July 15, 2023
Fast and simple!
systemctl disable systemd-resolved.service
systemctl stop systemd-resolved
echo nameserver 1.1.1.1 > /etc/resolv.conf
echo nameserver 8.8.8.8 >> /etc/resolv.conf
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
July 2, 2023
Just a mind note, as always.
Host *
User gutocarvalho
# keepalive
TCPKeepAlive yes
ServerAliveInterval 10800
# network config
AddressFamily inet
Compression yes
Protocol 2
# log config
LogLevel INFO
# GSSAPI config
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
# checkings
VerifyHostKeyDNS no
StrictHostKeyChecking no
# hosts obfuscation
#HashKnownHosts yes
# ciphers
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
# connection control
ControlPath ~/.ssh/controlmasters/%r@%h:%p
ControlMaster auto
ControlPersist yes
# algoritms
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
## special domain
Host *.domain.ai *.domain.sh *.domain.io
User gcarvalho
Port 2222
IdentityFile /path/to/your/ssh/key
## internal network password
Host 192.168.1.*
User ubnt
Port 22
PreferredAuthentications password
PubkeyAuthentication no
ControlMaster no
## internal network sshkey
Host 192.168.222.*
User ansible
Port 8820
IdentityFile /path/to/your/ssh/key
ControlMaster no
## git services
Host github github.com
HostName github.com
PreferredAuthentications publickey
IdentityFile /path/to/your/ssh/key
User gutocarvalho
Host bitbucket bitbucket.org
HostName bitbucket.org
PreferredAuthentications publickey
IdentityFile /path/to/your/ssh/key
User gutocarvalho
Host gitlab gitlab.com
HostName gitlab.com
PreferredAuthentications publickey
IdentityFile /path/to/your/ssh/key
User gutocarvalho
## other services
Host mastodon-prod
Hostname host.domain.tld
User gutocarvalho
Port 4430
IdentityFile /path/to/your/ssh/key
Host mastodon-dev
Hostname host.domain.tld
User gutocarvalho
Port 4431
IdentityFile /path/to/your/ssh/key
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
June 29, 2023
For more show options
show command [TAB] [TAB]
show
version
show version
configuration
show configuration all
logs with tail-like view
show log tail
network
summary
show interfaces
detailed
show interfaces detail
arp table
show arp
debugging
show debuging
load balancer
status
show load-balance status
watchdog status
show load-balance watchdog
dns
statistics
show dns forwarding statistics
dhcp
leases
show dhcp leases
statistics
show dhcp statistics
ntp
configuration
show ntp
disk usage
show system storage
memory usage
show system memory
processeses
show system processes
uptime
show system uptime
Connections information
show system connections
users
show system login users
defining the network controller
Informing the Controller
set-inform http://unifi_network_controller_ip_here:8080/inform
reset & restore
Resetting to the default config
syswrapper.sh restore=default
refs
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
June 27, 2023
why?
Ubuntu 20.04 certbot package is ancient, the packge offers version 0.40.0 instead the current version is 2.6.x.
I need some resource like —preferred-chain that only exists in the recent version.
let's install it
apt remove certbot -f
installing depencies
apt install python3 python3-venv libaugeas0
creating a venv
python3 -m venv /opt/certbot/
upgrading pip
/opt/certbot/bin/pip install --upgrade pip
installing the plugins
/opt/certbot/bin/pip install certbot certbot-apache certbot-nginx certbot-dns-cloudflare
creating the simbolic link
ln -s /opt/certbot/bin/certbot /usr/bin/certbot
creating a certificate for my zimbra
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare/nativetrail.conf -d '*.nativetrail.io,nativetrail.io' -n --force-renewal --preferred-chain "ISRG Root X1"
That's it ;)
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
June 25, 2023
https://technitium.com/dns/
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
June 25, 2023
create the directory
$ mkdir -p ~/.ssh/controlmasters/
edit your ssh config file
$ vim ~/.ssh/config
at the top (first line, first config) add this
Host *
ControlPath ~/.ssh/controlmasters/%r@%h:%p
ControlMaster auto
ControlPersist yes
that's it!
references
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
June 24, 2023
In this case, the registration is open with review with e-mail validation.
creating the account updates
docker-compose run --rm shell bin/tootctl accounts create updates --email updates@bolha.us --confirmed
confirming the e-mail
docker-compose run --rm shell bin/tootctl accounts modify --confirm updates
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
June 23, 2023
adduser ulysses
pveum user list
pveum user add ulysses@pam
pveum user list
pveum acl modify --roles PVEAdmin --users ulysses@pam
pveum user list
that's it.
just a reminder!
refs
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
June 22, 2023
Don't use RSA or ECDSA, not anymore.
Use ed25519; it's simple, shorter, and more secure!
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/gutocarvalho_ed25519 -C "gutocarvalho@bolha.us"
add to your agent to use easily
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/gutocarvalho_ed25519
ED25519?
Ed25519 is a public-key signature algorithm that was proposed by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang in their paper High-speed high-security signatures (doi.org/10.1007/s13389-012-0027-1) in 2011. More precisely, Ed25519 is an instance of the Edwards-curve Digital Signature Algorithm (EdDSA), where a twisted Edwards curve birationally equivalent to the curve called Curve25519 is used. Curve25599 is a very fast elliptic-curve-Diffie-Hellmann function that was proposed by Daniel J. Bernstein in his paper Curve25519: new Diffie-Hellman speed records in 2006.
Text from: https://blog.peterruppel.de/ed25519-for-ssh/
Why?
There are several aspects that make Ed25519 appealing for authentication in SSH:
Ed25519 is considered to be secure (similar difficulty to breaking a ~3000-bit RSA key).
Creating a new signature with Ed25519 does not require a random input. This is very desirable from a security perspective (see the Playstation3 hack above...).
Ed25519 is resilient to hash-function collisions. This is good because it provides some additional protection in case the selected hash function contained some weakness.
Ed25519 is immune to cache-timing attacks, hyperthreading attacks, and other side-channel attacks that rely on leakage of addresses through the CPU cache. This is also very desirable from a security perspective.
Ed25519 does not use secret branch conditions, i.e., it is immune to side-channel attacks that rely on leakage of information through the branch-prediction unit. Text from: https://blog.peterruppel.de/ed25519-for-ssh/
References
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]
June 22, 2023
sha512 shadow passwords
mkpasswd
$ apt install whois -y
$ mkpasswd --method=sha-512
using openssl
passing password
$ openssl passwd -6 '<password>'
passing both password and salt
$ openssl passwd -6 --salt '<salt>' '<password>'
passing via stdin
$ openssl passwd -6 -stdin
using python
$ python -c 'import crypt; print(crypt.crypt("<password>", crypt.mksalt(crypt.METHOD_SHA512)))'
using ruby
$ ruby -e 'require "securerandom"; puts SecureRandom.alphanumeric(20).crypt("$6$" + rand(36 ** 8).to_s(36))'
normal random passwords
using openssl with hex
$ openssl rand -hex 15
using openssl with base64
$ openssl rand -base64 15
using urandom
$ cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9-_\$' | fold -w 25 | sed 1q
bcrypt
using httpd
$ htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/'
Did you like our content?
We have a lot to share; visit our site!
Our fediverse services ;)
Chat and video? We have it!
And utilities for our community
You can also visit our hacking space!
Follow our founder!
Follow the status of our tools
Do you want to support us? You can!
See you!
[s]