When I try to ping Solr, I get a failure only in IE.
if (!$solr->ping()) {
echo 'service not available';
}
The connection is identical when using var_dump in both IE and other browsers. It's running on the standard Solr port, localhost, and the path is correct. Unsure how a different browser would affect a connection to Solr.
Solr Specification Version: 1.4.1.2011.09.12.09.25.21
Oddly enough, it seems that allow_url_fopen not being enabled was the root cause of this issue. Unrelated, seemingly, so I'd assume the issue was with the WordPress plugin used. I'd have to guess some odd implementation made this fail silently and cause issues only in IE.
Probably too specific to my case to help others, but thought I'd share.
Related
I am trying to understand/reproduce Log4shell vulnerability, using this poc and also information from Marshalsec.
To do that, I've downloaded Ghidra v10.0.4, which is said (on Ghidra download page) to be vulnerable to log4shell. Installed it on an ubuntu VM, along with java 1.8 (as stated in POC), and loaded the Poc + marshalsec snapshot.
Tried to start Ghidra, it said java 11 was needed, so although I've installed java 1.8 I still downloaded java 11 and, when you start ghidra, it says the installed version is not good enough and ask for the path to a java11 version; so I just gave him path to the jdk11 directory and it seems happy with it. Ghidra starts alright.
Then set up my listener and launched the poc, got the payload string to copy/paste in ghidra, and got a response in the ldap listener saying it'll send it to HTTP. But nothing more. The end.
Since the HTTP server is set up by the same POC, I thought maybe I just couldn't see the redirection, so I started the http server myself, started the ldap server myself with marshalsec, and retried (see pics below for exact commands/outputs).
Setting http server:
Set listener:
Setting LDAP server:
Send payload string in Ghidra (in the help/search part, as shown in kozmer POC); immediately got an answer:
I still receive a response on the LDAP listener (two, in fact, which seems weird), but nothing on the HTTP. The the Exploit class is never loaded in ghidra (it directly sends me a pop-up saying search not found, I think it is supposed to wait for the server answer to do that?), and I get nothing back in my listener.
Note that I don't really understand this Marshalsec/LDAP thing so I'm not sure what's happening here. If anyone have time to explain it will be nice. I've read lot of stuff about the vuln but it rarely goes deeply into details (most is like: the payload string send a request to LDAP server, which redirect to HTTP server, which will upload the Exploit class on the vulnerable app and gives you a shell).
Note: I've checked, the http server is up and accessible, the Exploit.class file is here and can be downloaded.
Solved it.
Turned out for log4shell to work you need a vulnerable app and a vulnerable version of Java; which I thought I had, but nope. I had Java 11.0.15, and needed Java 11 (Ghidra need Java 11 minimum, only vulnerable version of Java 11 is the first one).
Downloaded and installed Java 11, POC working perfectly.
I want to enable logging of MAC adresses as well as hostnames using Bro. I have been using Bro for a while, but I am still a bit new to it.
Version: Bro 2.5.1
From researching this a bit, I found that I can log this by enabling policy/protocols/dhcp/known-devices-and-hostnames.bro but for this, I also need to enable policy/misc/known-devices.log.
This will then log to a devices.log.
Now the problem I am experiencing is that from those files, is that this will only be logged once a day (by default).
I need this to be logged more frequently (as soon as there is the specific connection, I want that connections mac address and hostname to be logged. Is this possible?
If possible, do I need to change the defaults and where?
Or did I possibly miss something?
Try a redef of Log::default_rotation_interval (docs here) to something that suits your need. If you're running a cluster, consider the LogRotationInterval in BroControl.
We face the "net::ERR_INCOMPLETE_CHUNKED_ENCODING" errors on our production site and cant find any working solution. StackOverflow is full of questions on this subject and we tried this and that but no working solution found. Our system is based on Symfony2+PHP5.6+Apache 2.4.x running on CentOS7.
Symptoms are that app is working fine when server starts ... but after some time the browser reports "net::ERR_INCOMPLETE_CHUNKED_ENCODING" errors and doest show certain pages (because they are loaded incompletely). Restarting apache fixes this for some time but it appears again soon. StackOverflow contains a lot of different hints that doesnt help us to understand the source of the problem. Can anyone give us some REAL hint here?
After further investigation I found out that server sends incorrect content-lenght information to browser for some reasons and its the source of the error.
To adjust this I have enabled content gzipping by adding 'SetOutputFilter DEFLATE' to Apache config file see details here http://httpd.apache.org/docs/2.4/mod/mod_deflate.html . This simple setting caused 'ERR_INCOMPLETE_CHUNKED_ENCODING' error to disappear and apps are working correctly for now. Whats more by gzipping the content the bandwidth dropped significantly.
In the context of a Controller in Drupal 8 (works for Symfony Framework as well) this solution worked for me:
$response = new Response($form_markup, 200, array(
'Cache-Control' => 'no-cache',
));
$content = $response->getContent();
$contentLength = strlen($content);
$response->headers->set('Content-Length', $contentLength);
return $response;
Otherwise the response header 'Transfer-Encoding' got a value 'chunked'. This may be a problem for some browsers.
I need to test a change in our application's DNS retry behavior.
It previously switched into another mode to report the issue to the end user, but we've found a bug when the retry attempt worked, it would proceed to try loading the now-found far-end service in that "error reporting" mode.
To fix this, we have disabled the switch to the error reporting mode, and expect that on a successful retry we will load into the expected mode.
Thus, I need DNS (rndc/named) to fail once, and only once, and provide a successful result on the second attempt.
The only thing I can think is to run a large load test, and hope DNS fails like this at some point... But I am hoping someone on here might know of a better solution.
Maybe a way to block the connection attempt once ? The DNS server is part of the application, though, so it would be blocking the connection to localhost.
for sure you can use docker/vm/dedicated os, change its dns settings and use it as a dns resolver. it will be probably a lot of work to script it but it seems possible. but before it i would look for some dns mock service/server
I have dowloaded latest version of genymotion with proxy server 2.2.2 and while connecting i am getting invalid reply from server (do you use a proxy?). I am not using proxy for sure. Any ideas?
Answer, its all about the http proxy server on the genymotion settings just UNCHECK on the genymotion setting or remover the http proxy server by UN-ticking the ability to enter HTTP PROXY and PORT let it be blank by unckecking hence login your credentials, if it doesn't work try confirming you email with genymotion.
In my case I went to Settings > Network > I checked "Use HTTP Proxy" and I filled the Http Proxy and port fields (with company proxy valid values).
After that I connect smoothly as silk.
I had the same problem in ubuntu and after some struggle when i was almost giving up i stop the docker (had one instance running in port 3337 in my PC) and for my surprise it's finally work.
I had a similar issue (invalid reply from server without Proxy, on a highly customized and quite broken ubuntu 16.04). nothing of the above helped. (seemingly)
Then I visited this site:
http://qaru.site/questions/835901/genymotion-stuck-on-splash-screen
(well, you have to let google translate it, if you are not russian)
the error described there is completely different. (computer crash resulting in different networking issues)
but it had one thing in common with my case:
everything worked fine, and then suddenly: SOME NETWORKING ERROR - without reason
well, for me, the solution was the same as described on the russian page:
removing a (corrupted?!) conf file.
the conf file was at (my home folder)/.config/Genymobile/Genymotion.conf
i deleted it (i had to do it with root, because the file was owned by root, but this might have been the case because i messed a bit with genymotion...)
Then, i restarted genymotion and logged in again and it worked like a charm.
I had to allow Genymtion.exe in windows firewall. I'm using v3
Had the same problem, managed it using a VPN.