18 Sep 2024 |
🍄 HB🍄 | https://discuss.elastic.co/t/how-to-delete-the-indices-older-than-30-days/242182 | 09:14:53 |
🍄 HB🍄 | Anyone here run/use Bind9 DNS? | 14:54:47 |
🍄 HB🍄 | https://bpa.st/CNIHS is the output of named-checkconf -px https://bpa.st/3CR5K is the output of sudo named-checkzone thestonedapes.com /etc/bind/db.thestonedapes.com https://bpa.st/SUEJG is the output of sudo service named status Error says, zone not loaded . I'm not sure why the zone isn't being loaded. | 14:56:02 |
| drk0027 joined the room. | 19:41:04 |
19 Sep 2024 |
🍄 HB🍄 | After much headaches, I figured it out. I deleted my keys and resigned the zone with new fres keys | 10:43:26 |
🍄 HB🍄 | * After much headaches, I figured it out. I deleted my keys and resigned the zone with new fresh keys | 10:43:29 |
🍄 HB🍄 | #!/bin/bash
SLAVE_IP=129.146.187.63
MASTER_IP=149.28.12.253
dnssec_add () {
DOMAIN=$1
## Go to /var/cache/bind/
echo "Changing directory to /var/cache/bind/"
cd /var/cache/bind || exit
echo "Domain: $DOMAIN"
# Create a Zone Signing Key(ZSK)
echo "Creating Zone Signing Key (ZSK)"
dnssec-keygen -a ED25519 -b 2048 -n ZONE "$DOMAIN"
# Create a Key Signing Key(KSK)
echo "Creating Key Signing Key (KSK)"
dnssec-keygen -f KSK -a ED25519 -b 4096 -n ZONE "$DOMAIN"
# Set proper permissions on key files
echo "Setting proper permissions on key files"
chown bind:root *.{key,private}
chmod ug+rw *.{key,private}
# Copy keys to /etc/bind from /var/cache/bind
echo "Copying keys to /etc/bind"
cp *$DOMAIN*.{key,private} /etc/bind/
# Add keys to zone file in /etc/bind/
echo "Adding keys to zone file in /etc/bind/"
for key in $(find . -type f -name "K$DOMAIN*.key" | sed 's/.\///g'); do echo "\$INCLUDE $key" >> /etc/bind/db.$DOMAIN; done
# Sign Zone
echo "Signing Zone"
dnssec-signzone -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -A -N INCREMENT -o "$DOMAIN" /etc/bind/db.$DOMAIN
# Add Zone config to /etc/bind/named.conf.local
echo "Adding Zone config to /etc/bind/named.conf.local"
echo -e "\n\nzone \"$DOMAIN\" IN {\n type master;\n file \"/etc/bind/db.$DOMAIN.signed\";\n allow-transfer { $SLAVE_IP; };\n dnssec-policy standard;\n inline-signing yes;\n};\n" >> /etc/bind/named.conf.local
# Copy /etc/bind/db.$DOMAIN to /var/cache/bind
echo "Copying /etc/bind/db.$DOMAIN to /var/cache/bind"
cp /etc/bind/db.$DOMAIN /var/cache/bind/
# Reload the bind service and display status
echo "Reloading bind service"
service bind9 restart
echo "Bind service status:"
service bind9 status
# Output DS records to be added to Registrar
echo "DS records to be added to Registrar:"
cat dsset-$DOMAIN.
}
# Check if domain argument is provided
if [ -z "$1" ]; then
echo "Usage: $0 <domain>"
exit 1
fi
# Run dnssec_add function with the provided domain argument
dnssec_add "$1"
| 10:43:53 |
🍄 HB🍄 | I got tired of having to type in commands manually so I wrote it into a script. Works. | 10:44:20 |
🍄 HB🍄 | wxie: Hi. Did you figure out the Yunohost problem? | 23:56:36 |
20 Sep 2024 |
wxie | Thank you for asking.
Now the admin panel is ok.
The diagonsis reports that I do not have an IPv6 IP. | 01:04:02 |
wxie | curl https://ip6.yunohost.org
is not reavhable.
ip a
shows I have inet6
hostname -I
replies only IPv4 | 01:05:54 |
wxie | How could I setup IPv6. I thought it should work by default. | 01:06:45 |
🍄 HB🍄 | Does your provider give you ipv6? | 01:10:04 |
🍄 HB🍄 | * Does your provider give you ipv6? If not, you will have to setup a ipv6 tunnel, using Hurricane Electric or something other tunneling service. | 01:10:30 |
wxie | ok, I will check. | 10:18:45 |
🍄 HB🍄 | * #!/bin/bash
dnssec_add () {
DOMAIN=$1
## Go to /var/cache/bind/
echo "Changing directory to /var/cache/bind/"
cd /var/cache/bind || exit
echo "Domain: $DOMAIN"
# Create a Zone Signing Key(ZSK)
echo "Creating Zone Signing Key (ZSK)"
dnssec-keygen -a ED25519 -b 2048 -n ZONE "$DOMAIN"
# Create a Key Signing Key(KSK)
echo "Creating Key Signing Key (KSK)"
dnssec-keygen -f KSK -a ED25519 -b 4096 -n ZONE "$DOMAIN"
# Set proper permissions on key files
echo "Setting proper permissions on key files"
chown bind:root *.{key,private}
chmod ug+rw *.{key,private}
# Copy keys to /etc/bind from /var/cache/bind
echo "Copying keys to /etc/bind"
cp *$DOMAIN*.{key,private} /etc/bind/
# Add keys to zone file in /etc/bind/
echo "Adding keys to zone file in /etc/bind/"
for key in $(find . -type f -name "K$DOMAIN*.key" | sed 's/.\///g'); do echo "\$INCLUDE $key" >> /etc/bind/db.$DOMAIN; done
# Sign Zone
echo "Signing Zone"
dnssec-signzone -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -A -N INCREMENT -o "$DOMAIN" /etc/bind/db.$DOMAIN
# Add Zone config to /etc/bind/named.conf.local
echo "Adding Zone config to /etc/bind/named.conf.local"
echo -e "\n\nzone \"$DOMAIN\" IN {\n type master;\n file \"/etc/bind/db.$DOMAIN.signed\";\n allow-transfer { $SLAVE_IP; };\n dnssec-policy standard;\n inline-signing yes;\n};\n" >> /etc/bind/named.conf.local
# Copy /etc/bind/db.$DOMAIN to /var/cache/bind
echo "Copying /etc/bind/db.$DOMAIN to /var/cache/bind"
cp /etc/bind/db.$DOMAIN /var/cache/bind/
# Reload the bind service and display status
echo "Reloading bind service"
service bind9 restart
echo "Bind service status:"
service bind9 status
# Output DS records to be added to Registrar
echo "DS records to be added to Registrar:"
cat dsset-$DOMAIN.
}
# Check if domain argument is provided
if [ -z "$1" ]; then
echo "Usage: $0 <domain>"
exit 1
fi
# Run dnssec_add function with the provided domain argument
dnssec_add "$1"
| 15:26:42 |
23 Sep 2024 |
🍄 HB🍄 | https://ayoubmokhtar.com/post/png_driven_chain_xss_to_remote_code_execution_prestashop_8.1.5_cve-2024-34716/ For the life of me I can't get this exploit to give me reverse shell.
I can send the XSS payload.
I can see it download the vuln. theme I created from my python server.
I keep waiting for the reverse shell, and I just get 403s | 04:50:56 |
🍄 HB🍄 | Download Screenshot_20240922_225121.png | 04:51:25 |
🍄 HB🍄 | I figured it out. | 21:38:51 |
🍄 HB🍄 | I was unpacking a theme, adding my exploit files, then repacking the theme. That changes file permissions which cause the exploit's .htaccess to not take effect, giving a 403. | 21:39:25 |
24 Sep 2024 |
🍄 HB🍄 | https://gitlab.com/hashborgir/prestashop-cve-2024-34716 -- Forked an PoC exploit to make it work better, more automation etc. | 02:03:51 |
🍄 HB🍄 | https://www.hackthebox.com/achievement/machine/2022711/626 <- this one took me 2 days to hack | 09:23:30 |
🍄 HB🍄 | * https://gitlab.com/hashborgir/prestashop-cve-2024-34716 -- Forked an PoC exploit to make it work better, more automation etc. Made it more skid friendly. | 09:23:44 |
25 Sep 2024 |
| salt_rock_lamp joined the room. | 03:14:34 |
🍄 HB🍄 | salt_rock_lamp: hey welcome, what's going on? | 18:39:57 |
26 Sep 2024 |
🍄 HB🍄 | !sd Icon for Self Hosting and cybersecurity group for Matrix chat | 13:58:51 |
🍄 HB|Funguy Bot | Download icon-for-self-hosting-and-cybersecurity-group-for-matrix-chat_4_512x512_DPM++ SDE_2.jpg | 13:58:56 |
🍄 HB🍄 | That's terrible. LOL. | 13:59:10 |
salt_rock_lamp | In reply to @hashborgir:mozilla.org salt_rock_lamp: hey welcome, what's going on? hello. I self-host some things :) | 14:47:31 |
salt_rock_lamp | I also am trying to get better with networking stuff so I can help diagnose some problems w/ my home network setup. | 14:47:47 |