Frameworks are among the most important tools we developers have and yet they are often taken for granted. The way I see it is a framework has two primary benefits: 1) saving individual developers time by providing predefined solutions to common problems and 2) allowing teams to work more efficiently by giving them a common model for coding standards, file organization, design language and more. However, these benefits quickly break down when framework conventions are broken or ignored, intentionally or otherwise.

Picture the following: You find out that you’ll be taking over a project built by another person or team. It’s mentioned that the project is built on a framework you’re somewhat familiar with. Immediately you start to develop a mental map of the project. You can picture the file structure and know some of the framework tooling probably in use. Depending on your level of familiarity with the framework you may even be able to picture some of the lower level details like the routes, interfaces, classes and/or methods implemented. …

We’ve all been there… banging our heads against a wall for 20 minutes wondering why our app isn’t working before we realize we forgot to seed our database when running migrations. Okay, easy fix:

$ php artisan migrate --seed
Migration table created successfully.
Migrating: 1996_02_27_123456_create_pokemon_table
Migrated:  1996_02_27_123456_create_pokemon_table
Seeding: PokemonSeederReflectionException : Class PokemonSeeder does not exist

Sigh… okay. I should have remembered to refresh the the autoload file first. My bad.

$ composer dump-autoload
$ php artisan migrate --seed
Nothing to migrate.
Seeding: PokemonSeederIlluminate\Database\QueryException  : SQLSTATE[23000]: Integrity constraint violation: 19 UNIQUE constraint failed: pokemon.id (SQL: insert into "pokemon" ("id", "name", "description") values (25, Pikachu, Whenever Pikachu comes across something new, it blasts it with a jolt of electricity.)) …

This is a write up to the 2014 CactusCon web application (SpookiLeaks) challenge. You can grab the SpookiLeaks-VM here and try the challenge yourself before reading the solution.

!!! WARNING: SPOILERS BELOW !!!

The First Clue

The first clue to solving the challenge is hidden in plain sight. Before even logging in if we scan the pre-loaded images on the Spooky Images page there’s one image with the following comment:

01110010011011110110001001101111011101000111001100101110011101000111100001110100

Binary should be a red flag in any CTF. By doing a simple binary to ASCII conversion we get the following output:

Ah-ha! robots.txt… By checking /robots.txt we find the following:

User-agent: *
Disallow: /secret_docs/file-tree.txt

Here we find mention of /secret_docs/file-tree.txt with a rule of "Disallow". Fortunately, this rule is only intended to be read by web-crawlers and has no actual affect on our ability to read the file. By visiting /secret_docs/file-tree.txt we find this. …

I maintain several Linux servers at any given moment. Every server has postfix installed for sending emails, usually notifications or warning messages of some sort and most of these servers are professionally hosted allowing outbound emails with little to no configuration beyond installing postfix. However, my home server lies behind my ISP and they block all outbound emails citing SPAM as the reason. Regardless of their reasoning I had to find a workaround to allow me to send email notifications from behind my ISP. Well, it turns out this is rather painless with postfix and a Gmail account.

First, set up a Gmail account, note the user name and password for later. …

Having set up several Debian and Ubuntu web servers in the past I thought it would be a good idea to share my process. The following is a relatively comprehensive guide to installing and configuring an Apache based web server with some optimizations and basic resource monitoring. I primarily work with Ubuntu servers, but most of the commands here should work exactly the same in Debian or Ubuntu. I’ve tried to note where differences may occur.

Download and Install the OS

If you are setting up your own server, the first thing you will need to do is download the ISO that corresponds to your hardware (32/64-bit), burn it to CD and install it to your server. …

I work in Linux primarily but run a Windows 7 virtual machine in VirtualBox so I can use Photoshop and do some necessary testing. Today my VM ran out of space. Silly me thought 20GB would be enough, but after installing service pack 1, dozens of Windows updates and a few programs I had less than 1GB of space left. After a little searching I found an easy way to increase the size of a virtual disk.

First, shut down your VM then run the following command from your host PC:

$ VBoxManage modifyhd /path/to/guest.vdi --resize <size_in_mb>

Once completed, boot into your VM and (for Windows) open up Control Panel -> Administrative Tools -> Computer Management. In Computer Management navigate to Storage -> Disk Management then, in the right pane, right click your disk and select “Extend Volume” and follow the prompts to resize your disk. And that’s it! Your disk will now be resized. …

Still using Windows 7? As of January 2020 Windows 7 has been discontinued and will no longer receive new features or security patches.

Don’t want to upgrade to Windows 10? Give Ubuntu a try! It’s 100% free, more secure and runs better on the same hardware than Windows.

When installing Windows 7 it’s very picky about which installation disc you use (Full vs. Upgrade) and if improperly matched with your key can prevent you from activating your copy of Windows usually returning an “Invalid Product Key” error message. You may also see the same or similar error when you do a full, clean installation with an upgrade disc. This can be very annoying, especially when you have a legitimate key and disc but just didn’t install it the way Microsoft thinks you should. …

Too many people today don’t backup their files. And of those that do, many don’t do it well. An easy way to remember a “safe” way to backup your data is with the “3–2–1 Backup Rule” which goes like this:

• Keep 3 copies of any important files (your primary/working copy counts as one)
• Store your files on 2 different media types (Example: Hard drive and in the Cloud)
• Always have 1 copy off site

With the 3–2–1 rule you can be relatively confident that you’ll always be able to access your critical data, even after a catastrophic failure.

Another rule I live by when it comes to backup…