Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Carles Llobet
@carles.llobet_gitlab
I've seen in https://github.com/blabla1337/skf-flask/blob/040eaf29f220b59b4b9a52a73b61332fb99a23ad/skf/initial_data.py#L11790 that the links are properly set, but when deploying from kubernetes it seems to get old links for the write-ups
spmishra121
@spmishra121
When I am opening demosite, I am not seeing any login page
Am I doing correct?
ShahidAkhterSec
@ShahidAkhterSec
Hi there , i started skf on docker while using windows , Having NGINX issues , 80:80 Permissions issues, cant bind , i changed the port from compose.yml file for nginx , it's running now, but login fails, it says wrong username and password
Username or Password is incorrect.
this's the error that i am getting now
| 2022-07-29 12:48:20 8 [Warning] Aborted connection 8 to db: 'unconnected' user: 'unauthenticated' host: '172.18.0.1' (This connection closed normally without authentication)
skf-mysql_container | 2022-07-29 12:48:30 10 [Warning] Aborted connection 10 to db: 'unconnected' user: 'unauthenticated' host: '172.18.0.1' (This connection closed normally without authentication)
spmishra121
@spmishra121
demo site is not working
@blabla1337 demo site is not working
Carles Llobet
@carles.llobet_gitlab
It is working for me @spmishra121
ShahidAkhterSec
@ShahidAkhterSec
skf-nginx_container | 172.18.0.1 - - [02/Aug/2022:11:22:39 +0000] "GET /pages-auth-auth-module-es2015.js HTTP/1.1" 200 66136 "http://localhost/dashboard" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
skf-angular_container | 172.18.0.2 - - [02/Aug/2022:11:22:39 +0000] "GET /assets/fonts/boxicons.woff2 HTTP/1.0" 200 74712 "http://localhost/styles.css" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "172.18.0.1"
skf-angular_container | 172.18.0.2 - - [02/Aug/2022:11:22:39 +0000] "GET /assets/fonts/materialdesignicons-webfont.woff2?v=5.0.45 HTTP/1.0" 200 276312 "http://localhost/styles.css" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "172.18.0.1"
skf-nginx_container | 172.18.0.1 - - [02/Aug/2022:11:22:39 +0000] "GET /assets/fonts/boxicons.woff2 HTTP/1.1" 200 74712 "http://localhost/styles.css" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
skf-nginx_container | 172.18.0.1 - - [02/Aug/2022:11:22:39 +0000] "GET /assets/fonts/materialdesignicons-webfont.woff2?v=5.0.45 HTTP/1.1" 200 276312 "http://localhost/styles.css" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
skf-nginx_container | 2022/08/02 11:23:11 [error] 24#24: 36 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: , request: "PUT /api/user/activate/1 HTTP/1.1", upstream: "http://172.18.0.6:8888/api/user/activate/1", host: "localhost", referrer: "http://localhost/auth/register"
skf-nginx_container | 172.18.0.1 - - [02/Aug/2022:11:23:11 +0000] "PUT /api/user/activate/1 HTTP/1.1" 502 157 "http://localhost/auth/register" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
skf-nginx_container | 2022/08/02 11:23:23 [error] 24#24: 36 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: , request: "POST /api/user/login HTTP/1.1", upstream: "http://172.18.0.6:8888/api/user/login", host: "localhost", referrer: "http://localhost/auth/login"
I am getting these errors, using docker, OS kali Linux
When i try to log in, it gives error that username or password incorrect
ShahidAkhterSec
@ShahidAkhterSec
Username or Password is incorrect.
environment:
  - FRONTEND_URI=http://localhost
  - SKIP_LOGIN=skfprovider
i also changed these values but , still not working'
ShahidAkhterSec
@ShahidAkhterSec
Anyone?
Carles Llobet
@carles.llobet_gitlab
Are you setting up the account first time before trying to login?
https://skf.readme.io/docs/first-run
ShahidAkhterSec
@ShahidAkhterSec
tried it that way, didnt work
"172.23.0.1"
skf-nginx_container | 172.23.0.1 - - [04/Aug/2022:08:19:50 +0000] "GET /assets/fonts/materialdesignicons-webfont.woff2?v=5.0.45 HTTP/1.1" 200 276312 "http://localhost/styles.css" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
skf-nginx_container | 2022/08/04 08:20:41 [error] 24#24: 8 connect() failed (111: Connection refused) while connecting to upstream, client: 172.23.0.1, server: , request: "PUT /api/user/activate/1 HTTP/1.1", upstream: "http://172.23.0.5:8888/api/user/activate/1", host: "localhost", referrer: "http://localhost/auth/register"
skf-nginx_container | 172.23.0.1 - - [04/Aug/2022:08:20:41 +0000] "PUT /api/user/activate/1 HTTP/1.1" 502 157 "http://localhost/auth/register" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
skf-nginx_container | 2022/08/04 08:20:50 [error] 24#24: 8 connect() failed (111: Connection refused) while connecting to upstream, client: 172.23.0.1, server: , request: "POST /api/user/login HTTP/1.1", upstream: "http://172.23.0.5:8888/api/user/login", host: "localhost", referrer: "http://localhost/auth/login"
skf-nginx_container | 172.23.0.1 - - [04/Aug/2022:08:20:50 +0000] "POST /api/user/login HTTP/1.1" 502 157 "http://localhost/auth/login" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
skf-nginx_container | 2022/08/04 08:22:52 [error] 24#24: *51 connect() failed (111: Connection refused) while connecting to upstream, client: 172.23.0.1, server: , request: "PUT /api/user/activate/1 HTTP/1.1", upstream: "http://172.23.0.5:8888/api/user/activate/1", host: "localhost", referrer: "http://localhost/auth/register"
skf-nginx_container | 172.23.0.1 - - [04/Aug/2022:08:22:52 +0000] "PUT /api/user/activate/1 HTTP/1.1" 502 157 "http://localhost/auth/register" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
curl http://172.23.0.5:8888/api/user/login
curl: (7) Failed to connect to 172.23.0.5 port 8888 after 0 ms: Connection refused
tried to curl it, connection refused
spmishra121
@spmishra121
@blabla1337 , code/test section is not displayed in Manage Project. Why?
image.png
Petter Moe Kvalvaag
@pettermk
Hi there, I just started using SKF (and it's awesome!) in openshift and azure kubernetes, pretty much straight from the manual. I hit two snags, one was mentioned earlier about using the beta version for k8s ingress which is deprecated since k8s 1.22, and there was another error where a non-existing jwt exception was thrown in security.py. So I was intending to make a PR with fixes, but then I found the soo branch which has loads of changes. Do you currently recommend to run this from the soo branch, or maybe I should run from main but patch those things locally, or does it make sense to apply the patches in main (i.e. make a PR)?
Glenn ten Cate
@blabla1337
Hmm maybe a glitch? @spmishra121
@pettermk aah yes indeed we fixed those things in the soo branch. We hope to release it somewhere next week. We are waiting for the last SSO implementation fix and redesign of the ux
But both tasks are 90% complete and we can officially release it all again and be same with main branch
Petter Moe Kvalvaag
@pettermk
@blabla1337 that's great news, no worries then, I'll hang tight until the release
waleadeleke
@wale-adeleke
Happy Friday everyone, can someone kindly direct me on the first steps for using/implementing skf
spmishra121
@spmishra121
Hi @blabla1337 , One of my senior told me that there was an option to create Labs in SKF. Is that functionality has been removed?
waleadeleke
@wale-adeleke
@blabla1337 kindly assist with hands on implementtion of skf
jfc2wqz8mx
@jfc2wqz8mx:matrix.org
[m]
Does OWASP-SKF has a public API?
Glenn ten Cate
@blabla1337
@wale-adeleke Hi, with what do you need help?
@spmishra121 Making new labs are quite easy, we have a special repo with 70+ labs in Java, Nodejs, Python
just copy one of the existing labs so you have the same layout and style and start implementing your vulnerable function :)
After that make a new MD file in the repo that explains the steps and create a PR
we will make sure to build it and add it to the list of Labs in SKF
here you can find all the labs and write-ups
https://github.com/blabla1337/skf-labs
@jfc2wqz8mx:matrix.org for now it's accessible without any authentication for the platform we host, so the API is directly accessible
in the near future we are releasing with the SSO feature enabled as you can earn badges and points
so the API is still accessible but you need an Auth header :)
We are currently doing the last tests of some improvements and SSO finetuning but it looks pretty good and stable
ready to be released and merged with the main branch very very soon
Also a major improvement are the Hack-OS Labs, this will give you full access to a real OS with the code editors, security tools and the labs code
Glenn ten Cate
@blabla1337
to really do it all
Screenshot 2022-09-16 at 20.51.38.png
Alex Romero
@NtAlexio2
OMG! Marvelous! @blabla1337
Riccardo ten Cate
@RiieCco

Hey everybody!

We want to plan in a set of SKF alignment meetings where we check what the future of the SKF should be in terms of features it should enclose, but also features that are hardly ever used so we can make EOL. I will drop some dates here soon so if you are interested in following this discussion please feel free to join!

So, for our first agenda I think it would be nice to have a bit of input from here like for example:

  • Who uses the requirements wizard?
    • if yes, are there any improvements you can suggest
  • Who uses code examples?
    • if yes, are there any improvements you can suggest
  • Who uses the Labs?
    • are you then also reading the write-ups?
    • are you missing labs or types of labs?

we are aware that deploying SKF gets harder because of all the complexity and impediments to the tech stacks that we use to deploy labs on the fly.
Would you be opposed to making SKF more SaaS-oriented so you don't have to go through the hassle of setting everything up yourself?

If yes, what would be your main concern?
if not, what would we need to change to facilitate that better?

Cheers! :-)