Guanin has quit [Remote host closed the connection]
sir_guy_carleton has quit [Quit: WeeChat 2.4]
Synthetica has quit [Quit: Connection closed for inactivity]
drakonis has quit [Read error: Connection reset by peer]
drakonis has joined #nixos-chat
<andi->
Just tried to at seccomp support to my terminal.. basically set strict mode as the first line of the program and it could still exec the shell o.O
<andi->
oh, nvm.. thats because of the other thread.. it is per thread... m(
<samueldr>
ugh, wondering if there's something wrong in my setup, but couldn't say what, but in about 2 week's time I had two usb ethernet dongle die, now apparently a usb hub that worked died
<samueldr>
though AFAICT it's most likely bad luck and coincidence
<samueldr>
and I was saying that because it looks like the devkit's usb port is failing
<Synthetica>
Does anyone know a way to include "sprint labels" like they have in this graph?
<pie___>
the PR worked for me at one point i think
<pie___>
however
<pie___>
LDAP2NIX when? ;P
<etu>
infinisil: From my testing so far, it broke eval for me :D
waleee has joined #nixos-chat
endformationage has joined #nixos-chat
waleee has quit [Ping timeout: 272 seconds]
Myhlamaeus has joined #nixos-chat
<etu>
infinisil: My printer is (mostly) configured with that PR now \o/
<etu>
infinisil: [mostly] Not default paper size since there's no option for that, we should add that later :)
<eyJhb>
No clue how well printers at my Uni would work, which uses SMB as far as I remember...
<etu>
You can probably specify some URI for cups for that as well
<eyJhb>
Yeah, but still no fun... :/ But will look at it
<eyJhb>
But, really, how often does one print :D
<etu>
Not often, which makes it worse every time you need it
<etu>
That's why I want it in my config not not have to deal with it as much :p
<eyJhb>
True.. Currently I just use webprint and email print which is available at my university :D
<eyJhb>
So I can get away with not having it setup
<adisbladis>
I had something similar at home before.. Just a web server on a pi that can take a pdf and print it
drakonis1 has joined #nixos-chat
<eyJhb>
The fun thing here is, that we have credits. And the backend is some microsoft BS.. So basically, sometimes you can give it a PDF, it will start to print it saying "ay okay, I can do this", the printer chokes, steals your credit and no print out...
<monsieurp>
life is tough sometimes but chin up
<eyJhb>
Got a couple of jobs at uni, so now I print for freeeeeeeeeeeeeeeeeee!
<eyJhb>
But there is actually a line/study/whatever called architecture and design, where it is part of the evalution how "pretty" their reports are. So, it is not unusual for them to get the report printed prefesionally for 241EUR/268USD/1.800DKK...
<eyJhb>
And that is twice a year..
<pie___>
kek... ;/
drakonis1 has quit [Quit: WeeChat 2.4]
drakonis_ has joined #nixos-chat
drakonis has quit [Ping timeout: 258 seconds]
drakonis_ has quit [Ping timeout: 252 seconds]
<joepie91[m]>
quote from a Microsoft article:
<joepie91[m]>
> A modern OS, is also secure by default, the state is separated from the operating system; compute is separated from applications; this protects the user from malicious attacks throughout the device lifecycle.
<{^_^}>
error: syntax error, unexpected ',', expecting ')', at (string):254:12
<eyJhb>
But, always web related. Basically a introduction to `hacking`, and want to start at the basics.. So injection seems like a good starting point.
<pie_>
hot take: tl;dr of hacking: attacker controlled data misinterpreted as code
<eyJhb>
And currently want to show when and what you can do.. E.g. sqli, command, xss, template injection. And the wheres -> web, applications (gui, cli)
<__monty__>
Everyone knows the basics of hacking are lock picking : >
<pie_>
^
<eyJhb>
__monty__ I also plan to do that! But with hammers. \s
<eyJhb>
pie_: I have a evil evil challenge for eval... :p
<pie_>
"lock picking! but with hammers! :D"
<pie_>
you have an eval challenge for evil
<pie_>
eval, evil, whats the difference
<eyJhb>
People so often tend to just do `eval("2+2")` if you present a nc service with calculations. Let them do 100 of them, and then put some evil code inside 101
<pie_>
i had such a hard time on a wargame with $()
<pie_>
back when i knew even less bash
<eyJhb>
how so?
<pie_>
well, i didnt know i could run code in a quoted string with $() :D
<pie_>
or something like that
<pie_>
because i didnt know it existed
<joepie91[m]>
pie_: attacker-controlled data misinterpreted as legitimate*
<eyJhb>
pie_: you will love this challenge then ;) (pm)
<gchristensen>
(aka confused deputy problem)
<joepie91[m]>
(this nicely covers social engineering, too :D)
<pie_>
but i had this like, decision tree all laid out and everything when i was asking for help
<pie_>
i was so close lmao
<joepie91[m]>
(and lockpicking, for that matter!)
<pie_>
"obviously this and this and this does not work, by exhaustive search that leaves the following possibilities..." :D
<pie_>
well anyway
<pie_>
problem solving \o/
<joepie91[m]>
eyjhb: is the objective here to teach people how to defend?
<joepie91[m]>
gchristensen: that's just a subset of it!
<eyJhb>
joepie91[m]: well, both yes and no. If you know some tools related to hacking, you also know how to defend yourself! But generally to get more people involved, and not just the "pc nerds"
<pie_>
i still cant do php object whatever thing injection
<pie_>
eyjhb, i think getting more people involved is a pretty high bar
<eyJhb>
We had some great people at the last event, some who were a boot author, who knew very little! But she learned sooo much, and enjoyed it!
<pie_>
but actually one of my work colleagues in administration started doing a ctf!
<pie_>
i was like wow, and she is quite low on the hacking aptitute scale but she's trying
<eyJhb>
It is, but Denmark isn't that big ;) - Currently a lot of investments are going towards cyber security
<eyJhb>
pie_: sweet! :D
<joepie91[m]>
eyjhb: the reason I ask is because the absolute basic thing about defense is threat modelling, not a specific class of attack :) and it's a basic principle that's all too often overlooked and/or just assumed to be known by the people who are learning
<joepie91[m]>
(and they usually don't!)
<pie_>
eyjhb, which is weird, given denmark in the scale of things
<joepie91[m]>
so if the goal is to make security insightful, especially from a defensive standpoint, I'd put threat modelling front-and-center
<joepie91[m]>
reasoning through what people might do, how they might abuse things, etc.
<joepie91[m]>
why they might want to do so, and how mitigations relate to that
<pie_>
joepie91[m], "just assumed to be known by the people who are learning" are you sure? or is it that the teachers dont know how to do it either :p
<joepie91[m]>
and then working the specific examples, eg. SQLi, into that as case studies of sorts
<eyJhb>
joepie91[m]: do you have any good resources on it, now that you mention it? Because sounds like something that could be useful!
<pie_>
i dunno ¯\_(xD)_/¯
<samueldr>
don't forget JS/CSS injections
<pie_>
i started collecting resources at some point when i tried to start working on an OSS security related project
<samueldr>
especially the CSS ones which sound benign at first
<pie_>
but i dont htink i got very far
<eyJhb>
Should properly create a repo that could just function as a issue tracker/idea place... Only have a private one for challenge ideas
<joepie91[m]>
pie_: little bit of both. threat modelling is one of those 'implicit skills' that people pick up from experience in the field, but rarely acknowledge as a formal process that can be explained... and I find that a lot of more skilled security people genuinely don'
<joepie91[m]>
oops
<joepie91[m]>
pie_: little bit of both. threat modelling is one of those 'implicit skills' that people pick up from experience in the field, but rarely acknowledge as a formal process that can be explained... and I find that a lot of more skilled security people genuinely don't realize that newbies don't have this understanding *
<joepie91[m]>
and that what they assume to be basic knowledge, is actually the product of their experience
<pie_>
aha
<pie_>
im generally like "how does babby ___???" but also just make everything theoretically properly hardened
<pie_>
the noob and the ivory tower xD
<joepie91[m]>
eyjhb: I don't have any particularly good resources on it, unfortunately, due to aforementioned problem; it's rarely taught explicitly... I've been working on it, but see https://twitter.com/joepie91/status/1067832592379117568
<pie_>
meanwhile im sitting here trying to figure out what the correct magic incantations are to get R to process my data correctly...
<pie_>
maaaaybe the Security Engineering book has something
<__monty__>
Working with R is like figuring out an injection attack : >
<joepie91[m]>
(some of those attacks use JS, some not!)
<pie_>
does this calculator even work
<joepie91[m]>
fullsize overlays in particular are pretty nasty attacks for phishing
<eyJhb>
pie_: it should! Unless somebody cleared it again
<eyJhb>
WOrks for me pie_ ;)
<pie_>
oh thats just a placeholder
<pie_>
i was just pressing enter on an empty field
<joepie91[m]>
and work on most sites that 'sanitize' HTML
<pie_>
bad UX :PP
<eyJhb>
joepie91[m] overload of information I am trying to organise here :D - But really good suggestions!
<eyJhb>
pie_ but you are meant to break the calculator and get `flag.txt` ;) :p
<joepie91[m]>
eyjhb: info-dumping is my specialty :P
<joepie91[m]>
(I'm only half joking)
<eyJhb>
joepie91[m]: basically did a ctrl+c and have to shift and gather the information later :p Currently still hell to structure the whole project!
<joepie91[m]>
np
* joepie91[m]
usually tries to structure his infodumps such that they contain all the necessary info to review on one's own later :P
<eyJhb>
Haha, great ;) - There are logs of #nixos-chat, online, right?
<eyJhb>
What are the policies on publishing logs from the chat? :p
<gchristensen>
there are published logs (see topic) but it might be weird to show up in presentations, so maybe check up with people if you want to quote them?
<eyJhb>
gchristensen: basically for later use, since I hate having random chat logs various places on my computer :) - So just thinking of placing a link of e.g. https://logs.nix.samueldr.com/nixos-chat/2019-05-29#2259476; in a issue, so I can shift through it later
<gchristensen>
sure
<samueldr>
don't worry, it's a public ressource
<eyJhb>
Is there a nice way to mark from line X to Y samueldr ?
<samueldr>
it's slowly being indexed by the googles and serving results for obscure issues within nixpkgs!
<samueldr>
eyjhb: click timestap, shift click to next
<eyJhb>
samueldr: great, thanks!
<eyJhb>
Done and done! Thanks for the help guys ;)
<eyJhb>
and pie_ lets see if you can solve the challenge :p Don't know if __monty__ every finished
<pie_>
well, im not stumped yet but im out of ideas
<eyJhb>
The sourcecode is actually public for that challenge
<__monty__>
Nope, gave up.
<samueldr>
what challenge? (lazy)
<pie_>
internal server error
<pie_>
oops :D
<samueldr>
on my thing?
<eyJhb>
samueldr: PM'ed it :p
<samueldr>
thanks, it explains why I didn't see it in the backlog
<eyJhb>
pie_: yeah it doesn't give many errors, except the dreaded firewall! ;) :p
<eyJhb>
Yeah sorry, seeing as it doesn't have healthchecks implemented, it is quite easy to ruin/destroy it
<eyJhb>
So, don't like to paste it into a chat with a bunch
<samueldr>
no worries
<samueldr>
entirely understandable; after all, it's a chat with plenty of possibly powerful wizards and witches
<eyJhb>
Precisely ;) Also I had someone rage over it, and just.. Yeah.. Destroyed the whole container. Running everything as root => not smart
<samueldr>
wondering: is this a beginner thing or an expert thing (no spoilers)
<eyJhb>
My initial thought was beginner level, but some stuff were added to make it `a little` harder. So... Somewhere inbetween
<eyJhb>
The harder stuff is basically.. Yeah, you will see when you hit it
<eyJhb>
Does anyone in here actually do CTFs? Even small ones (participate)
<samueldr>
never did
<samueldr>
except if, way back when, hack this site counted for something
<eyJhb>
Well, it counts for something! Which reminds me, I should properly also inform in.. What is the `do's` and `don'ts`... Way to many just start trying SQLi on random sites :(
<eyJhb>
samueldr: getting closer it looks like!
<samueldr>
definitely, ensure you have the authorization to play with the site
<samueldr>
some sites (like facebook) have rules to follow
<eyJhb>
Yeah, and even if you get auth from someone, ensure you have it on paper, email, etc. and he/she is allowed to do so :p
<eyJhb>
samueldr: something like hackerone? Or do they ahve their own program?
<pie_>
samueldr, i think hack this site count :p
<pie_>
counts
<samueldr>
not sure about facbeook, it might have changed, but yeah, many sites have rules to follow
<samueldr>
facbeook, the new and improve sites where you beook your facs :/
<eyJhb>
beook?
<samueldr>
I said "facbeook" while mistyping :)
<samueldr>
it has no meaning (that I know of)
<eyJhb>
Ohhh, didn't notice...
<eyJhb>
There is a reason why I am.. Bad at forensics. Everything seems a' okay' to me
<pie_>
lol
<pie_>
damn you sniped me with this challenge
<eyJhb>
pie_: progress? :p
<pie_>
not much
<eyJhb>
pie_ you can look at the source, if you want to make it easier, will still require some thinking thou
<joepie91[m]>
eyjhb: fwiw, consider this blanket permission from me to quote my end of conversations in here :P
<pie_>
well i still dont get everything but i think i have a vague idea whats going on (havent checked source)
* joepie91[m]
treats this as a public channel
<pie_>
yeah thats an obscure feature
<eyJhb>
joepie91[m]: perfect ;)
<eyJhb>
pie_: obscure feature?
<pie_>
well, obscure unless you actually use bash for anything nontrivial in which case i dislike your choice of technology xD
* pie_
plays around some more
<samueldr>
oh
<pie_>
though im still not sure why a certain style of exploit im trying isnt working so i guess its still wrong
<samueldr>
haven't seen the source and I was maybe trying to use the wrong language
<pie_>
hehe
<pie_>
i mean im probably wrong
<samueldr>
oh boy that made me progress a bunch!
<pie_>
to b efair does anyone ever actually expose bash over the network
<pie_>
still not sure why my previous attempts didnt work
<pie_>
howww do i do anything without spacesss
<pie_>
besides reading files yakno
<eyJhb>
gchristensen: ohh you will see what triggers the firewall :D
<samueldr>
heh I was going to reply with a joke... but it's actually a good idea
<samueldr>
so I'm not gonna spoil it
<eyJhb>
Doing floating points are possible :D
<eyJhb>
joepie91[m]: yeah basically :p
<eyJhb>
There is like a 50% possibility I will be waking up to emails from people saying that the posteven challenge do not work.. :p
<pie_>
we are very competent sysadmins
<pie_>
nix prevents us from shooting ourselves in the foot
<pie_>
therefore we will shoot you in the foo
* pie_
bends over backwards trying to figure out how to get a space character when this isnt even the right way probably
<eyJhb>
gchristensen: figured out what triggered the AI? ;)
<gchristensen>
yeah :)
<eyJhb>
pie_ there isn't really a right way of doing things like this! I really enjoyed seeing all the different ways people solved it to the CTF
<pie_>
ok, i mean the easy way :p
* pie_
looks at the manual
<eyJhb>
Ohh.. Yeah, there is always a easy and a hard way. Most did it the hard way
<gchristensen>
_sigh_ I feel my skills have degraded
<eyJhb>
Well some from Gallopsled hated the challenge too (the ones who have created pwntools)
<pie_>
ok i actually have no idea how any of this works lol but im making progress
<eyJhb>
samueldr: did you get the flag?
<samueldr>
I feel sooo dumb
<samueldr>
haven't yet gotten to the contents
<eyJhb>
Btw. the firewall was implemented only, because people were whining about another challenge with a "firewall". Needless to say, they hated us so so much....
<__monty__>
I haven't even been able to get useful output yet.
<gchristensen>
ooOOooooo
<pie_>
lolll
<pie_>
^at firewall
<pie_>
__monty__, took me a while, im still stuck at the only useful output i got :D
<gchristensen>
my latest query has proved fruitful
<samueldr>
oops, I have the rdns of all those playing
<eyJhb>
And that is the reason, that the challenges are pr. team normally :p
<pie_>
rdns?
<pie_>
ah
<pie_>
samueldr, wot :D
<pie_>
samueldr, time to pivot to the next host
<pie_>
can u pivot out of the container tho :3
<samueldr>
you probably shouldn't
<pie_>
im in no position to
<eyJhb>
Hmm, don't know how possible it is to escape the container :p - But will keep at samueldr point :p
<samueldr>
I was chasing geeses!
<samueldr>
I thought the firewall blocked something else
<eyJhb>
Good job samueldr ;) Ohhh :D
<samueldr>
until I isolated the bit that actually was tripping it
<__monty__>
Aren't all containers currently vulnerable to a bug that's equivalent to getting root on the host? (Except for nspawn.)
<pie_>
__monty__, oh?
<eyJhb>
__monty__ the server is already running root, sooooo :p
<pie_>
well i just taught myself a new trick, but its not helping
<samueldr>
so, to answer my question from earlier, it's not devilishly twistedly hard, but it has that one neat m. night shyamalan esque twist that gets you
<eyJhb>
Nice seeing peoples progress. Always reminds me why it is nice working in teams, as everyone has different ideas of doing things
<pie_>
i have no idea why this works
<eyJhb>
Haven't seen a exact alike solution yet
<pie_>
nevermind i have an idea how tis works
<eyJhb>
hahah :p
<pie_>
how a DIFFERENT part works
<pie_>
lol i just googled with the right keywords
<eyJhb>
pie_ what did you get? The writeups? :p
<pie_>
ezpz
<pie_>
no
<eyJhb>
pm solution ? :p
<pie_>
havent solved it yet but i think i got it
<eyJhb>
Oh
<joepie91[m]>
__monty__: you referring to the race condition?
<pie_>
samueldr, guess wot "Your result is: bin dev etc home init.sh lib media mnt nc opt proc root run sbin srv sys tmp usr var"
<samueldr>
progress, then?
<samueldr>
:)
<gchristensen>
ok I found flag.txt eyjhb
<samueldr>
btw I completed it 11 minutes earlier, if it wasn't obvious from the congratulations
<gchristensen>
nicely done :D
<__monty__>
joepie91[m]: Not sure, was fairly recent and everything from docker over kubernetes to lxc was affected except for nspwan.
<eyJhb>
Yeah, that is the exploit linked. Pretty nice of Dragon Sector to discover it! Great guys too
<pie_>
so anyone working on a frontend to eyjhb's shell endpoint yet?
<pie_>
:P
<eyJhb>
Not liking this :p
<pie_>
secure-shell-over-calculator
<pie_>
SOCP shell over calculator protocol
<gchristensen>
I'm using it as a GPL-warranty-notice-as-a-service already
<pie_>
lol
<eyJhb>
When I was at bootcamp this weekend at the danish defense something something something, we spent like 5 minutes trying to cat a directory, because we thought it was a file...
<pie_>
when you think you found flags but actually it was me, eth0! /sys/devices/virtual/net/eth0/flags
<pie_>
eyjhb, lo
<pie_>
l
<pie_>
eyjhb, do you get to just do all this stuff for free
<pie_>
damn danish havin all the fun! ;P
<eyJhb>
Well... Trying to get some money doing it
<eyJhb>
Currently trying to partner up with LEGO
<eyJhb>
pie_ but hey, the project I am working on is open to anyone who wants to contrib ;) Currently I am still in the stage of getting it all organised.. And being able to push releases when I push tags.. Which includes changelogs and files
<eyJhb>
Actually had to build a small docker container for jus that purpose.. Because, Gitlab.. Ha..
<joepie91[m]>
eyjhb: commodore logo is the first thing it reminds me of, somehow
<eyJhb>
samueldr: `/u`?
<eyJhb>
never heard that one before joepie91[m]
<samueldr>
a slash with a weird stout u
<samueldr>
that's what I see when thinking about it, so not much :/
<__monty__>
What I see is a ramp leading to a halfpipe.
Myhlamaeus has joined #nixos-chat
<eyJhb>
This.. Did not confirm my theory of what it looks like
<gchristensen>
what does it look like
<pie_>
the head and arm of a sprawled out stick person
<eyJhb>
When AU (Aarhus University) released this logo on their Facebook page, the first comment was that it looked like a penis. So that is basically my first association with the logo, and the only thing I can see
<gchristensen>
lol
<pie_>
i knew it was going to be a penis but now i see it too
<gchristensen>
I guess :P
<eyJhb>
Needless to say, people are not amused when I point it out to them. There must have been SOMEONE at those meetings just thinking to themself "do not say it, do NOT say it!"
<joepie91[m]>
lol
<samueldr>
oh, cock and balls
<samueldr>
now that you mention it
<gchristensen>
welp
<__monty__>
It's the ernst & young rebranding all over again.
<pie_>
ok now that ive sufficiently nerd sniped myself i should get back to getting food
<pie_>
oh...i didnt even realize getting the flag had another part of the challenge because i just immediately reached for the huge cannon after getting code exec...
<pie_>
xD
<joepie91[m]>
reminds me of the CTF I did at SHA2017
<joepie91[m]>
they had a model train track set up
<joepie91[m]>
wired up to a 'train control panel'
<joepie91[m]>
the challenge was basically to break into that and make the trains crash or so
<joepie91[m]>
was a webapp thing, you were supposed to find typical webapp vulns
<joepie91[m]>
I dug around for a bit, found an exposed .git in the root, grabbed the entire repo with the codebase
<joepie91[m]>
which of course had the DB password
<joepie91[m]>
dug around a bit more, found a phpMyAdmin install
<joepie91[m]>
asked the guys, "hey, is your repo supposed to be public"
<joepie91[m]>
"... uh, whoops"
<joepie91[m]>
"and how about the phpmyadmin instance?"
<joepie91[m]>
"....."
<pie_>
LUL
<joepie91[m]>
apparently the big cannon was not how you were supposed to win the CTF :D
<joepie91[m]>
this was run by a security company, too
<joepie91[m]>
many laughs were had
<pie_>
i did not think of the ".git" vector >_>
<joepie91[m]>
neither did they, apparently :D
<joepie91[m]>
pretty common fuckup in PHP applications
<joepie91[m]>
(because there people just point the webserver at the repo root, and the CGI model does the rest)
<pie_>
its like unsecured .htaccess but different
<joepie91[m]>
combine that with people stupidly checking their credentials into their git repo, et voila
<joepie91[m]>
they also almost invariably run PMA somewhere
<joepie91[m]>
so one dirbuster run later and you basically have the DB
<joepie91[m]>
I have seen sites in the alexa/majestic top 10k that are vulnerable to this <.<
<joepie91[m]>
pie_: anyway, I'll grant those CTF guys that setting up a *physical infrastructure* CTF was a really cool idea
<joepie91[m]>
:P
<pie_>
yeah that would be fun
<pie_>
ok the loot is in /tmp
averell has joined #nixos-chat
<pie_>
i guess the next thing to do would be to write a FUSE filesystem but nahhh
<gchristensen>
always thrilling when my (nixos)laptop makes the Windows 10 login sound on startup
<pie_>
gchristensen, especially when youre actually booting into nixos right
<gchristensen>
yup
<gchristensen>
(the sound comes from the windows10 VM which boots up on login)
<averell>
purely for the kaomoji i'm guessing
<gchristensen>
(ノ◕ヮ◕)ノ*:・゚✧ ✧゚・: *ヽ(◕ヮ◕ヽ)
<joepie91[m]>
lol pie_
<joepie91[m]>
gchristensen: our hackerspace plays a random OS startup sound when it's turned on
<gchristensen>
lol!
<joepie91[m]>
where by 'turned on' I mean that the main switch is flipped, which enables the LED banner, room lighting, light effects, audio system, etc.
<joepie91[m]>
which, uh, let me find a picture of that