Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Apr 17 18:54

    fabacab on main

    Add the Zenmap GUI to the pract… (compare)

  • Apr 16 04:59

    fabacab on main

    Move provisioning script to its… (compare)

  • Apr 14 15:11

    fabacab on main

    Expand Kubernetes notes. (compare)

  • Apr 14 07:33
    ozment starred AnarchoTechNYC/meta
  • Apr 14 03:54

    fabacab on main

    Add Grafana server as a support… (compare)

  • Apr 13 07:50

    fabacab on main

    More modern Minikube setup, ini… (compare)

  • Apr 13 07:49

    fabacab on main

    Fix formatting. (compare)

  • Apr 13 07:44

    fabacab on main

    Fix formatting. (compare)

  • Apr 13 07:40

    fabacab on main

    Some initial notes for the intr… (compare)

  • Apr 13 06:38

    fabacab on main

    Slightly better Kubernetes setu… (compare)

  • Apr 12 05:33

    fabacab on main

    Fix permission issue preventing… (compare)

  • Apr 11 18:50

    fabacab on main

    Slightly better walkthrough. (compare)

  • Apr 11 18:47

    fabacab on main

    Fix typo. (compare)

  • Apr 11 18:46

    fabacab on main

    Initial setup of service monito… (compare)

  • Apr 10 22:21

    fabacab on main

    Update from deprecated `--genke… (compare)

  • Apr 10 20:03
  • Apr 10 20:03
    Nditah starred AnarchoTechNYC/meta
  • Apr 08 02:14

    fabacab on main

    Preinstall Terragrunt in the Te… (compare)

  • Apr 06 09:39
    sanzeshstha starred AnarchoTechNYC/meta
  • Apr 04 06:29
    NaimulIslam9m starred AnarchoTechNYC/meta
camille
@ssempervirens
I have scraped a couple things using beautifulsoup before, but that's about it. only in tutorials, never in the real world or on a real project. essentially i want to use a python script to scrape a list of URLs for text of legislation
0xACAB
@fabacab
@camfassett Okie, well…let's take this private for a bit and then if we need more help from the group we can come back.
0xACAB
@fabacab

Hey all, does anyone have any experience programming in Lua? There have been two independent situations in the same number of weeks in which it would have been extremely helpful for me to know more about the Lua programming langauge than I do. The first is when I took a look at an Nmap NSE script, which was Lua, and the second was when I found myself needing to write a Wireshark protocol dissector, but hoping not to dive too far into Wireshark's C API because all the documentation keeps telling me that using Lua is faster for prototyping.

A lot of the Lua stuff I'm finding seems to be revolving around game development. That's nice and all but not really what I'm interested in. I have, of course, found the Lua reference manual and its getting started sections, and they're…fine. The book they recommend is also…fine. It has a lot of maths examples, which I don't care for. I'll read them if there's nothing better but I just thought I'd ask for advice in case anyone knows of a diamond in the rough for these sorts of tasks.

(P.S. Please don't tell me "use Python." I know Python is the go-to language for a lot of stuff these days. When Wireshark and Nmap get Python bindings, I'll use Python. In the mean time, help me learn Lua. Thanks.)

0xACAB
@fabacab
For those curious, I think I'm getting the hang of this, and you can follow my progress here. :)
EcstasyandVendetta
@EcstasyandVendetta
Curious to see anyone work out anything with Lua because I DO want to use it for a game add-on. :laughing: I found it a little impenetrable when I first sat down to mess with it.
0xACAB
@fabacab
@EcstasyandVendetta It helps a lot to be somewhat familiar with C already. Evidently, Lua is designed to be a "higher-level C" and even has a native type (userdata) that is basically just a pointer into some memory space. So I was able to pick it up much quicker than I expected.
(Dunno if you've done any C stuff, but if not, and you're having trouble with Lua, maybe read a tiny bit about C? I'm not sure if that's actuall useful. Just a thought.)
I spent most of today reading the Lua Reference Manual and nothing was making sense until I read half-way through §3. Then it kinda started clicking.
EcstasyandVendetta
@EcstasyandVendetta
The first intro to programming class I ever took (not counting things taught in grade school that may have involved turtles) was basically C for Dummies--but of course I forgot all of it. Thanks for the advice, though, it's a way in!
aubrel
@aubrel
The 2018 picoCTF is now open! Anyone who wants to play along can just jump in as an individual -- we're not actually playing this competitively, and I at least might be throwing some ideas and questions in here. :)
0xACAB
@fabacab
It is fun! :)
0xACAB
@fabacab
Whoooo. Well, I'm done for the day. Got through a bunch, have a score of 4,985. I'm pleased by these puzzles, they seem like a good level of hard. How's other people experience been so far?
EcstasyandVendetta
@EcstasyandVendetta
I had some issues getting the game to run early this afternoon but it might just be my old'n'busted laptop that I use for hacker stuff. I've updated all browsers and am giving it another shot. :stuck_out_tongue:
0xACAB
@fabacab
FWIW, you don't need to do the game portion if you just want to tackle the problems. I didn't even look at the game until the end of the day.
EcstasyandVendetta
@EcstasyandVendetta
Yup, found 'em!
Nicholas Marshall
@nialbima
COMPLETELY spaced on
Nicholas Marshall
@nialbima
PicoCTF, but I'm down to work on that this afternoon
camille
@ssempervirens
hey all! how do i join your team for picoctf? 😇
0xACAB
@fabacab

@camfassett Welp! We discovered recently that they changed the PicoCTF mechanics this year. Last year, you were able to re-submit the same answer as someone else on the same team and the game would tell you whether or not the answer was correct. This made it possible to be on the same team but still solve problems (and thus try your hand at learning from them) individually. This year, the game doesn't permit this. Which I suppose makes sense if you're actually a physical classroom, but makes less sense for our situation. Sooo, weirdly, we…no longer really have a team.

You can still create an account as an individual (which you'd need to do anyways), though, so if you wanted to try your hand at the challenges, the best thing to do is simply register at https://2018.picoctf.com and then ping this channel when you're trying a puzzle. :)

aubrel
@aubrel

Hey all lemme ask you something: what year is it?

Because I just spent the good part of a night and a bit of this morning trying to troubleshoot a problem with a USB boot disk thinking there was some bullshit about the filesystem I had to do some hardcore Matrix-fu on and you know what the actual solution was? The USB wasn't getting enough power. The solution, ultimately, was to unplug that shit and then literally wait 5 minutes and plug everything back in again. ???????????????????????????????????? Leaving me staring at the solution's success murmuring softly, "It's 2018" over and over again.

Anyway, for anyone who runs into this problem potentially, what happens is when you try to install an OS using a USB as your boot media, you might get this error that says device descriptor read/64 error -110 -- that last number may vary. Essentially this is a sign that the USB isn't getting enough power to actually serve as a filesystem. After that, you get dropped into an emergency mode shell such as dracut.

To fix this:

  1. Turn off the computer.
  2. Unplug the USB.
  3. Unplug the power supply in the direction of the circuit (so, unplug the computer first, then unplug the connector to the transformer, then from the wall).
  4. Wait 5-10 mins.
  5. Plug everything back in, in the opposite order (wall first, then connector to transformer, then to laptop, then USB).

I did not think this would work, but lo and behold, it fucking did.

whatever man
Most of those sources talk about Ubuntu, but of course the OS doesn't matter -- I was installing Arch when this happened.
0xACAB
@fabacab
:-O
aubrel
@aubrel
Additionally, sometimes when you do this, you may still see that device descriptor read/64 error -### error, but sometimes you just have to give it a little more time and it will actually work. Another thing to try is to put the USB into another USB port, if you have one.
0xACAB
@fabacab
That…is…perplexing.
aubrel
@aubrel
Anyone have any experience with setting up IRC servers and clients
and have any recommendations?
aubrel
@aubrel
Found this great guide by Digital Ocean on setting up an Inspircd IRC server, plus client setup and use with Shaltúre, a fork of Atheme.
aubrel
@aubrel

Update for those who are enthralled with IRC: the above linked Digital Ocean guide turned out to be out of date enough that many things have changed. The newest release (alpha) of InspIRCd came out 5 days ago, also!

So, using the official InspIRCd wiki is proving to be much more fruitful thus far. Specifically, these installation instructions. I'm trying to get this set up now on a Debian stretch VM. Wish me luck, I'll reportback here. :)

EcstasyandVendetta
@EcstasyandVendetta
Note to @camfassett @nialbima and/or anybody else who is messing with PicoCTF, I'm trying to work through the problems independently since it was never a "competitive" endeavor to begin with and will be gradually working to get to the end of it-- (as @meitar mentioned, discovered last weekend I couldn't "catch up" on problems other teammates answered) -- so, happy to use this space to discuss hints/problems/etc. (disclaimer: I am neither a coder, pentester, nor other expert, just a total amateur working on learning new things)
Also there's a dusty old CTF channel where some of us were working on the 2017 competition -- AnarchoTechNYC/CTF
aubrel
@aubrel
:confetti_ball: I managed to get an instance of InspIRCd up and running! :D Woooo! I also wrote Ansible roles for it. My hope is to genericize them enough so that they can be useful as modules for anyone who wants to automatically do this -- but first, I have to roll in a client configuration as well. For anyone who wants to try their hand at setting up an IRC server by hand, I highly recommend the very verbose and long-running InspIRCd; their developers are very cool, the code is riddled with jokes, and the documentation is really great. (Their wiki seems small but it's because most of the documentation is actually IN the config files themselves.)
Anyway the point is that hopefully soon I'll have a generic version that anyone can use to spin up a functional and secure (I hope?) IRC server and client combo with more or less the push of a button. :)
aubrel
@aubrel
Anyone have a favorite IRC client? :) I just tested out my new server using irssi, which seems to be pretty straightforward. Mobile clients also of interest!
0xACAB
@fabacab

Exciting! :)

I have been a little preoccupied as well, working on an Ansible role for Tor Onion services.

aubrel
@aubrel
Am switching gears to making a Prosdony Jabber server. XMPP+OMEMOftw?
aubrel
@aubrel
Learning bits and pieces about OMEMO and how XMPP works generally. I like this world! It's more or less simple to understand. Sadly, there are almost no TUI/console/text-based XMPP clients that support OMEMO, although some folks have been working on adding it to Profanity for a few years now.
Anywhoozlebees, this means that if I want to make a Jabber server that uses a "default" client that supports OMEMO... I have to transition for now into the GUI world. :( OH well.
aubrel
@aubrel
So I'm moving on to check out Ignite Realtime, makers of the OpenFire server and Spark XMPP client. They apparently do support OMEMO. Wish me luck!
0xACAB
@fabacab
@/all There is the potential of a paid opportunity for a qualified PHP developer to help me implement PGP/MIME in my WP PGP Encrypted Emails plugin for WordPress, sponsored by a company in the Netherlands. Is anyone here interested in this or know someone who might be? Please PM or Signal message me for details.
0xACAB
@fabacab
Not sure if this is of interest to anyone but I just contributed what I think is a pretty flexible Ansible role to backup simple servers using Duplicity. I just started using this for my own simple servers and it definitely makes backups less of a headache since all you have to do to schedule a new one is define a new dictionary entry in the duplicity_backup_jobs list. :)
0xACAB
@fabacab
0xACAB
@fabacab

Unsure if anyone here can help but here's a problem I'm running into: I'm trying to have Prosody make s2s connections in a very small test network (two machines). I want userA@s1.invalid to be able to speak with userB@s2.invalid. Classic federation, nothing complex.

I can make this work when not using s2s TLS connections, but whenever I try to make s2s connections over TLS, I see a policy-violation in Prosody's error log (when set to debug), which says Encrypted server-to-server communication is required but was not used. This message comes from this part of the code.

I can't quite figure out why this is happening, though, because I've already:

  1. Generated TLS certificates on both machines, and installed them into Prosdoy.
  2. Installed each certificate on the other machine's root trust store (i.e., into /etc/ssl/certs using dpkg-reconfigure ca-certificates).
  3. Verified that the TLS certs are trusted on the other machine by using a Jabber client (mcabber) in strict TLS mode (set tls = 1) to verify that the mcabber client on s1.invalid can log in and authenticate as userB@s2.invalid from s1.invalid (ensuring that s1.invalid's root certificate store trusts s2.invalid's newly generated TLS certificate), and vice versa.

Sooo…I'm at a loss. It appears as though Prosody's s2s connections just aren't using TLS at all, even though I have explicitly required them and, AFAICT, set it up correctly so that it works flawlessly for at least c2s connections.

Here is a test branch of my current code in a Vagrant multi-machine environment that describes the above situation:
https://github.com/AnarchoTechNYC/ansible-role-prosody/tree/f079a7717876631295b8f045067c9d45c34a85a3/tests

If you want to try it out, the Vagrantfile at that commit should be all you need:

vagrant up && vagrant provision --provision-with=tls

Thanks in advance.

0xACAB
@fabacab
Anyone here practiced with Volatility? I'm playing a CTF courtesy TechLearningCollective.com and am not experienced enough with this tool to know what I'm doing wrong. I have a memory dump, but none of the vol.py plugin commands give me meaningful output, as far as I can tell.
Les Innconnue
@TheMinimalists_gitlab
Hi @fabacab and all respected members of the group . i am an freelancer SDE / infosec auditor working in europe to make scalable , decentralised systems for SaaS across Blockchain / cryptocurrency based use cases (for instance creating DAO social circles to crowdfund the microloans , autonomous community development etc) also you guys fascinated me with your wiki and it aligns with most of the objectives of providing qualitative education in the field of cybersecurity without taking the costliest SANS courses . i will be happy to take part in the meetings on the other alternate platform signal and will be happy to lend hand and share experience in the field of web3 app dev , devsecops etc. regards
2 replies
comrade-tanooki
@comrade-tanooki:matrix.org
[m]
Hi everyone! It’s smaller than I expected it to be in here so I feel obligated to introduce myself rather than just sit around and lurk. I’m a rather beginner leftist but I’ve been up to my neck in theory and loving every minute of it. I’ll be checking out the mr robot hack n learn after some basics!
2 replies
comrade-tanooki
@comrade-tanooki:matrix.org
[m]
Can you send me a link to in reply to? I haven’t found anything specifically leftist while searching for it.
0xACAB
@fabacab
Keep looking. :)
leaps
@ltejedor
hi all! is anyone looking to start an unofficial team for https://ctftime.org/event/1307/?
would be down to join