firefart
Repos
60
Followers
785
Following
22

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

545
31

Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration

248
21

Dirty Cow exploit - CVE-2016-5195

C
685
389

Take screenshots of websites and create PDF from HTML pages using chromium and docker

53
4

docker-compose setup to run request tracker

13
11

my goto docker image when playing ctfs with all the tools I need

11
1

Events

Created at 17 hours ago

auto update from github actions

Created at 23 hours ago

Bump golang.org/x/crypto from 0.2.0 to 0.3.0 (#374)

Bumps golang.org/x/crypto from 0.2.0 to 0.3.0.


updated-dependencies:

  • dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 days ago
pull request closed
Bump golang.org/x/crypto from 0.2.0 to 0.3.0

Bumps golang.org/x/crypto from 0.2.0 to 0.3.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 2 days ago
issue comment
Adds LF after the work end

thanks!

Created at 3 days ago

Adds LF after the work end (#373)

  • typo

  • Reformat: Add \n after the end

Co-authored-by: firefart 105281+firefart@users.noreply.github.com

Created at 3 days ago
pull request closed
Adds LF after the work end
Created at 3 days ago
closed issue
.
Created at 4 days ago

auto update from github actions

Created at 5 days ago
issue comment
Missing PPA for Ubuntu Kinetic (22.10)

Is this still happening? I havent updated to the newest PPA yet.

jep, still resulting in a 404

Created at 6 days ago
issue comment
adding 192.88.99.0/24 to range-scan command?

This IP block is owned by Hurricane: https://ipinfo.io/AS6939/192.88.99.0/24

I guess the tutorial you read uses some services from them and this is the range they provide it in, but this is nothing private that's not routed on the internet

Created at 1 week ago
closed issue
adding 192.88.99.0/24 to range-scan command?

According to this configuration example with blocked private and multicast addresses, maybe it's a good idea to add 192.88.99.1 and 192.88.99.254 to range-scan command?

Created at 1 week ago

auto update from github actions

Created at 1 week ago
closed issue
Issue with retrieve some emails coming from Outlook

Hi,

sometimes RT can not retreive emails sent to our support address, when they are coming from Outlook. They will not show up in RT and no notification is generated to the watchers/admin of the queue.

I activated the debug log: https://pastebin.com/s0yA3aVm

It is reproduceable for example with my personal email account when sending out of Outlook. We have an web interface on our email server (Kopano) and when sending with my email address from that, the issue does not occure. The log says something about attachment, but I did not send any attachment with it.

More curious: If I setup my email postbox in an Outlook of one of my colleagues (same Version: Outlook 2013, 15.0.5501.1000), it works! So, It thought my Outlook is buggy, and reinstalled my Outlook (uninstall + MS removal tool), but the issue is still there.

I thought that maybe only my "email+Outlook" combination is affected, however as it turns out, we had the same issue with an other colleague yesterday. Probably more colleages are affected so I disabled the IMAP retrieve functionallity and put in a rule just to forward the emails sent to our support email to us watchers/admins of the queue

getmailrc config:

[retriever]
#type = SimpleIMAPSSLRetriever
type = SimpleIMAPRetriever
server = 192.168.xxx.yy
username = <username>
password = <password>
mailboxes = ("INBOX",)

[destination]
type = MDA_external
path = /opt/rt5/bin/rt-mailgate
user = rt
group = rt
# 8080 is the mailgate vhost
arguments = ("--url", "http://nginx:8080/", "--queue", "Allgemein", "--action", "correspond",)

[options]
read_all = false
delete = true
verbose = 1

Any idea?

Thanks!

Created at 1 week ago
issue comment
Issue with retrieve some emails coming from Outlook

Hi, this looks like bug in rt itself as it generates invalid insert statements. Getting support from them is pretty hard but you can try over here: https://rt.bestpractical.com/

I think this has nothing to do with the docker setup, sorry.

Created at 1 week ago
closed issue
Error: the server returns a status code that matches the provided options for non existing urls
➜ gobuster dir --url https://host.com --wordlist $WORDLISTS/patterns.txt                      
===============================================================
Gobuster v3.3
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     https://host.com
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                patterns.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.3
[+] Timeout:                 10s
===============================================================
2022/11/17 18:31:47 Starting gobuster in directory enumeration mode
===============================================================
Error: the server returns a status code that matches the provided options for non existing urls. https://host.com/52414aa3-e124-418c-abfc-2b6136996a92 => 200 (Length: 9364). To continue please exclude the status code or the length

Not sure I understand what that error means. I understand I can bypass it by --exclude-length 9364 but that feels cryptic.

What is the the meaning of the error?

Created at 2 weeks ago
issue comment
Error: the server returns a status code that matches the provided options for non existing urls

That the url https://host.com/52414aa3-e124-418c-abfc-2b6136996a92 is producing a HTTP 200 (which obviously does not exist) and there is no way gobuster can detect if it's a hit or not so you need to reconfigure your settings.

Created at 2 weeks ago

Bump golang.org/x/crypto from 0.1.0 to 0.2.0 (#368)

Bumps golang.org/x/crypto from 0.1.0 to 0.2.0.


updated-dependencies:

  • dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
Bump golang.org/x/crypto from 0.1.0 to 0.2.0

Bumps golang.org/x/crypto from 0.1.0 to 0.2.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 2 weeks ago

auto update from github actions

Created at 2 weeks ago
opened issue
security/tor: allow for control port exposure

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [x] When the request is meant for an existing plugin, I've added its name to the title.

Currently the TOR control port is only available on localhost. It would be great to have an advanced option to expose the port on the local network by selecting the interfaces so the tor deamon can be remotely controlled

Created at 2 weeks ago

Bump golang.org/x/term from 0.1.0 to 0.2.0 (#369)

Bumps golang.org/x/term from 0.1.0 to 0.2.0.


updated-dependencies:

  • dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
Bump golang.org/x/term from 0.1.0 to 0.2.0

Bumps golang.org/x/term from 0.1.0 to 0.2.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Created at 2 weeks ago
closed issue
LDAP support

Hi,

is there any LDAP support? If I enable the LDAP Auth Config the container tells me in the logs, that the plugin is not enabled/installed.

rt_1          | Can't locate Net/LDAP.pm in @INC (you may need to install the Net::LDAP module) (@INC contains: /opt/rt5/sbin/../local/lib /opt/rt5/local/plugins/RT-Extension-MergeUsers/lib /opt/rt5/local/plugins/RT-Extension-TerminalTheme/lib /opt/rt5/sbin/../lib /usr/local/lib/perl5/site_perl/5.36.0/x86_64-linux-gnu /usr/local/lib/perl5/site_perl/5.36.0 /usr/local/lib/perl5/5.36.0/x86_64-linux-gnu /usr/local/lib/perl5/5.36.0) at /opt/rt5/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm line 51.

https://docs.bestpractical.com/rt/5.0.0/RT/Authen/ExternalAuth/LDAP.html

Maybe only RUN cpan -i RT::Authen::ExternalAuth has to be added to the Dockerfile?

Created at 2 weeks ago
issue comment
LDAP support

awesome thanks!

Created at 2 weeks ago