Skip to content

Instantly share code, notes, and snippets.

View kousu's full-sized avatar

Nick Guenther kousu

55 followers · 56 following
  • Asymmetric Research
  • Canada
View GitHub Profile
@kousu
kousu / yubikey4-pkcs11-tool-keygen.log
Created August 8, 2018 17:42
$ OPENSC_DEBUG=10 pkcs11-tool --keypairgen -v
0x7f0cb5988780 13:07:16.819 [opensc-pkcs11] ctx.c:703:process_config_file: Used configuration file '/etc/opensc.conf'
0x7f0cb5988780 13:07:16.820 [opensc-pkcs11] ctx.c:825:sc_context_create: ===================================
0x7f0cb5988780 13:07:16.820 [opensc-pkcs11] ctx.c:826:sc_context_create: opensc version: 0.18.0
0x7f0cb5988780 13:07:16.820 [opensc-pkcs11] reader-pcsc.c:815:pcsc_init: PC/SC options: connect_exclusive=0 disconnect_action=0 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=1
0x7f0cb5988780 13:07:16.821 [opensc-pkcs11] reader-pcsc.c:1282:pcsc_detect_readers: called
0x7f0cb5988780 13:07:16.821 [opensc-pkcs11] reader-pcsc.c:1301:pcsc_detect_readers: Probing PC/SC readers
0x7f0cb5988780 13:07:16.822 [opensc-pkcs11] reader-pcsc.c:1329:pcsc_detect_readers: Establish PC/SC context
0x7f0cb5988780 13:07:16.822 [opensc-pkcs11] reader-pcsc.c:1241:pcsc_add_reader: Adding new PC/SC reader 'Yubico Yubikey 4 CCID 00 00'
0x7f0cb5988780
@kousu
kousu / mod_auth_external.patch
Created January 12, 2018 10:32
diff -r 933049a60ce6 mod_auth_external/mod_auth_external.lua
--- a/mod_auth_external/mod_auth_external.lua Thu Jan 04 11:41:54 2018 +0100
+++ b/mod_auth_external/mod_auth_external.lua Fri Jan 12 05:26:22 2018 -0500
@@ -75,6 +75,15 @@
log("debug", "Started auth process");
end
+ -- Hotfix: lpty has a glitch in some versions: no_local_echo=true is not respected until *after*
+ -- the first read happens, it seems. The first do_query() therefore fails because it reads
+ -- back the query that was sent in, so the first login after restarting prosody -- or after
@kousu
kousu / .procmailrc
Created December 17, 2017 19:43
procmail snippet for auto-binning / auto-filtering mailing lists
# mailing lists
#
# This automatically sorts mail from mailing lists into folders named after the list
# misc@openbsd.org will go into your IMAP Lists/misc folder
# fanciness@lists.riseup.net will go into Lists/fanciness
# (if you need more specific rules, you can tweak or add a rule for your specific lists *ahead* of this rule)
#
# Now, procmail doesn't(?) have capturing groups, closest it has a capturing \/,
# which grabs everything from itself *to the end* of the line* of the match
# (thanks https://serverfault.com/questions/660159/procmail-recipe-with-capturing-group/660571);
@kousu
kousu / google_outbound_smtp
Last active December 17, 2017 07:44
#!/bin/sh
# extract Google's published list of outbound-going smtp servers, for purposes of whitelisting them
# from https://support.google.com/a/answer/60764?hl=en
# the results come back in CIDR notation, so be sure to handle that
# subtlety: i="" on the first iteration, because there is (currently) no _netblocks1, there's just _netblocks
(for i in "" `jot 3 1 3`; do
dig TXT _netblocks$i.google.com @8.8.8.8 +short;
done) |
awk -F ":" -v RS=" " '/^ip4:/ { print $2 }'
@kousu
kousu / journal
Last active August 19, 2017 19:26
Handy personal journal script
#!/bin/sh
# journal
#
# Usage: journal [date]
#
# Spawn your plain-text $EDITOR open to your diary.
# Journal files are arranged in a simple tree hiearchy by date under ~/Journal/.
# If date is given, it is a date string as understood by GNU date;
# you can say for example,
# journal yesterday
@kousu
kousu / README.md
Last active March 3, 2017 21:03
Pare down font files for web use

Sometimes** (**I'm thinking of the web, here, really) you only need a subset of glyphs in a font. A full font file can be pretty bandwidth-heavy.

cut_font will snip a font down to only the characters given on the command line. It will use the same output format as input format. It doesn't handle glyph variations (like italics or bold versions of a font) nor let you choose the output file; sorry about that; patches welcome.

Example

$ ./cut_font Symbola.ttf ≄ a b C D \`
@kousu
kousu / Guide.md
Last active March 2, 2017 06:28
Debugging mailservers by self-MITM

Debugging mail is hard. It's even harder when there's SSL in the way. But we can use unix elbow grease to get around this!

Run socat as a proxy, offloading the SSL processing to openssl in a subshell:

$ socat -v TCP-LISTEN:5877 EXEC:'openssl s_client -connect mail.your.server\:587 -starttls smtp'

Test this is working by, in parallel session

@kousu
kousu / README.md
Last active February 26, 2017 01:50
Extract SMTP credentials by running a fake server

I forgot my email password.

This is a hacked version of smtpd.py which extracts AUTH PLAIN passwords. You can use to it extract passwords from your email clients if you've forgotten them and would rather not try to figure out where they are stored locally: instead, run this and change the host and port your client uses for an SMTP server.

Example run:

[kousu@host ~/src]$ ./smtpd.py -n -d 0.0.0.0:8025
PureProxy started at Sat Feb 25 20:27:17 2017
	Local addr: ('0.0.0.0', 8025)
@kousu
kousu / bsd_thread_syscall_hang.py
Created February 12, 2017 15:15
Unkillable read()s when threads are involved
#!/usr/bin/env python
"""
Unkillable read()s when threads are involved bug:
Set up:
1) run `nc -l 7654 -k` in another terminal
2) run this
3) press control-c
Results:
@kousu
kousu / diproxy.py
Last active February 15, 2017 22:32
#!/usr/bin/env python
# DI's new licensing restriction setup is basically completely forgeable
# the only thing they actually enforce is referer checking
#
# This program sits and does the necessary referer hacking, so that you can still listen to DI.fm on standard internet radio players
#
# TODO:
# - [x] get a full list of DI channels (maybe dynamically even, at boot?)
# - [ ] pretty-up the menu; jinja2?
# - [ ] print bandwidth reports as listeners join and leave