Show newer
℉ⅈℕℹℸℽ

Guacamole is the interface I deploy to let folks interact with the range easily. It is not easy to configure automatically... There's a simple user config file, but it is intentionally extremely simple. If you want to deploy Guacamole via configuration as code, you need something more powerful. I created this to do that:
github.com/kc0bfv/guacamoleRES

Show thread
0
℉ⅈℕℹℸℽ

Jetty is kinda vulnerable... It doesn't use log4j logging by default, but it does come with a drop-in logging replacement module that uses log4j. By default... Even the current versions of Jetty for download will, when enabling this module, download vulnerable log4j. The people making Jetty don't seem to realize this yet. I have no idea if anyone uses the replacement module. But I did!

Show thread
1
℉ⅈℕℹℸℽ

Solr is vulnerable if you grab the right version from Docker Hub (8.8.0 works nicely). But - the Java executable in there is from within the last few years, and those all disallow remote code includes via JNDI... So by default it's not going to give you RCE - at least not with the method commonly cited.

Show thread
1
℉ⅈℕℹℸℽ

I learned some things.

Show thread
1
℉ⅈℕℹℸℽ

Mostly done with my range - Terraform and Ansible deploy it to AWS so you can play around with log4shell.

github.com/kc0bfv/log4j_range

1
℉ⅈℕℹℸℽ

youtu.be/jTM9-nudFBA

Great little short.

0
℉ⅈℕℹℸℽ

Rough morning for somebody.

0
℉ⅈℕℹℸℽ

I35 in Kansas miles 40-60 always fly past. In either direction you come out of hours of placid plains into comparably dazzling suburbia of Wichita. I can't help but look around almost in wonder, my mind soaking in the distraction. By the time I catch my bearings we're out the other side driving through the fields again.

0
℉ⅈℕℹℸℽ

This party monster massacred the other decor...

0
℉ⅈℕℹℸℽ boosted
𝕾𝖕𝖎𝖓𝖆𝖟𝖎𝖊
1
℉ⅈℕℹℸℽ

Thanks Reddit

1
℉ⅈℕℹℸℽ boosted
Kingu Platypus :verified_paw:
0
℉ⅈℕℹℸℽ

I spent way too long on Elastic given that their docs say it isn't exploitable due to mitigations... Oh well.

Show thread
0
℉ⅈℕℹℸℽ

Spent a few hours last night trying to get RCE on fresh ElasticSearch, Jetty, and Solr (not enough time on this one) installs. But no luck.

1
℉ⅈℕℹℸℽ boosted
Developer Memes

"Can you find the optimal route for the trolly?"

submitted by mstjepan

0
℉ⅈℕℹℸℽ

Morning leaving Colorado

0
℉ⅈℕℹℸℽ

Support this week, and your donation will pack double the punch with an automatic 2X match... eff.org/power-up

0
℉ⅈℕℹℸℽ

US Pol (Roe v Wade) 

Supreme court might eliminate RvW? Make it a law. That's the right way to do these things anyway. (I understand the complication around this, but if it's ever gonna happen this is the best time I've seen so far)

0
℉ⅈℕℹℸℽ boosted
Ken Fallon (PA7KEN, G5KEN)

CQ CQ CQ Want to learn CW. I do have a straight key and want to use it on Linux.

How can I physically connect it ? Do I just treat it as a switch and implement hardware debounce ? Or use a GPIO on a pi(w), or hacking a old mouse to replace right click, a ESPxx with a HID interface ?

Advice on this would be appreciated ?

1+
℉ⅈℕℹℸℽ

lobste.rs/s/waahpl/jumping_air

ESET looks at that jumps the air gap - how the samples they know about work, and general measures.

0
Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy