Skip to content

Instantly share code, notes, and snippets.

ship it

Mark Janssen praseodym

ship it
View GitHub Profile
praseodym /
Last active January 4, 2023 08:16
Exploit for VMware vCenter Directory Service (vmdir) - CVE-2020-3952 / VMSA-2020-0006

Exploit for VMware vCenter Directory Service (vmdir) - CVE-2020-3952 / VMSA-2020-0006

This is my proof-of-concept exploit code for the VMware vCenter Directory Service (vmdir) sensitive information disclosure vulnerability (CVE-2020-3952 / VMSA-2020-0006).

It turns out that the vmdir service, which provides an LDAP directory server (and more), allows anonymous LDAP connections (also called LDAP binding) in the ACL MODE: Legacy configuration that is present after upgrading from vCenter 6.5. While the LDAP tree doesn't expose password hashes for administrative users, it does expose the VMware SSO server's SAML identity provider (IdP) certificates and private key. This key can be downloaded and used to sign arbitrary SAML responses, allowing an attacker to

praseodym /
Last active November 13, 2022 13:05
# Certificate Signing Request Generator
set -e
if [ $# -lt 1 ]; then
echo "Usage: $0 hostname [alt.hostname1] [alt.hostname2]"
exit 1
praseodym / config.gateway.json
Created December 18, 2016 14:39
UniFi Security Gateway configuration
View config.gateway.json
"firewall": {
"all-ping": "enable",
"broadcast-ping": "disable",
"group": {
"address-group": {
"authorized_guests": {
"description": "authorized guests MAC addresses"
"guest_allow_addresses": {
praseodym /
Last active June 7, 2021 16:38
JDK8 AES-GCM code example
import javax.crypto.*;
import javax.crypto.spec.GCMParameterSpec;
import java.nio.ByteBuffer;
import java.util.Arrays;
public class AESGCMUpdateAAD2 {
// AES-GCM parameters
public static final int AES_KEY_SIZE = 128; // in bits
praseodym / common_tasks_apt.yml
Created November 3, 2016 20:06
Ansible examples
View common_tasks_apt.yml
- name: ensure wheezy-backports is present
apt_repository: repo="deb wheezy-backports main contrib non-free" state=present update_cache=yes
when: ansible_distribution_release == 'wheezy'
- name: ensure jessie-backports is present
apt_repository: repo="deb jessie-backports main contrib non-free" state=present update_cache=yes
when: ansible_distribution_release == 'jessie'
praseodym / ingress-nginx.yaml
Last active April 30, 2020 21:54
Linkerd 503 Service Unavailable repro
View ingress-nginx.yaml
apiVersion: v1
kind: Namespace
labels: ingress-nginx ingress-nginx
name: ingress-nginx
kind: ConfigMap
praseodym /
Created April 26, 2020 12:59
Java tool to migrate JSR310 java.time.LocalDate serialized as bytea in PostgreSQL to proper date column
import java.sql.*;
import java.time.LocalDate;
public class Migration {
public static void main(String[] args) throws Exception {
String url = "jdbc:postgresql://joost.chnet/choice?ssl=true&sslrootcert=wisvch.crt";
Connection conn = DriverManager.getConnection(url, "user", "password");
View kind-config.yaml
kind: Cluster
- role: control-plane
- role: worker
- role: worker
- role: worker
View ingress-nginx.log
NGINX Ingress controller
Release: 0.30.0
Build: git-7e65b90c4
nginx version: nginx/1.17.8
W0301 00:31:38.725688 8 flags.go:260] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
View kubespray-fix-ignite-ubuntu.patch
diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml
index aec6d78b..e16b9c6e 100644
--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@@ -59,9 +59,17 @@
- need_bootstrap.rc != 0
-# Workaround for
-- name: Install dbus for the hostname module