FyhTech - Fun with Linux https://tech.feedyourhead.at/rss.xml en Fourth Anniversary https://tech.feedyourhead.at/content/fourth-anniversary <span class="field field--name-title field--type-string field--label-hidden">Fourth Anniversary</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>This blog really became 4 years old. When I started to write it was mostly for practicing written english. But my intention was always to give something back to the open-source community. I failed terribly with the first point. My english is as bad as it was before, but I have readers and get responses to some articles. It seems that I didn't failed with "giving something back to the open-source community".</p> <p>Thank you to all my readers.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Nov 07 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/taxonomy/term/98" hreflang="en">Anniversary</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=271&amp;2=comment&amp;3=comment" token="3omfIKIFNkDTIKTbYErfq32WVV_KNos59DgQCdwB8fI"></drupal-render-placeholder> </section> Wed, 07 Nov 2018 15:24:22 +0000 Hoti 271 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/fourth-anniversary#comments https://tech.feedyourhead.at/content/fourth-anniversary#comments Full Disclosure: Remote-Command-Execution in PHKP https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp <span class="field field--name-title field--type-string field--label-hidden">Full Disclosure: Remote-Command-Execution in PHKP</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><h3>Overview</h3> <ul><li>System affected: <a href="https://el-tramo.be/phkp/">PHKP</a></li> <li>Software-Version: including commit <span class="sha-block"><span class="sha user-select-contain">88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b</span></span></li> <li>User-Interaction: Not required</li> <li>Impact: Remote-Code-Execution</li> </ul><h3>Detailed Description</h3> <p>According to the project-page "PHKP is an implementation of the <a href="https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00">OpenPGP HTTP Keyserver Protocol (HKP)</a> in PHP". Due to unsanitized query parameters in the <a href="https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#page-3">/pks/lookup-call</a> any shell-command can be injected and executed remotely.</p> <p>In line <a href="https://github.com/remko/phkp/blob/88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b/phkp.php#L106-L107">106 of phkp.php the search-parameter "/pks/lookup&amp;op=index" is assigned without any checks and in line 107</a> this variable will be used as a parameter of exec():</p> <div class="geshifilter"><pre class="php geshifilter-php" style="font-family:monospace;">  <span style="color: #000088;">$search</span> <span style="color: #339933;">=</span> <span style="color: #000088;">$vars</span><span style="color: #009900;">[</span><span style="color: #0000ff;">'search'</span><span style="color: #009900;">]</span><span style="color: #339933;">;</span> <span style="color: #000088;">$pgp_result</span> <span style="color: #339933;">=</span> pgp_exec<span style="color: #009900;">(</span><span style="color: #0000ff;">"--list-public-keys --list-keys <span style="color: #006699; font-weight: bold;">$search</span>"</span><span style="color: #339933;">,</span> <span style="color: #000088;">$output</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span> </pre></div> <p>It is possible to inject any shell commands using the search-parameter:</p> <p><span class="geshifilter"><code class="bash geshifilter-bash">curl http:<span style="color: #000000; font-weight: bold;">//</span>localhost:<span style="color: #000000;">8008</span><span style="color: #000000; font-weight: bold;">/</span>pks<span style="color: #000000; font-weight: bold;">/</span>lookup?<span style="color: #007800;">op</span>=index<span style="color: #000000; font-weight: bold;">&amp;</span><span style="color: #007800;">search</span>=js<span style="color: #000000; font-weight: bold;">@</span>example.com; <span style="color: #c20cb9; font-weight: bold;">id</span></code></span></p> <p>In line <a href="https://github.com/remko/phkp/blob/88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b/phkp.php#L116-L117">116 and 117</a> the same problem occurs again for the "/pks/lookup&amp;op=get"-call. That means that the remote-code-execution occurs in two places.</p> <h3>Proof-Of-Concept</h3> <p>A ordinary lookup coud be the following:</p> <p><img alt="Normal phkp-lookup" data-entity-type="file" data-entity-uuid="83e75e46-8ca9-4cfe-a717-ca2535521734" src="/sites/default/files/inline-images/2018-10-08-13%3A14%3A35.png" /></p> <p>By injecting shell commands to the search-parameter, it is possible to execute any command:</p> <p><img alt="phkp rce" data-entity-type="file" data-entity-uuid="ba2c925d-adac-4faf-a1bb-d5477140702e" src="/sites/default/files/inline-images/phkp-rce.png" /></p> <h3>Mitigation</h3> <p>Currently there is no fix for this bug. The <a href="https://github.com/remko/phkp/issues/1">author was informed on Jul 18 2018</a>. A solution for this problem might be the <a href="http://php.net/manual/en/function.escapeshellcmd.php">escapeshellcmd()-function</a>.</p> <h3>Credits</h3> <p>The remote-code-execution bug was discovered by Wolfgang Hotwagner(https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp)</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Oct 08 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/taxonomy/term/107" hreflang="en">CVE</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=270&amp;2=comment&amp;3=comment" token="cK_p_W5RhnZKxZrNTKP6lTqyEefrgqU5bitXNJBBEVM"></drupal-render-placeholder> </section> Mon, 08 Oct 2018 11:23:39 +0000 Hoti 270 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp#comments https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp#comments Happy 20 Birthday to Nmap https://tech.feedyourhead.at/content/happy-20-birthday-nmap <span class="field field--name-title field--type-string field--label-hidden">Happy 20 Birthday to Nmap</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>The legendary portscanner <a href="https://nmap.org/">nmap</a> was  released 20 years ago in <a href="https://nmap.org/p51-11.html">Phrack #51</a>. Happy Birthday nmap.</p> <p><img alt="nmap 20 birthday" data-entity-type="file" data-entity-uuid="662e5bfa-c7cd-476d-b63c-988e5a8db770" src="/sites/default/files/inline-images/2018-09-01-23%3A06%3A20.png" /></p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Sep 01 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/news" hreflang="en">News</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=269&amp;2=comment&amp;3=comment" token="HsrgLvKjNiIQag4zn86arzYiVNpY9hN-qBnGmznvEHA"></drupal-render-placeholder> </section> Sat, 01 Sep 2018 21:06:00 +0000 Hoti 269 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/happy-20-birthday-nmap#comments https://tech.feedyourhead.at/content/happy-20-birthday-nmap#comments Happy Sysadminday https://tech.feedyourhead.at/content/sysadminday2018 <span class="field field--name-title field--type-string field--label-hidden">Happy Sysadminday</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Sysadmins are the heros who bring back our cat-pictures from the heights of the filesystem-tree. So let's honour our firefighters of the internet.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jul 27 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/news" hreflang="en">News</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=268&amp;2=comment&amp;3=comment" token="Wssl8ZtZSOX4u3ylGkaWHQxezQssIMaRhR4OT18LOm8"></drupal-render-placeholder> </section> Fri, 27 Jul 2018 08:12:55 +0000 Hoti 268 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/sysadminday2018#comments https://tech.feedyourhead.at/content/sysadminday2018#comments Now is a good time to backup our github-repos https://tech.feedyourhead.at/content/now-is-a-good-time-to-backup-our-github-repos <span class="field field--name-title field--type-string field--label-hidden">Now is a good time to backup our github-repos</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Many people are scared because <a href="https://news.microsoft.com/2018/06/04/microsoft-to-acquire-github-for-7-5-billion/">Microsoft bought GitHub</a>. I wonder why people are so shocked now. Github is just another cloud-thingy and cloud means: "it's just the computer of someone else". If "someone else" will shutdown or wipe his computer, then we better have backups. Having this in our minds I would say that it's time to make (auto)backups. I wrote this little ruby-script that clones all public repositories of a user into a directory. If the repositories already exist locally, then this script will just make a "git-pull".</p> <div class="geshifilter"><pre class="ruby geshifilter-ruby" style="font-family:monospace;"><span style="color:#008000; font-style:italic;">#!/usr/bin/env ruby</span> &nbsp; <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'net/http'</span> <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'json'</span> <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'fileutils'</span> &nbsp; directory = <span style="color:#996600;">&quot;./&quot;</span> &nbsp; <span style="color:#9966CC; font-weight:bold;">def</span> help warn <span style="color:#996600;">&quot;usage: #{$PROGRAM_NAME} &lt;github-user&gt; [ &lt;dst-directory&gt; ]&quot;</span> <span style="color:#CC0066; font-weight:bold;">exit</span> <span style="color:#006666;">1</span> <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; <span style="color:#008000; font-style:italic;"># got this function from stackoverflow.com: </span> <span style="color:#008000; font-style:italic;"># stackoverflow.com/questions/2108727/which-in-ruby-checking-if-program-exists-in-path-from-ruby</span> <span style="color:#9966CC; font-weight:bold;">def</span> which<span style="color:#006600; font-weight:bold;">&#40;</span>cmd<span style="color:#006600; font-weight:bold;">&#41;</span> exts = ENV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#996600;">'PATHEXT'</span><span style="color:#006600; font-weight:bold;">&#93;</span> ? ENV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#996600;">'PATHEXT'</span><span style="color:#006600; font-weight:bold;">&#93;</span>.<span style="color:#CC0066; font-weight:bold;">split</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">';'</span><span style="color:#006600; font-weight:bold;">&#41;</span> : <span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#996600;">''</span><span style="color:#006600; font-weight:bold;">&#93;</span> ENV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#996600;">'PATH'</span><span style="color:#006600; font-weight:bold;">&#93;</span>.<span style="color:#CC0066; font-weight:bold;">split</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#CC00FF; font-weight:bold;">File</span>::PATH_SEPARATOR<span style="color:#006600; font-weight:bold;">&#41;</span>.<span style="color:#9900CC;">each</span> <span style="color:#9966CC; font-weight:bold;">do</span> <span style="color:#006600; font-weight:bold;">|</span>path<span style="color:#006600; font-weight:bold;">|</span> exts.<span style="color:#9900CC;">each</span> <span style="color:#006600; font-weight:bold;">&#123;</span> <span style="color:#006600; font-weight:bold;">|</span>ext<span style="color:#006600; font-weight:bold;">|</span> exe = <span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">join</span><span style="color:#006600; font-weight:bold;">&#40;</span>path, <span style="color:#996600;">&quot;#{cmd}#{ext}&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#0000FF; font-weight:bold;">return</span> exe <span style="color:#9966CC; font-weight:bold;">if</span> <span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">executable</span>?<span style="color:#006600; font-weight:bold;">&#40;</span>exe<span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#006600; font-weight:bold;">&amp;&amp;</span> !<span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">directory</span>?<span style="color:#006600; font-weight:bold;">&#40;</span>exe<span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#006600; font-weight:bold;">&#125;</span> <span style="color:#9966CC; font-weight:bold;">end</span> <span style="color:#0000FF; font-weight:bold;">return</span> <span style="color:#0000FF; font-weight:bold;">nil</span> <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; gitbin = which<span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;git&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> &nbsp; <span style="color:#9966CC; font-weight:bold;">if</span> gitbin.<span style="color:#0000FF; font-weight:bold;">nil</span>? warn <span style="color:#996600;">&quot;git-binary not found&quot;</span> <span style="color:#CC0066; font-weight:bold;">exit</span> <span style="color:#006666;">1</span> <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; <span style="color:#9966CC; font-weight:bold;">if</span> ARGV.<span style="color:#9900CC;">length</span> <span style="color:#006600; font-weight:bold;">&lt;</span> <span style="color:#006666;">1</span> <span style="color:#006600; font-weight:bold;">||</span> ARGV.<span style="color:#9900CC;">length</span> <span style="color:#006600; font-weight:bold;">&gt;</span> <span style="color:#006666;">2</span> help <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; gituser = ARGV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#006666;">0</span><span style="color:#006600; font-weight:bold;">&#93;</span> directory = ARGV<span style="color:#006600; font-weight:bold;">&#91;</span><span style="color:#006666;">1</span><span style="color:#006600; font-weight:bold;">&#93;</span> <span style="color:#9966CC; font-weight:bold;">if</span> ARGV.<span style="color:#9900CC;">length</span> == <span style="color:#006666;">2</span> &nbsp; <span style="color:#9966CC; font-weight:bold;">unless</span> <span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">directory</span>?<span style="color:#006600; font-weight:bold;">&#40;</span>directory<span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#CC00FF; font-weight:bold;">FileUtils</span>::mkdir_p directory <span style="color:#9966CC; font-weight:bold;">end</span> &nbsp; uri = <span style="color:#CC00FF; font-weight:bold;">URI</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;https://api.github.com/users/#{gituser}/repos&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> &nbsp; resp = <span style="color:#6666ff; font-weight:bold;">Net::HTTP</span>.<span style="color:#9900CC;">get</span><span style="color:#006600; font-weight:bold;">&#40;</span>uri<span style="color:#006600; font-weight:bold;">&#41;</span> parsed = JSON.<span style="color:#9900CC;">parse</span><span style="color:#006600; font-weight:bold;">&#40;</span>resp<span style="color:#006600; font-weight:bold;">&#41;</span> &nbsp; parsed.<span style="color:#9900CC;">each</span> <span style="color:#9966CC; font-weight:bold;">do</span> <span style="color:#006600; font-weight:bold;">|</span><span style="color:#CC0066; font-weight:bold;">p</span><span style="color:#006600; font-weight:bold;">|</span> <span style="color:#9966CC; font-weight:bold;">if</span> <span style="color:#CC00FF; font-weight:bold;">File</span>.<span style="color:#9900CC;">directory</span>?<span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;#{directory}/#{p['name']}&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#CC0066; font-weight:bold;">system</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;cd #{directory}/#{p['name']} &amp;&amp; #{gitbin} pull&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#9966CC; font-weight:bold;">else</span> <span style="color:#CC0066; font-weight:bold;">system</span><span style="color:#006600; font-weight:bold;">&#40;</span><span style="color:#996600;">&quot;#{gitbin} clone https://github.com/#{p['full_name']} #{directory}/#{p['name']}&quot;</span><span style="color:#006600; font-weight:bold;">&#41;</span> <span style="color:#9966CC; font-weight:bold;">end</span> <span style="color:#9966CC; font-weight:bold;">end</span></pre></div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jun 07 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ruby" hreflang="en">Ruby</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/git" hreflang="en">git</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/taxonomy/term/103" hreflang="en">Open-Source</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/backup" hreflang="en">Backup</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/shell" hreflang="en">Shell</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=267&amp;2=comment&amp;3=comment" token="oPcbvqzYUcugBxbk0j0w2JLHdMWOfeGFn5WU98XCfbI"></drupal-render-placeholder> </section> Thu, 07 Jun 2018 10:41:24 +0000 Hoti 267 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/now-is-a-good-time-to-backup-our-github-repos#comments https://tech.feedyourhead.at/content/now-is-a-good-time-to-backup-our-github-repos#comments cryptorecord 0.9.2 released https://tech.feedyourhead.at/content/cryptorecord-0-9-2-released <span class="field field--name-title field--type-string field--label-hidden">cryptorecord 0.9.2 released</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I proudly pronounce the first (pre-)release of <a href="https://github.com/whotwagner/cryptorecord">cryptorecord</a>. Cryptorecords is a ruby gem that provides an API and scripts for creating crypto-related dns-records(e.g. DANE). Currently it supports TLSA, OPENPGPKEYS and SSHFP but I plan to support other records in future. The API doesn't create any keys or certificates. It just takes existing keyfiles to create the DNS-records.<br /> &nbsp;</p> <ul> </ul> <h3>Installation</h3> <p>The gem is available on <a href="https://rubygems.org/">Rubygems</a>. Add this line to your application's Gemfile:</p> <pre> <code> gem 'cryptorecord' </code></pre> <p>And then execute:</p> <pre> <code> $ bundle </code></pre> <p>Or install it yourself as:</p> <pre> <code> $ gem install cryptorecord </code></pre> <h3>Usage</h3> <p>This gem comes with a bunch of handy executables that helps creating the dns-records:</p> <ul> <li>openpgpkeysrecord</li> <li>sshfprecord</li> <li>tlsarecord</li> </ul> <pre> <code> Usage: ./openpgpkeysrecord -u <email> -f <gpgkeyfile> -h, --help This help screen -f PGP-PUBLICKEY-FILE, PGP-Publickey-File --publickeyfile -u, --uid EMAIL email-address </gpgkeyfile></email></code></pre> <pre> <code> Usage: ./sshfprecord [ options ] -h, --help This help screen -f SSH-HOST-KEY-FILE, SSH-Hostkey-File --hostkeyfile -H, --host HOST host -d, --digest DIGEST HASH-Algorithm -r, --read-local-hostkeys Read all local Hostkeys.(like ssh-keygen -r) </code></pre> <pre> <code> Usage: ./tlsarecord [ options ] -h, --help This help screen -f, --certfile CERTIFICATE-FILE Certificatefile -H, --host HOST host -p, --port PORTNUMBER port -P, --protocol PROTOCOL protocol(tcp,udp,sctp..) -s, --selector SELECTOR Selector for the association. 0 = Full Cert, 1 = SubjectPublicKeyInfo -u, --usage USAGE Usage for the association. 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE -t, --mtype MTYPE The Matching Type of the association. 0 = Exact Match, 1 = SHA-256, 2 = SHA-512 </code></pre> <h4>TLSA-Example</h4> <pre> <code> #!/usr/bin/env ruby require 'cryptorecord' selector = 0 mtype = 0 usage = 3 port = 443 proto = "tcp" host = "www.example.com" tlsa = Cryptorecord::Tlsa.new(:selector =&gt; selector, :mtype =&gt; mtype, :usage =&gt; usage, :port =&gt; port, :proto =&gt; proto, :host =&gt; host ) tlsa.read_file("/etc/ssl/certs/ssl-cert-snakeoil.pem") puts tlsa </code></pre> <h4>SSHFP-Example</h4> <pre> <code> #!/usr/bin/env ruby require 'cryptorecord' sshfp = Cryptorecord::Sshfp.new(:digest =&gt; 1, :keyfile =&gt; '/etc/ssh/ssh_host_rsa_key.pub', :host =&gt; 'www.example.com') puts sshfp </code></pre> <h4>OPENPGPKEYS-Example</h4> <pre> <code> #!/usr/bin/env ruby require 'cryptorecord' sshfp = Cryptorecord::Openpgpkeys.new(:uid =&gt; "hacky@hacktheplanet.com") sshfp.read_file("resources/hacky.asc") puts sshfp </code></pre> <h3>Documentation</h3> <p>The documentation can be found at <a href="https://www.rubydoc.info/gems/cryptorecord/">rubydoc.info</a></p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 17 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ruby" hreflang="en">Ruby</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/download" hreflang="en">Download</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/downloads" hreflang="en">Downloads</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/crypto" hreflang="en">Crypto</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/network" hreflang="en">Network</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=266&amp;2=comment&amp;3=comment" token="8fEI7N9n01EddQ0Ug03YejZAPosvCE9slAcfuGxj-AI"></drupal-render-placeholder> </section> Thu, 17 May 2018 10:13:20 +0000 Hoti 266 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/cryptorecord-0-9-2-released#comments https://tech.feedyourhead.at/content/cryptorecord-0-9-2-released#comments Postfix: verified TLS with DANE https://tech.feedyourhead.at/content/postfix-verified-tls-with-dane <span class="field field--name-title field--type-string field--label-hidden">Postfix: verified TLS with DANE</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>TLS via SMTP is <a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic</a> which makes connections vulnerable to man-in-the-middle-attacks. In order to prevent mitm-attacks, <a href="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">DANE</a> could be used. The sender-server will first check the domain-records if dnssec is in use(and valid) and if a TLSA-record is published(and valid). If a TLSA-record is valid and matches with the certificate of the recipient-server the connection could be encrypted and the encryption is verified. Postfix was one of the first smtp-servers that implemented DANE since the <a href="https://tools.ietf.org/id/draft-dukhovni-smtp-opportunistic-tls-00.html">author of the DANE protocol is a postfix-developer</a>. This article describes how to enable DANE in postfix.</p> <h3>Preconditions</h3> <p>It's very easy to enable DANE in postfix. First we have to ensure that postfix can resolve DNSsec queries. I recommend to install the dns-resolver "<a href="https://unbound.net/">unbound</a>" on the postfix-server. Unbound does DNSsec pretty well. It also automatically manages the trust-anchors for DNSsec. We can check if DNSsec works, if the "ad"-flag is set. So lets use dig to test it:</p> <pre> <code>&gt; DiG 9.9.5-9+deb8u15-Debian &lt;&lt;&gt;&gt; gov. +dnssec ;; global options: +cmd ;; Got answer: ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 35764 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;gov. IN A </code></pre> <p>As we can see, the "ad"-flag was set. If we use a resolver without dnssec-support it would look like that:</p> <pre> <code> % dig gov. +dnssec ; &lt;&lt;&gt;&gt; DiG 9.8.4-rpz2+rl005.12-P1 &lt;&lt;&gt;&gt; gov. +dnssec ;; global options: +cmd ;; Got answer: ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: SERVFAIL, id: 25074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4000 ;; QUESTION SECTION: ;gov. IN A </code></pre> <p>As you can see, there is no "ad"-flag in this example. That indicates that DNSsec is not supported by the resolver.</p> <h3>Postfix-config</h3> <p>As soon as we set up a resolver with dnssec-support, we can easily enable DANE in postfix:</p> <pre> <code> # DANE-Settings smtp_dns_support_level=dnssec smtp_host_lookup=dns smtp_tls_security_level = dane smtp_tls_loglevel=1 </code></pre> <p>Now postfix will always try to verify the TLS-connection using DANE. If you just want to enable DANE for specific domains, I'll recommend have a look at the <a href="http://www.postfix.org/TLS_README.html#client_tls">example in the postfix-documentation</a>.</p> <h3>Test</h3> <p>We can test DANE by sending Emails to a server that has TLSA-Records. There is a list of domains with TLSA-records at the end of <a href="https://static.ptbl.co/static/attachments/169319/1520904692.pdf?1520904692">this pdf</a>. I just tested DANE by sending an email to a gmx.net-address:</p> <pre> <code> May 12 21:26:59 mymailserver postfix/smtp[3064]: Verified TLS connection established to mx01.emig.gmx.net[212.227.17.5]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) </code></pre> <p>The keyword "Verified" indicates that the TLS-connection could be verified.</p> <p>&nbsp;</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 14 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/crypto" hreflang="en">Crypto</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/email" hreflang="en">Email</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/mail" hreflang="en">Mail</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=265&amp;2=comment&amp;3=comment" token="oDTTj6SHpFvGYUI319oXvKTZNvcKlQalAHTJrUNU044"></drupal-render-placeholder> </section> Mon, 14 May 2018 12:11:10 +0000 Hoti 265 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/postfix-verified-tls-with-dane#comments https://tech.feedyourhead.at/content/postfix-verified-tls-with-dane#comments Thoughts about DNSsec https://tech.feedyourhead.at/content/thoughts-about-dnssec <span class="field field--name-title field--type-string field--label-hidden">Thoughts about DNSsec</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="https://en.wikipedia.org/wiki/Domain_Name_System">DNS</a> is one of the oldest but also one of the most important network protocols we have and actively use. Dan Kaminsky discovered 2008 some <a href="https://www.kb.cert.org/vuls/id/800113">serious flaws</a> in DNS <a href="http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html">which is very well explained on this site</a>. <a href="https://blog.cloudflare.com/dnssec-an-introduction/">DNSsec</a> is supposed to solve those problems.</p> <h3>Why don't we have it worldwide yet?</h3> <p>DNSsec uses a chain of trust and signed records. There are some problems with DNSsec too. One problem, for example, is that it doesn't protect against attacks from the governments. In conjunction with DANE, which could be a replacement for the existing Certificate-Authorities, DNSsec could make things <a href="https://sockpuppet.org/blog/2015/01/15/against-dnssec/">worser than it was before</a>.  Another problem is  that the records might get bigger and this makes it easier for attackers to abuse the <a href="https://www.computerworld.com/article/3097364/security/attackers-use-dnssec-amplification-to-launch-multi-vector-ddos-attacks.html">dns-servers for ddos-attacks</a>. In order to keep the records smaller, some DNS-servers  use <a href="https://www.cloudflare.com/dns/dnssec/ecdsa-and-dnssec/">elliptic curve-algorithms</a>. But elliptic curve-algorithms aren't supported widely and many tools still don't support records that are signed with elliptic curve-algorithms.</p> <h3>It's easy to monitor, right?</h3> <p>Talking about tools brings me to another thing that bothers me: there aren't much solid tools that work properly out there for Dnssec. It was very hard to find some monitoringtools or libraries that check if the Domain is signed correctly and when the keys do expire. I won't say that there are none, but it seems that there are a lot of broken tools out there. There are many reasons for that. Those tools have to speak DNS, DNSsec and all it's cryptographic algorithms. Some tools are old and don't compile anymore, or have weird dependencies. Some don't speak DNSsec directly and just utilize unbound. And some speak DNS and DNSsec but not with elliptic curve algorithms. I hope this situation changes soon.</p> <h3>Providers are familiar with DNSsec, right?</h3> <p>When I was activating DNSsec on my domain, I had to interact with my domain-provider. I realized that this provider has no standard procedure for DNSsec yet. There was no secure way to hand him over my keys(or hashes). That made me curious about the state of DNSsec in austrian companies. And I figured out that not many companies use DNSsec. Neither the biggest internet service providers nor the local banks have implemented DNSsec yet. I guess they might do that, as soon as Google starts using DNSsec(if it happens).</p> <h3>So why bother after all?</h3> <p>There are a couple of dns-records which solve some existing problems but require trusted domains. One of them is DANE/TLSA. Even if many SMTP-servers support TLS now, it still is opportunistic and they are vulnerable against Man-In-The-Middle-attacks. If people would have a trusted dns-zone, they could store the certificates(or fingerprints) as DNS-records and the other mailservers could validate the certificates. I believe this could be a good thing(as long as we trust the keys of the top-level domains). Since "email made in germany" has failed many german mail-provider(like web.de and gmx) use DANE. That's why I decided to give DNSsec a try.</p> <p> </p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 08 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/crypto" hreflang="en">Crypto</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/network" hreflang="en">Network</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=264&amp;2=comment&amp;3=comment" token="BkT2xG6szICCwLsMrGEzc3x_9jyQKcl2VUooQikCslE"></drupal-render-placeholder> </section> Tue, 08 May 2018 09:36:20 +0000 Hoti 264 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/thoughts-about-dnssec#comments https://tech.feedyourhead.at/content/thoughts-about-dnssec#comments statx-fun got popular https://tech.feedyourhead.at/content/statx-fun-got-popular <span class="field field--name-title field--type-string field--label-hidden">statx-fun got popular</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I am very surprised that <a href="https://tech.feedyourhead.at/content/using-the-new-statx-system-call">statx-fun</a> got one of my most popular <a href="https://github.com/whotwagner/statx-fun">git repositories</a>.  Arkadiusz Miśkiewicz even created a  <a href="https://git.pld-linux.org/gitweb.cgi?p=packages/statx-fun.git;a=summary">PLD-Linux-package</a> for it. I didn't expect that.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 06 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/c" hreflang="en">C</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=263&amp;2=comment&amp;3=comment" token="PbpWFLuU4ui5s5hKfouSBmi_2Kp88yfmwXrVzp8wz74"></drupal-render-placeholder> </section> Sun, 06 May 2018 11:24:36 +0000 Hoti 263 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/statx-fun-got-popular#comments https://tech.feedyourhead.at/content/statx-fun-got-popular#comments HackADay: Let's make a Nukestation https://tech.feedyourhead.at/content/hackaday-lets-make-a-nukestation <span class="field field--name-title field--type-string field--label-hidden">HackADay: Let&#039;s make a Nukestation</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Every time I replace an old hard disk by a newer or bigger one I think that I'll wipe it later. Now I have a big amount of hard disks to wipe. Since wiping takes ages, I don't want to use my personal computer for that. I would prefer a small device with low energy consumption just for wiping. That's why I am going to build a "Nukestation". Basically it's just a Raspberry Pi with nwipe on it and a udev-rule for automatically wipe attached hard disks. But some extras would be nice...</p> <h3>Hardware</h3> <p>My setup is quite basic: a Raspberry Pi 3b+, a Disk-Docking-Station(USB), and a LED for signalling that the drive can safely removed/attached. I know, It would be much better to use a red LED for signalling when the Nukestation is wiping disks, but I had just green LED's at home. That's why I am gonna do that the way around.</p> <p> <video controls="" height="360" width="480"><source src="/sites/default/files/DateiUploads/nukestation.mp4" type="video/mp4" /></video> </p> <p>This video shows my setup. As soon as I plugg in the harddisk, the green led turns dark for signalling that it is not safe to remove the disk now, and on the screen we can see that nwipe starts it's job.</p> <h3>Little Extras</h3> <p>I wrote a bash-script called "nukestation.sh". This script is a wrapper for nwipe and allows us to:</p> <ul> <li>Create Pre-run-hooks(like turn off the LED)</li> <li>Run nwipe with configurable settings</li> <li>Create Post-run-hoocks(like turn on the LED)</li> <li>Send a notification including the nwipe-log via email</li> </ul> <h3>Installation</h3> <p>I won't use this Raspberry Pi only for wiping disks. That's why I need a very easy to use installation routine for the nukestation. I used the configuration management sytem <a href="https://www.ansible.com/">ansible</a> for that. The sources of my nukestation ansible-role can be downloaded on <a href="https://github.com/whotwagner/ansible-role-nukestation">Github</a>&nbsp; and the role is available on ansible-galaxy too. On a freshly installed <a href="https://www.raspberrypi.org/downloads/raspbian/">Raspbian</a>&nbsp; the Nukestation can be installed using the follwing commands:</p> <pre> <code> $ sudo apt-get install ansible $ sudo ansible-galaxy install whotwagner.nukestation $ cat > playbook.yml << EOF --- - hosts: localhost roles: - whotwagner.nukestation EOF $ sudo ansible-playbook playbook.yml </code></pre> <p>The playbook above will just install Nukestation without mailsupport. If we want to install a mailsystem with a smarthost using authentication to automatically send notifications we can use another playbook:</p> <pre> <code> $ sudo apt-get install ansible $ sudo ansible-galaxy install whotwagner.nukestation $ cat > playbook.yml << EOF - hosts: localhost roles: - whotwagner.nukestation vars: nukestation_mailconf: server: mail.example.conf:587 user: username@example.conf pass: super-secret-password from: from@example.com to: to@example.com EOF $ sudo ansible-playbook playbook.yml </code></pre> <p>A detailed documentation about the playbook and the nukestation.sh-script can be found at <a href="https://github.com/whotwagner/ansible-role-nukestation">Github</a>.</p> <h3>Conclusio</h3> <p>Nukestation allows me to wipe disks easily and I'll recieve notifications as soon as the wipejob is finished. <em>"I love it when a plan comes together"</em></p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Apr 15 2018</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/hackaday" hreflang="en">HackADay</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/hardware" hreflang="en">Hardware</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/raspberry" hreflang="en">Raspberry</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ansible" hreflang="en">Ansible</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=262&amp;2=comment&amp;3=comment" token="mXNkYhJywlpehAmSRx0Jlb3KcW68vS026m820TmEpE8"></drupal-render-placeholder> </section> Sun, 15 Apr 2018 16:45:24 +0000 Hoti 262 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/hackaday-lets-make-a-nukestation#comments https://tech.feedyourhead.at/content/hackaday-lets-make-a-nukestation#comments