://rootcat.de/blog/cyberthrowbac_mirai_feb23/ Mon, 20 Feb 2023 00:00:00 +0000 https://rootcat.de/blog/cyberthrowbac_mirai_feb23/ “In the dystopian future of 2030, the Japanese government is cracking down on any perceived immoral activity from using risqué language to distributing lewd materials in the country, to the point where all citizens are forced to wear high-tech devices called Peace Makers (PM) at all times that analyze every spoken word and hand motions for any action that could break the law. A new high school student named Tanukichi Okuma enters the country’s leading elite ‘public morals school’ to reunite with his crush and student council president, Anna Nishikinomiya. When Solo hacked the US Millitary - Cyberthrowback NASA Hacks https://rootcat.de/blog/cyberthrowbac_solo_nasa_nov22/ Mon, 14 Nov 2022 00:00:00 +0000 https://rootcat.de/blog/cyberthrowbac_solo_nasa_nov22/ Das Jahr 2001: Harry Potter, Training Day, Der Herr der Ringe, Shrek und der Erste The Fast and the Furious laufen in den Kinos. Der Gotthard Tunnel brennt, 9/11 passiert und der Krieg gegen den Terror beginnt in Afghanistan, die XBOX, Windows XP und ITunes erscheinen. Die Raumstation Mir stürzt kontrolliert in den Pazifik, Teenage Dirtbag, Butterfly und Clint Eastwood sind in der Spitze der deutschen Charts. Aggro Berlin wird gegründet, BoxeR gewinnt die World Cyber Games in Starcraft: Brood War, Aaliyah stirbt bei einem Flugzeugabsturz und sogenannte Kampfhunde werden verboten. Introducing Catspin - The Power of Cloud in Pentesting https://rootcat.de/blog/catspin_july22/ Tue, 26 Jul 2022 00:00:00 +0000 https://rootcat.de/blog/catspin_july22/ Cloud technologies and their special properties, if used creatively, can expand the pentester arsenal considerably. In some cases, they can render a lot of defensive strategies pretty much useless. Unfortunately, not a lot of people realize this, or know how to leverage the power that is contained in cloud tools for pentesting purposes, yet. In this post I will demonstrate this on the example of my recently developed Amazon API Gateway proxy tool, named catspin (see github). Wordpress Security Check - Vane2 https://rootcat.de/blog/wordpressscan_june22/ Wed, 29 Jun 2022 00:00:00 +0000 https://rootcat.de/blog/wordpressscan_june22/ Wenn man nach einem schnellen Sicherheits-Check für Wordpress sucht, findet man oft das bekannte wpscan-Tool. Weniger bekannt, aber eine gute Alternative, ist das Wordpress-Scan-Tool von delvelabs, vane2. Das möcht ich hier kurz vorstellen. Installation und Erläuterungen Nach dem clone aus dem GitHub kann man vane2 mit virtualenv und pip installieren: python3 -m virtualenv env source env/bin/activate pip install vane2 Bevor man irgendwas untersucht, sollte man zuerst die Datenbank auf den aktuellen Stand bringen: When Elon doubled your Bitcoin - Cyberthrowback Twitter-Hack https://rootcat.de/blog/cyberthrowbac_twitter_hack_dez21/ Mon, 20 Dec 2021 00:00:00 +0000 https://rootcat.de/blog/cyberthrowbac_twitter_hack_dez21/ Im Juli 2020 hatte Elon Musk wohl die Spendierhosen an, er tweetet an seine damals rund 30 Millionen Follower: Und Musk war nicht alleine mit seinem großzügigen Angebot die Bitcoins seiner Follower für den guten Zweck zu verdoppeln, auch Bill Gates, Warren Buffet und viele andere Prominente veröffentlichten ähnliche Tweets. Insgesamt 130 – darunter 45 prominente und reichweitenstarke – Twitter-Accounts wurden Teil der Betrugsmasche, denn natürlich handelte es sich hier nicht um ein großzügiges Angebot der Reichen und Mächtigen. Check your TYPOs! – TYPO3 CMS Scan https://rootcat.de/blog/typo3_okt21/ Fri, 22 Oct 2021 00:00:00 +0000 https://rootcat.de/blog/typo3_okt21/ Auch wenn TYPO3 weltweit kaum noch zum Einsatz kommt, ist es im deutschsprachigen Raum noch immer verbreitet. Verschiedene Schätzungen gehen etwa von einem Marktanteil von bis zu 10 Prozent aus. Da es mir selbst in Pentests vereinzelt auch begegnet ist, möchte ich daher kurz ein einfach zu bedienendes Tool vorstellen, mit dem sich Administrator*innen selbst einen zumindest teilweise sicherheitsrelevanten Überblick über ihr System verschaffen können. Veraltete Software, beziehungsweise Software-Versionen, die über bereits bekannte Sicherheitslücken verfügen, sind (zusammen mit Phishing-Angriffen) die häufigsten Ursachen für erfolgreiche Hacker-Angriffe. Casino Breach - Cyberthrowback Fish Tank Hack https://rootcat.de/blog/fishtank_jul21/ Mon, 19 Jul 2021 00:00:00 +0000 https://rootcat.de/blog/fishtank_jul21/ Irgendwann im Jahr 2017, irgendwo in Nord Amerika wird irgendwie ein Casino beraubt. Das Diebesgut: Daten, exfiltriert über einen vernetzten Temperatursensor im Aquarium in der Lobby. Anscheinend sollen 10GB interner Daten über den fish tank aus dem Casino an eine IP-Adresse in Finnland geflossen sein. Es ist bei solch einer Ausgangslage und all den damit verbundenen filmischen Assoziationen nicht verwunderlich, dass der fish tank hack zu einer populären Story wurde. Sicher dank SSL-Verschlüsselung… Wirklich?! https://rootcat.de/blog/tls_jun21/ Mon, 28 Jun 2021 00:00:00 +0000 https://rootcat.de/blog/tls_jun21/ SSL-Verschlüsselung für eine sichere Datenübertragung. … sind diese zu jedem Zeitpunkt Dank einer sicheren TLS-Verschlüsselung geschützt. … verschlüsselt Ihre Daten sicher via SSL-Zertifikat. Mit TLS/SSL Verschlüsselung sind Ihre Daten dabei sicher. Solche oder ähnliche Aussagen sind Ihnen bestimmt schon häufig beim Online-Shopping oder anderweitigen Online-Aktivtäten begegnet. Aber was genau bedeutet das eigentlich, und wie werden hier welche Daten genau geschützt? Bevor diese Fragen beantwortet werden können, sollte zunächst kurz erläutert werden, was TLS/SSL genau bedeutet. Von Minecraft zur Telekom - Cyberthrowback Mirai https://rootcat.de/blog/cyberthrowbac_mirai_jun21/ Tue, 01 Jun 2021 00:00:00 +0000 https://rootcat.de/blog/cyberthrowbac_mirai_jun21/ “In the dystopian future of 2030, the Japanese government is cracking down on any perceived immoral activity from using risqué language to distributing lewd materials in the country, to the point where all citizens are forced to wear high-tech devices called Peace Makers (PM) at all times that analyze every spoken word and hand motions for any action that could break the law. A new high school student named Tanukichi Okuma enters the country’s leading elite ‘public morals school’ to reunite with his crush and student council president, Anna Nishikinomiya. Mobile Pentesting Series - Anbox Setup https://rootcat.de/blog/anbox_setup_may21/ Fri, 28 May 2021 00:00:00 +0000 https://rootcat.de/blog/anbox_setup_may21/ A quick setup guide to get Anbox running. This guide assumes a Debian-based system, like Kali Linux, if you’re using something else adjust accordingly. Basics First up, you need snapd and the android development bridge. sudo apt update sudo apt install snapd sudo apt install android-tools-adb Install Anbox with snap. sudo snap install --devmode --beta anbox Add it to path, otherwise you get the good old “The command could not be located because ‘/snap/bin’ is not included in the PATH environment variable. (Distributed) Denial of Service: DoS und DDoS https://rootcat.de/blog/dos_may21/ Fri, 21 May 2021 00:00:00 +0000 https://rootcat.de/blog/dos_may21/ Denial of Service (DoS)-Angriffe bezeichnen Angriffe deren Ziel es ist, eine legitime Nutzung eines Dienstes, Netzwerkes, Systems oder einer Webseite zu verhindern. Prinzipiell können diese in zwei Kategorien unterschieden werden, solche die einen Dienst zum Absturz bringen oder gänzlich unbrauchbar machen und jene die Dienste mit der Menge an Anfragen überfluten bzw. überlasten. In diesem Sinne ist auch, überspitzt gesagt, das Ziehen des Steckers am heimischen Router eine DoS Attacke, auch wenn dieser Begriff heute eher im Kontext von infizierten Maschinen verwendet wird, die mit massenhaften Anfragen eine Website lahmlegen. Bunte Pentest Hüte https://rootcat.de/blog/pentest_box_may21/ Wed, 19 May 2021 00:00:00 +0000 https://rootcat.de/blog/pentest_box_may21/ Black Box, Grey Box, White Box testing. Das Blue Team sucht Verstärkung. White Hats vs. Black Hats. Red Teaming Projekte immer mehr gefragt. In der IT-Security ist es üblich geworden, mit farbigen Metaphern komplexe Sachverhalte zu bezeichnen. Da gibt es die weißen und schwarzen Hüte, die „guten“ und „schlechten“ Hackern aufgesetzt werden, aber auch rote oder blaue Teams der IT-Security und schwarze, weiße oder graue Boxen zur Bezeichnung von verschiedenen Szenarien einer Sicherheitsüberprüfung durch penetration testing. https://rootcat.de/admin/ Mon, 01 Jan 0001 00:00:00 +0000 https://rootcat.de/admin/ Sorry, but your princess is in another castle and this is not the kittan you are looking for. Also, this is a static and cached page from a cloudformation distribution. Maybe learn how it works and what is behind, is it lambda, amplify, static with S3, lightsail etc. Time to embrace the clouds, the old world is dead friendo. ,_ _ |\\_,-~/ / _ _ | ,--. ( @ @ ) / ,-' \ _T_/-. https://rootcat.de/aggregator/ Mon, 01 Jan 0001 00:00:00 +0000 https://rootcat.de/aggregator/ oh wow i see uwu use the medium wist. dis iws no good hewe. Thiws no wowwevew website, thiws does nothin hewe, scanning wiww nowt hewp uwu. iwt iws cwoud maybe check my twittew thweads fow inspiwation /\**/\ ( o_o )_) ,(u u ,), {}{}{}{}{}{} https://rootcat.de/catkin_ignore/ Mon, 01 Jan 0001 00:00:00 +0000 https://rootcat.de/catkin_ignore/ oh wow! uwu used diwseawch, dis iws vewy good. has good wowdwist. But thiws no wowwevew website, thiws does nothin hewe, scanning wiww nowt hewp uwu. Iwt iws cwoud maybe check my twittew thweads fow inspiwation _,'| _.-''``-...___..--';) /_ \'. __..-' , ,--...--''' <\ .`--''' ` /' `-';' ; ; ; __...--'' ___...--_..' .;.' (,__....----''' (,..--'' https://rootcat.de/database/ Mon, 01 Jan 0001 00:00:00 +0000 https://rootcat.de/database/ Oh wowie, wook at u scanning and suwch. uwis gweat hackew. Suwch gweat knowwedge and skiww. Sadwy thewe is no woot hewe and my kuwngfuw is weawwy good senpai. Thiws no wowwevew website, thiws does nothin hewe, scanning wiww nowt hewp uwu. Iwt iws cwoud maybe check my twittew thweads fow inspiwation ,-. _,---._ __ / \ / ) .-' `./ / \ ( ( ,' `/ /| \ `-" \'\ / | `. https://rootcat.de/impressum/ Mon, 01 Jan 0001 00:00:00 +0000 https://rootcat.de/impressum/ Impressum Angaben gemäß § 5 TMG Dr. Michael Gschwender Kontakt: E-Mail: info@rootcat.de Verantwortlich für den Inhalt nach § 55 Abs. 2 RStV: Dr. Michael Gschwender https://rootcat.de/privacy/ Mon, 01 Jan 0001 00:00:00 +0000 https://rootcat.de/privacy/ Privacy No, I did not forget the cookie banner. I care about privacy, so there are no cookies, google analytics, ad trackers etc. here. The technically necessary information to deliver the page ends up in the server logs. These store the IP address and access to the requested resource, plus the operating system and browser (essentially the HTTP header). Except for debugging purposes, or in case of problems or attacks, these logs are not evaluated, shared or used in any other way. https://rootcat.de/wp-admin/ Mon, 01 Jan 0001 00:00:00 +0000 https://rootcat.de/wp-admin/ Wow, no thiws iws no wowdpwess, thiws iws something with fancy cwoud. The futuwe iws now owd man. ,_ _ |\\_,-~/ / _ _ | ,--. ( @ @ ) / ,-' \ _T_/-._( ( / `. \ | _ \ | \ \ , / | || |-_\__ / ((_/`(____,-' https://rootcat.de/wp-login/ Mon, 01 Jan 0001 00:00:00 +0000 https://rootcat.de/wp-login/ Wow, no thiws iws no wowdpwess, thiws iws something with fancy cwoud. The futuwe iws now owd man. ,_ _ |\\_,-~/ / _ _ | ,--. ( @ @ ) / ,-' \ _T_/-._( ( / `. \ | _ \ | \ \ , / | || |-_\__ / ((_/`(____,-'