Imagine that you already have some valid SSL certificate (e.g. from Lets Encrypt with auto-renew, check https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04) and want to use it for your Pritun’s web panel.

Just open main app.py file

mcedit /usr/lib/pritunl/lib/python2.7/site-packages/pritunl/app.py

Find next strings (lines number 146-149)

        server_cert_path = os.path.join(settings.conf.temp_path,
            SERVER_CERT_NAME)
        server_key_path = os.path.join(settings.conf.temp_path,
            SERVER_KEY_NAME)

And replace them (or just comment with #) with

    server_cert_path = '/etc/letsencrypt/live/vpn.sergeybelove.ru/cert.pem'
    server_key_path = '/etc/letsencrypt/live/vpn.sergeybelove.ru/privkey.pem'

And that is all.

March 19th, 2016

Posted In: tricks

2 Comments

Today I want to reborn my blog and share a little and very simple (and new?) trick – how to get RCE on the client side via jsonp in IE (any verison). This technique looks like on “reflected file download” from last BlackHat.

JSONP – a json data with «padding» – some callback function that allows to interact with received data on the client side. It usually needed in situation when we have 2 domains and due SOP we can’t read response from domain B while sending request from domain A.
 A typical example:
<!-- Request sent via a script tag -->
<script src="https://status.github.com/api/status.json?callback=apiStatus"></script>
<!-- Data received as an execution of the predefined function. -->
<script> function apiStatus(data) { console.log(data.status); } </script>
What we know about JSONP threats?
  1. JSONP leaks
  2. XSS via JSON / JSONP callbacks
  3. Advanced vector: “rosetta flash”
  4. ?

(more…)

January 24th, 2015

Posted In: tricks

5 Comments