Linux: Find max uidNumber on LDAP

Whenever you want to add a new user you must make sure that the uidNumber is set to a unique number, if you have many users it could sometimes take a while to find which is the last uidNumber set to a user, to find the last uidNumber run this.

ldapsearch -H ldaps://your-ldap-domain -D "cn=Manager,dc=domain,dc=com" -W | awk '/uidNumber: / {print $2}' | sort | tail -n 1

Read More

GitList vulnerable to eval hack

GitList a popular self-hosted git repository viewer is vulnerable to a very serious bug in their core application. It allows for URL command evaluation to be run by any user able to view their repos.

A common installation on a domain looks like this

It’s easy to spot a vulnerable installation by just looking at the footer, if you see “Powered by GitList” odds are it’s vulnerable. Non vulnerable are usually have the version number in the footer like “Powered by GitList 0.4.0”

To exploit this simply find a repo and append a string like the following.""`ls -lah`

After you will see a listing of all the files in the repo directory. ls -lah can be any system command.

This vulnerability got fixed in later version but it is still much out there in the wild. A simple google search:

"Powered by GitList"

Results in thousands of results of people running this software. If you have this somewhere, you must update it.

Read More

Linux: Allow git repo push over ssh without allowing shell access

If you have a git repo on a server and allow users to push over ssh using their public keys, then you might want to add this to every entry on the authorized_keys file on .ssh

For each ssh pub key on authorized_keys pre-append this


Where .gitserve is a script allowing only git commands to be executed


exec git-shell -c "$SSH_ORIGINAL_COMMAND"

Read More

Linux: Remove Byte-Order-Mark (BOM) from files

Oh no there are BOMs in your files! No not BOMBS, BOMs. These sometimes are accidentally added by some IDEs depending on how the settings are configured. One easy way of removing them is this.

First lets find all these BOMs. This will recursively find any files(excluding binary) and list only those having a BOM

grep -rlI $'\xEF\xBB\xBF' . 

If you find any files you might want to de-BOM then pip the output through xargs and vim to remove it

grep -rlI $'\xEF\xBB\xBF' . | xargs vim -c "set nobomb" -c wq!

And just like that all BOMs are gone.

Read More

Linux: Release server cached memory

So your hacking away on your linux box when suddenly you notice that you only have 200MB out of 32GB available RAM, you freak out and pull out your hair as you don’t know what could possibly be using so much RAM. Don’t panic, this is normal your box just has most of the memory cached. It doesn’t pose any danger as your system will free it up automatically as you need it. In case you need it here is how to free up all of the cached memory.

free && sync && echo 3 > /proc/sys/vm/drop_caches && free

Read More

Linux: Forward remote port to localhost port over ssh

There are times when you need to access a service on a remote server that does not have a firewall rule in place to allow direct connection from your end. If you have ssh access you can do the following.

In this examples we want to forward remote mysql server port 3306 to our machine(host) 3310

On host:

ssh -f -L3310:localhost:3306 sshUser@remoteserver -N

Test, backup remote DB through forwarded port:

mysqldump -P 3310 -h -u mysql_user -p database_name > backup.sql

Read More

Linux: Remove files cached on disk


Sometimes you have to delete files on disk to free up space, you proceed to remove it only to find that it didn’t actually free up any space. This usually means that files are being held against their will by some process, to view these files being held run

lsof -n | grep -i deleted

Sample output

mysqld 13493 mysql 4u REG 202,1 0 271066 /tmp/ibicpkpG (deleted)
mysqld 13493 mysql 5u REG 202,1 0 271289 /tmp/ibEqTjw4 (deleted)
mysqld 13493 mysql 6u REG 202,1 0 271290 /tmp/ibsiLjDs (deleted)

From here just restart the process and it should free up those files

Read More