FUN WITH LINUX

Apaches "File-Extension-Feature"

1 February 2017

Many years ago, someone mentioned on a congress that apache has an interesting feature: if apache doesn’t know a file-extension, it will just take the next one. If someone saves a file called “shell.php.ab”, apache would not know what to do with the extension “.ab”. So it will just skip this one and uses the next one and the file “evil.php.ab” becomes “evil.php” and gets executed. I wondered how long it will take until a related bug will occur and I was not surprised when I read aboutthis nasty bug.

Read more..
Privilege Escalation in VirtualBox (CVE-2017-3316)

26 January 2017

Overview

  • System affected: VirtualBox
  • Software-Version: prior to 5.0.32, prior to 5.1.14
  • User-Interaction: Required
  • Impact: A Man-In-The-Middle could infiltrate an Extension-Pack-Update to gain a root-shell
Read more..
Utility to query certificate-transparency-database

13 January 2017

Certificate Transparency is a great idea. All certificate-related activities on a certificate authority will be logged into a public database(it’s a merkle-table), so that anyone can monitor or review the certificates. Commodo published a very handy web-tool to query the logs.

Read more..
Postgresql: Changing default template to UTF8

12 January 2017

dr@tardis$ psql -U postgres
psql (9.4.9)
Type "help" for help.

postgres=# update pg_database set datallowconn = TRUE where datname = 'template0';
UPDATE 1

postgres=# \c template0
You are now connected to database "template0".

template0=# update pg_database set datistemplate = FALSE where datname = 'template1';
UPDATE 1

template0=# drop database template1;
DROP DATABASE

template0=# create database template1 with template = template0 encoding = 'UTF8';
CREATE DATABASE

template0=# update pg_database set datistemplate = TRUE where datname = 'template1';
UPDATE 1

template0=# \c template1
You are now connected to database "template1".

template1=# update pg_database set datallowconn = FALSE where datname = 'template0';
UPDATE 1
Read more..
33c3: Works for me

28 December 2016

33c3-works-for-me

Read more..
Merry Christmas

23 December 2016

I wish you all a Very Merry Christmas and a beautiful time

PS: I found this nice html-css-hack at codepen.io

Read more..
Debian Squidguard: update-squidguard does not work with tabs in config-file

18 December 2016

I experienced an interesting problem: on a Debian Jessie host with squidguard: update-squidguard threw the following error-message:

root@34697f9f06a2:/# update-squidguard 
/usr/sbin/update-squidguard: 69: test: dbhome: unexpected operator
Rebuild SquidGuard database - this can take a while.

On Debian Wheezy it returns with the following error:

Read more..
UTF8: removing BOM(Byte Order Mark)

18 December 2016

I got the following error while compiling a Latex-File:

compiling MyLatexfile.tex...
tex/virtualbox.tex:1: Package inputenc Error: Unicode char \u8: not set up for use with LaTeX.

So I checked the encoding of the file and saw that it looked like this:

file tex/virtualbox.tex 
tex/virtualbox.tex: LaTeX document, UTF-8 Unicode (with BOM) text, with very long lines

It seems that inputenc does not like utf-8 with Byte Order Mark. So I removed it using the following sed-command:

sed -i '1 s/^\xef\xbb\xbf//' virtualbox.tex
Read more..
Mysql does not connect to a given port on localhost

7 December 2016

Mysql does not connect to a given port if the host is localhost.

Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti