profile
viewpoint
Jannik Vieten exploide Tübingen, Germany IT Security guy, open-source enthusiast, likes to keep things simple, <3 Python

fwupd/fwupd 1013

A simple daemon to allow session software to update firmware

exploide/sc-photo-service 6

Photo upload service for StreetComplete

exploide/osm-tool-stats 2

Create simple usage graphs for a given OpenStreetMap editor

exploide/ulpcrypt 2

Implementation of the U-LP Cryptosystem

exploide/ansible-role-dnf-automatic 0

This role installs, configures and activates dnf-automatic via Ansible on hosts which use the dnf package manager.

exploide/firewalld 0

Firewall daemon with D-Bus interface

exploide/securitools 0

A collection of small security related tools

matedealer/hackingToolCollection 0

This repository should be a collection of utilities and tools usefull for hacking and stuff.

delete branch exploide/fish-shell

delete branch : micro

delete time in 8 days

PR opened fish-shell/fish-shell

Added completions for micro

Description

Added completions for micro editor.

TODOs:

<!-- Just check off what what we know been done so far. We can help you with this stuff. -->

  • [ ] Changes to fish usage are reflected in user documentation/manpages.
  • [ ] Tests have been added for regressions fixed
  • [ ] User-visible changes noted in CHANGELOG.rst
+19 -0

0 comment

1 changed file

pr created time in 9 days

fork exploide/fish-shell

The user-friendly command line shell.

https://fishshell.com

fork in 9 days

create barnchexploide/fish-shell

branch : micro

created branch time in 9 days

startedgentilkiwi/mimikatz

started time in 10 days

issue commentlgandx/Responder

Responder Not Seeing NBNS and LLMNR traffic

Can confirm this behaviour. This happens since f84ad05e9a06f04a4491723ba4416f095ccbf370 by @nickyb.

I suspect the sockets to not accept broadcast traffic like NBNS/LLMNR/MDNS when an explicit bind address has been given. According to https://stackoverflow.com/a/32372627 either use the empty string as before or try to determine the correct broadcast address for the subnet the interface is listening on.

Fi1o

comment created time in 12 days

issue closedexploide/ansible-role-dnf-automatic

latest changes with new command are not released on ansible galaxy yet

I was reading and using the documentation like in the readme file, however the version here in master is newer then the latest release on ansible galaxy, so the new commands documentend in the readme don't work with the role in the readme yet (Swtiching to 'https://github.com/exploide/ansible-role-dnf-automatic.git' as a src for the role does work)

closed time in 23 days

JensTimmerman

issue commentexploide/ansible-role-dnf-automatic

latest changes with new command are not released on ansible galaxy yet

Maybe I forgot that, not sure. I don't use the role by myself at the moment. But I'm willing to fix bugs and accept pull requests if people like it.

Just reimported the role at Galaxy. I also needed to adapt the versioning scheme to semver to please the Galaxy importer.

Please try again and feel free to report back if it still doesn't work.

JensTimmerman

comment created time in 23 days

delete tag exploide/ansible-role-dnf-automatic

delete tag : 1.0

delete time in 23 days

delete tag exploide/ansible-role-dnf-automatic

delete tag : 2.0

delete time in 23 days

created tagexploide/ansible-role-dnf-automatic

tag1.0.0

This role installs, configures and activates dnf-automatic via Ansible on hosts which use the dnf package manager.

created time in 23 days

created tagexploide/ansible-role-dnf-automatic

tag2.0.0

This role installs, configures and activates dnf-automatic via Ansible on hosts which use the dnf package manager.

created time in 23 days

delete tag exploide/ansible-role-dnf-automatic

delete tag : v2.0

delete time in 23 days

delete tag exploide/ansible-role-dnf-automatic

delete tag : v1.0

delete time in 23 days

created tagexploide/ansible-role-dnf-automatic

tag1.0

This role installs, configures and activates dnf-automatic via Ansible on hosts which use the dnf package manager.

created time in 23 days

created tagexploide/ansible-role-dnf-automatic

tag2.0

This role installs, configures and activates dnf-automatic via Ansible on hosts which use the dnf package manager.

created time in 23 days

startedhtop-dev/htop

started time in 25 days

Pull request review commentfwupd/fwupd

Do not return HSI attributes when running in a VM

 fu_main_daemon_method_call (GDBusConnection *connection, const gchar *sender, 	if (g_strcmp0 (method_name, "GetHostSecurityAttrs") == 0) { 		g_autoptr(FuSecurityAttrs) attrs = NULL; 		g_debug ("Called %s()", method_name);+		if (priv->is_vm) {+			g_dbus_method_invocation_return_error_literal (invocation,+								       FWUPD_ERROR,+								       FWUPD_ERROR_NOT_SUPPORTED,+								       "HSI unavailable for hypervisor");

systemd-detect-virt has also implemented such checks: https://github.com/systemd/systemd/blob/5b14956385ee1076b98c3ca730bb9c1c9e95fc22/src/basic/virt.c#L450

hughsie

comment created time in a month

PullRequestReviewEvent

issue commentfish-shell/fish-shell

Fix package manager

Are you sure yum is deprecated on RHEL/CentOS? On Fedora, yum was replaced by dnf some time ago. On RHEL/CentOS, it is in fact the same dnf tool that is installed at least on more recent versions. But as far as I know, it is still named yum for some reasons instead of dnf. But I might be wrong. Maybe you have a reference (explicitly mentioning RHEL/CentOS, not Fedora where this is clear)?

ryuichi1208

comment created time in a month

delete branch exploide/fish-shell

delete branch : grep

delete time in a month

pull request commentSecureAuthCorp/impacket

Add smbpasswd.py script

Nice, this was very useful when trying to change a password that was expired. Samba smbpasswd did not work while your script did it. :+1:

Two notes:

It seems there is an uncaught exception when the new password does not conform to the password policy, maybe catch that?

Traceback (most recent call last):
  File "./smbpasswd.py", line 51, in <module>
    hSamrUnicodeChangePasswordUser2(args.username, args.oldpass, args.newpass, args.target)
  File "./smbpasswd.py", line 40, in hSamrUnicodeChangePasswordUser2
    resp = samr.hSamrUnicodeChangePasswordUser2(dce, '\x00', username, oldpass, newpass)
  File "/home/user/.local/lib/python2.7/site-packages/impacket/dcerpc/v5/samr.py", line 2800, in hSamrUnicodeChangePasswordUser2
    return dce.request(request)
  File "/home/user/.local/lib/python2.7/site-packages/impacket/dcerpc/v5/rpcrt.py", line 877, in request
    raise exception
impacket.dcerpc.v5.samr.DCERPCSessionError: SAMR SessionError: code: 0xc000006c - STATUS_PASSWORD_RESTRICTION - When trying to update a password, this status indicates that some password update rule has been violated. For example, the password may not meet length criteria.

Besides, maybe it could be useful if one could omit the password from cli args and the script will prompt for it then. Similarly to what wmiexec.py and the other scripts do.

snovvcrash

comment created time in a month

PR opened fish-shell/fish-shell

corrected grep completions

Description

Fixed wrong and misleading descriptions of grep completion.

TODOs:

<!-- Just check off what what we know been done so far. We can help you with this stuff. -->

  • [ ] Changes to fish usage are reflected in user documentation/manpages.
  • [ ] Tests have been added for regressions fixed
  • [ ] User-visible changes noted in CHANGELOG.rst
+2 -2

0 comment

1 changed file

pr created time in a month

create barnchexploide/fish-shell

branch : grep

created branch time in a month

fork exploide/fish-shell

The user-friendly command line shell.

https://fishshell.com

fork in a month

pull request commentfish-shell/fish-shell

Move fish_greeting to a function

When launching a fish for the first time, I usually only need to do two things: First, add the sbin directories to the PATH and second, disable the fish_greeting message. What is the preferred way for doing the latter, now that it is a global variable instead of a universal? Prior to that I just ran set fish_greeting.

faho

comment created time in a month

delete branch exploide/dirsearch

delete branch : todo

delete time in 2 months

startedzyedidia/micro

started time in 2 months

issue closedfwupd/fwupd

why fwupdmgr update do nothing?

I was running $ fwupdmgr get-devices and it show me available updates for my SSD and the HDD, but when I try to apply them with $ fwupdmgr update the program do nothing. It shows 2 available firmware updates but don't download them. If you want to know, the output of fwupdmgr get-devices is this: HP SSD S700 500GB DeviceId: 602b0a6cc821d155208724f0e22f8d111542b74c Guid: 41f37fa4-1547-5b0d-9590-361fa72eacef <- IDE\HP_SSD_S700_500GB_______________________S0704A1 Guid: 7757a94e-3025-5be0-acc2-cdd5d242e92b <- IDE\0HP_SSD_S700_500GB_______________________ Guid: cdf8337b-1809-5c0c-865b-ef7b6a2c9f82 <- HP SSD S700 500GB Serial: HBSA39471204280 Summary: ATA Drive Plugin: ata Flags: internal|updatable|require-ac|registered|needs-reboot Version: S0704A1 Icon: drive-harddisk Created: 2020-08-01

TOSHIBA HDWL110 DeviceId: 0a8c36d4c09c803cd6b5861e443fb7a41a20cbe6 Guid: 2dda3b56-e90b-5d08-be60-ee95f801a9ef <- IDE\TOSHIBA_HDWL110_________________________JU000A Guid: 1f02e129-be3b-5e98-a295-b16bb982c058 <- IDE\0TOSHIBA_HDWL110_________________________ Guid: 8bc39900-5acd-5141-b937-ee081bfdf46d <- TOSHIBA HDWL110 Serial: Z9F1PPV2T Summary: ATA Drive Plugin: ata Flags: internal|updatable|require-ac|registered|needs-reboot Version: JU000A Icon: drive-harddisk Created: 2020-08-01 Don't know if is important, but both devices are replaces; the SSD replace the original HDD, and the HDD is in a caddy drive, replacing the DVD drive

fwupd version information $ fwupdmgr --version

client version:	1.2.5
compile-time dependency versions
	gusb:	0.3.0
	efivar:	37
daemon version:	1.2.5

closed time in 2 months

Bonteruel

issue commentfwupd/fwupd

why fwupdmgr update do nothing?

Seems the question is answered. I'm closing. Feel free to respond if anything is left from your side.

Bonteruel

comment created time in 2 months

pull request commentmaurosoria/dirsearch

Added todo.txt to dictionary

duplicate of #260 :wink:

asokol123

comment created time in 2 months

issue commentfwupd/fwupd

why fwupdmgr update do nothing?

Ah, I see. So a brief description of the most important commands:

  • fwupdmgr get-devices Lists all devices on your system fwupd is aware of. This does not mean it currently has any update available nor does it mean updating is supported at all for that device.
  • fwupdmgr refresh updates the metadata to get aware of new firmware files on the LVFS server.
  • fwupdmgr get-updates shows available updates for your devices.
  • fwupdmgr update actually installs the available updates.

I think fwupdmgr --help is also helpful.

So in summary, if you refreshed the matadata but get-updates shows nothing, even with an up to date fwupd version, then your firmware already is fully updated. get-devices only tells you what devices fwupd is aware of on your system.

Bonteruel

comment created time in 2 months

issue commentfwupd/fwupd

why fwupdmgr update do nothing?

For an in-depth analysis, I think you need to wait for Richard or Mario to take a look.

But I noticed you are using an horribly outdated version of fwupd. I think SSD/HDD support was achieved rather recently. Maybe you can try with a newer version of fwupd.

(PS: wrapping your output in three backticks makes it much easier to read here)

Bonteruel

comment created time in 2 months

issue commentcheat/cheat

New grammar path/cheatsheet?

This would conflict with the ability of cheat to use cheatsheets from subdirectories. How to distinguish community being a tag or a subfolder in your example?

lengyijun

comment created time in 2 months

push eventexploide/securitools

exploide

commit sha cee39dccc9a7075ccbb6c32f73dbddf95ce40efe

php webshell: deal with disabled functions

view details

push time in 2 months

issue openedAdrianVollmer/PowerHub

Use of multiple crypto libraries

On dev branch, requirements.txt currently lists pycryptodome as a dependency for AES encryption. Though, when running powerhub.py, it errors out with ModuleNotFoundError: No module named 'Cryptodome'.

This is because the package pycryptodome actually makes available a module named Crypto. The module Cryptodome you use here is instead contained in a package named pycryptodomex. So the entry in requirements.txt should probably be fixed.

I also noticed, that PowerHub makes use of pyOpenSSL for key and certificate handling. The project page of pyOpenSSL states:

Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency.

That cryptography package is also already present, currently as a dependency of service_identity.

So PowerHub currently has pycryptodome/pycryptodomex, pyOpenSSL and cryptography installed. I bet one of them is sufficient (probably cryptography) but I haven't looked into the details.

created time in 2 months

PR opened maurosoria/dirsearch

dict: added todo.txt

todo.txt, a typical file used to note some bits down.

+1 -0

0 comment

1 changed file

pr created time in 2 months

create barnchexploide/dirsearch

branch : todo

created branch time in 2 months

fork exploide/dirsearch

Web path scanner

fork in 2 months

issue openeddiego-treitos/linux-smart-enumeration

lse_sudo_commands: readonly variable

When running lse on Debian 10 without -i option, the following error occurs:

[!] sud030 Can we list sudo commands with a password?......................lse.sh: line 402: lse_sudo_commands: readonly variable
 nope

While it continues when running under bash, it aborts completely when running with /bin/sh.

created time in 2 months

push eventexploide/sc-photo-service

Tobias Zwick

commit sha 23188fae16b2cca412077bd518310729f6df9621

wip refactor to use classes

view details

Tobias Zwick

commit sha c63cb54b3814aff60d7955e8f9fe92eedc6662a8

wip...

view details

Tobias Zwick

commit sha ac56335cd0412e69f7ba3a8110207ba25da4f798

complete refactor

view details

push time in 2 months

PR merged exploide/sc-photo-service

Refactor
  • make code more alike the sc-statistics-service
  • put functionality into classes (daos, parsers, models,...)
  • easier setup (no need to execute migrate_db.php)
  • logging the clean up
  • cleaning up more (in case there was a bug or manual deletion in the past)
  • clean-up job takes off where it stopped (in case it is cancelled because it is running too long)
+407 -255

1 comment

14 changed files

westnordost

pr closed time in 2 months

pull request commentexploide/sc-photo-service

Refactor

Looks good to me. :)

Except the missing newlines at the end of some files. When strictly following POSIX/Unix, these are per definition not lines which might question if the files are actually text files. But most software will cope with that, so I think it's fine for now. (Maybe your editor is doing this oddity.)

I reviewed but haven't tested the code, but since this software is running on your space anyway and I assume it already does, I'm going to merge it. Thanks.

westnordost

comment created time in 2 months

push eventexploide/securitools

exploide

commit sha befbd9c3dd821eb978cb01a9199ab6044067f3d1

jsp webshell: removed request-character-encoding since it was causing issues

view details

push time in 2 months

push eventexploide/securitools

exploide

commit sha ba85c607a303ee33f33649422f8412d0df606b49

webshells: added simple shell history

view details

push time in 2 months

push eventexploide/securitools

exploide

commit sha fd572e92af30d242167ec792166e0438b10f123b

jsp webshell: make clean removes all *.war

view details

push time in 2 months

push eventexploide/securitools

exploide

commit sha b61b7363ec3b703034a68a246b607d80d2d1780d

jsp webshell: add download file functionality

view details

push time in 2 months

push eventexploide/securitools

exploide

commit sha d5a2a0ab6b1f8b6354542ca44c2439633c422f97

jsp webshell: added stealth password

view details

push time in 3 months

push eventexploide/securitools

exploide

commit sha 497a60f1bad626f611b7db4bbdb9904fee1b194c

php webshell: stealth password + cleanup

view details

push time in 3 months

issue commentSecureAuthCorp/impacket

RCE or interaction with a host without SMB(445)

Did you try smbexec.py -port 139?

bkmy625

comment created time in 3 months

delete branch exploide/fish-shell

delete branch : hostnames

delete time in 3 months

issue commentpypa/pipenv

Fish completions don't tab complete file paths

For me, the most annoying part is, that e.g. pipenv install -r does not trigger file completions. However, it looks like pipenv itself is not the problem, but the autogenerated completions from click-completion. See https://github.com/click-contrib/click-completion/issues/26

bram2000

comment created time in 3 months

issue commentclick-contrib/click-completion

file/path completion

While using pipenv, which makes use of click-completion, I encountered this problem, too. E.g. pipenv install -r should complete files, but doesn't, which is annoying. A related issue was reported there https://github.com/pypa/pipenv/issues/3478

I took a look at the code of click-completion. The -f option mentioned in the first comment is obviously the cause for this. But just removing the -f would imply that unnecessary file arguments get completed when, for example, just subcommands make sense.

So either the stub fish completion template needs to become more complex (don't know yet how to do that in an universal way) or click-completion needs to emit file completions by itself (and stay with the global -f).

It looks like this is done for the zsh completion automatically when there are no other explicit arguments to complete. However, the way this is done seems not to work with fish. So maybe this needs indeed to be done with an additional function. The completions for pip (without click-completion) do something like that: https://github.com/pypa/pip/blob/69a811cec64d16f4a3c84f685c50ac319f938772/src/pip/_internal/cli/autocompletion.py#L136

Instead of doing this when there are no other explicit arguments, it could be reasonable to check if the to be completed option is a click file argument https://click.palletsprojects.com/en/master/arguments/#file-arguments (though, I have no experience with click).

Would be great if this can eventually be resolved somehow.

flokno

comment created time in 3 months

PR opened fish-shell/fish-shell

__fish_print_hostnames: match IPv6 addresses + cleanup

Description

__fish_print_hostnames was only printing the first two bytes of an IPv6 address until the first colon, e.g. 2a03. This PR changes the regex in order to match the whole IPv6 address.

  • accept : in hostname, don't know why it was excluded. Maybe to exclude port numbers, but these come after the ] in known_hosts so it should be fine
  • filter out empty lines (replace -f)
  • typo in Cygwin
  • removed comment concerning awk since it is not used here

TODOs:

<!-- Just check off what what we know been done so far. We can help you with this stuff. -->

  • [ ] Changes to fish usage are reflected in user documentation/manpages.
  • [ ] Tests have been added for regressions fixed
  • [ ] User-visible changes noted in CHANGELOG.rst
+4 -5

0 comment

1 changed file

pr created time in 3 months

create barnchexploide/fish-shell

branch : hostnames

created branch time in 3 months

more