Category Archives: Linux

Automatic letsencrypt wildcard cert renewal with nsupdate

I’m using a wildcard cert from letsencrypt. Currently there is only one way how to verify that you hold the domain you are requesting cert for: creating TXT record in that domain. You can do it by hand when asked by certbot but you don’t want to do this each 90 days. If you are running your own DNS servers with PowerDNS like me there’s an elegant solution: RFC2136. This allows you to update your zones without writing config files and restarting anything.

Continue reading Automatic letsencrypt wildcard cert renewal with nsupdate

My git cheatsheet

Show git log as tree

$ git log --oneline --graph --decorate --all
| * 0255f78c (HEAD -> qmtech, my/qmtech) added support for qm_xc6slx16_sdram board
| * dae037cf (my/spisingle, spisingle) added spi 1-bit mode, code from litex
|/
* 1325aff6 (origin/master, origin/HEAD, master) correctly use result of Record.connect in Converter (#81)

Rebasing

$ git rebase --onto master spisingle qmtech
First, rewinding head to replay your work on top of it...
Applying: added support for qm_xc6slx16_sdram board

$ git log --oneline --graph --decorate --all
* 37d2eff0 (HEAD -> qmtech) added support for qm_xc6slx16_sdram board
| * 0255f78c (my/qmtech) added support for qm_xc6slx16_sdram board
| * dae037cf (my/spisingle, spisingle) added spi 1-bit mode, code from litex
|/
* 1325aff6 (origin/master, origin/HEAD, master) correctly use result of Record.connect in Converter (#81)

Push changed branch

$ git push my qmtech -f
Counting objects: 7, done.
Delta compression using up to 12 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 1.86 KiB | 1.86 MiB/s, done.
Total 7 (delta 5), reused 0 (delta 0)
remote: Resolving deltas: 100% (5/5), completed with 5 local objects.
To https://github.com/danielkucera/misoc.git
+ 0255f78c...37d2eff0 qmtech -> qmtech (forced update)

$ git log --oneline --graph --decorate --all
* 37d2eff0 (HEAD -> qmtech, my/qmtech) added support for qm_xc6slx16_sdram board
| * dae037cf (my/spisingle, spisingle) added spi 1-bit mode, code from litex
|/
* 1325aff6 (origin/master, origin/HEAD, master) correctly use result of Record.connect in Converter (#81)

Getting root access on ZyXEL VMG1312-B30B

Nothing special, just use undocumented command sh and you are there (I found it out by a mistake):

danman@silverhorse:~$ nmap 10.0.0.138

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-26 22:54 CEST
Nmap scan report for 10.0.0.138
Host is up (0.013s latency).
Not shown: 996 closed ports
PORT   STATE SERVICE
21/tcp open  ftp
22/tcp open  ssh
23/tcp open  telnet
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 3.14 seconds
danman@silverhorse:~$ telnet 10.0.0.138
Trying 10.0.0.138...
Connected to 10.0.0.138.
Escape character is '^]'.
ZyXEL VDSL Router
Login: admin
Password: admin
 > help
?
help
logout
exit
quit
reboot
adsl
xdslctl
xtm
brctl
cat
loglevel
logdest
virtualserver
ddns
df
dumpcfg
dumpmdm
meminfo
psp
kill
dumpsysinfo
dnsproxy
syslog
echo
ifconfig
ping
ps
pwd
sntp
snmp
sysinfo
tftp
wlctl
arp
defaultgateway
dhcpserver
dhcpcondserv
dns
lan
lanhosts
passwd
ppp
restoredefault
route
save
swversion
uptime
cfgupdate
swupdate
exitOnIdle
wan
rip
igmp
wlan
telnetd
natp
sysstate
sipalgctl
celld
autoexec
fileShare
igmp
btt
ledctl
 > sh
shell Password: admin
~ # ls
bin         etc         linuxrc     proc        tmp         vmlinux.lz
data        firmware    mnt         sbin        usr         webs
dev         lib         opt         sys         var

Continue reading Getting root access on ZyXEL VMG1312-B30B

$2 USB crypto token for use with GPG and SSH

If you are interrested in security devices this post may be for you. Recently I’ve found a software which makes a GPG security device out of a STM32. It’s called Gnuk. You just need a compatible board, programmer, flash the firmware and you are ready to go. I was just hoping to find some cheap device to flash to play with it.

Continue reading $2 USB crypto token for use with GPG and SSH