Posts
Moving from GitHub to Self Hosted GitLab
· β˜• 4 min read
As the owner of a dedicated server, which I am not entirely so why/if I need, I finally decided to make the shift from GitHub to self-hosting my own git server. GitLab. No, I’m not a masochist, I have enough RAM available to self-host that big a software. Thank you Hetzner for providing a 64GB RAM server at just 54€ a month1! If you wanna take a look at my Git server: here you go! Why not just use GitHub? This is a question I get a lot. Like, “But Soham, why not just github?” or “Wait, you mean to say github and git aren’t the same thing?

Wireguard Client on OpenWRT Routers
· β˜• 5 min read
Why Wireguard? It’s 2020. Age of OpenVPN is over (atleast I hope). It’s too bulky and contains a lot of stuff that is not needed. Wireguard is simple, easy-to-setup, and fast. The Problem I have a dedicated server split into multiple VPS that I wanted to make available from my home network (not over the internet, mind you). This is mostly because I can access my server directly without having to expose all the services (SSH, databases, etc) to the public. Getting to the point, I had already set-up a wireguard connection between my desktop and the servers. There are plenty of tutorials for this available over the internet so I am not going to cover that here, follow whichever you like.

Overriding JS to Perform SQL Injection (Housecat RTCP CTF Writeup: Blog from the future)
· β˜• 5 min read
The TL;DR of this challenge was SQL injection and overriding javascript (to skip the encrypt/decrypt functions). Challenge Challenge Name: Blog from the future Challenge Description: My friend Bob likes sockets so much, he made his own blog to talk about them. Can you check it out and make sure that it’s secure like he assured me it is? Link Solution JS Overriding Rule #1 of web CTFs: ALWAYS check robots.txt first! This time I found: User-Agent: * Disallow: /admin And in /admin there is a comment saying you need to use TOTP (Time Based OTP. Who does not use a TOTP for 2-factor authentication in 2020?

Breaking Math.random() and Predicting Random Numbers (Housecat RTCP CTF Writeup: JS Lotto)
· β˜• 3 min read
TL;DR? Here. PS: You need to do pip install z3-solver requests for this to work. Okay so a little confession: Before the CTF challenge, I didn’t think much of Cryptographically Secure Pseudo Random Generators (CSPRNGS), and thought they were just for very high security purposes, like defence against a state level hacking agency. I thought normal PRNGs were enough for day-to-day purposes and no one could realistically break it. After this CTF…oh boy, it takes 30 mins to break PRNGs (the one used by Javascript in Chrome/Firefox) and I’m never going to use those for security again. I should’ve never…

Listening to NOAA 19 With RTL-SDR
· β˜• 5 min read
I recently got my hands on a RTL-SDR (I’m currently using NooElec SmarTEE), short for Software Defined Radio. Basically a tool which lets you hook up your PC to an external antenna, in layman’s term. And oh boy, the things you can do with it is beyond words, literally. Radio waves are not sent with words… Bad joke. Sorry. First, I did what everyone does at the beginning: FM Radio. Then Air Traffic Control. Then more random gibberish. And then finally, NOAA 19 weather satellite! NOAA 19: An old weather satellite that has some cool cameras that enables anyone with a SDR to get low quality realtime pictures of Earth.

Hello World 3.0+1.0
· β˜• 3 min read
Yes, this name is a rip off of Evangelion 3.0+1.0. No, unlike Eva 4.0, this post is not imaginary. Atleast as of April 2020. Eva 4.0 was supposed to release in June 2020 but corona :( Probably will get delayed to 2120. Why is this 4.0? How many blogs existed before?! Who killed them!? Side Note: ?! or !? is called the interrobang. Small things you learn everyday. I killed them. Now, before I get jailed or lynched, let me prove my innocence. The first blog I made was written using a custom markdown-to-static-using-python I made and … well I learnt pretty quickly that reinventing the wheel is 9/10 times a bad idea.

Mining Crypto-Currencies in 2018 with a PC GPU (or laptop)
· β˜• 2 min read
2020 Update: I left mining…5 days after writing this blog post (I wrote this back in 2018). I earnt ~10 TZC, which, as of 2020 April, is approximately 0.01379 USD. Yes, value went down. Yes, a huge income. Current thoughts: If you can have cheap electricity and cheap hardware (both of which I don’t have), go mine! We all know that we cannot mine Bitcoins with a PC now, anymore, atleast until you don’t want to have something like this β€” New product: Heater that looks like a computer! However, BTC is not the only available crypto coin. There are