LALR parser generator for PHP

I’ve been tinkering forever with parser generators; mostly to get behind how they work and what I can do with them.

A (long) while ago, I found myself in need for a Bison-like parser generator for PHP and there was none.

(more…)

Instructions for down or upgrading Ubiquiti (UniFi) USG

Sometimes it doesn’t work upgrading or downgrading via the UniFi Controller GUI. If that is the case, doing it via the CLI is quite safe and should work without any issues.

Below is a step-by-step guide:

  • Download desired firmware (i.e v4.3.23.4913544)
  • Run FileZilla Client
  • Use sftp://yourfwipaddress with Siteusername and Sitepassword (leave Port blank), then Quickconnect
  • Upload the downloaded firmware upgrade.tar to the connected folder
  • Run PuTTYTerminal (Mac/Linux) or any SSH-client to connect to your firewall
  • Connect using credentials Siteusername and Sitepassword to yourfwipaddress
  • Make sure you are in your homefolder (i.e /home/admin if your Siteusername is Admin)
  • Run sudo syswrapper.sh upgrade upgrade.tar
  • Once fully run device will restart and you will get disconnected from the session
  • Reconnect via browser and fill in the correct WAN IP details if needed
  • Run PuTTYTerminal (Mac/Linux) or any SSH-client to connect to your firewall
  • Connect using credentials Siteusername and Sitepassword to yourfwipaddress
  • Set the inform address again by running set-inform http://yourcontrolleraddress:8080/inform
  • Device will now reconnect to the Controller and Provision with the right settings
  • Done!

Note: This manual procedure can be used regardless if you’re upgrading or downgrading.

Good luck!

Source: Instructions for down or upgrading Ubiquiti (UniFi) USG

Apache Range header vulnerability script

I wrote an upgraded variant of the Apache killer script propagated on Full Disclosure capable of HTTPS requests. Also, other than its descendant, it can follow a server’s initial response for redirection which the original script interprets as the server not being vulnerable.

Script is available here: [Download not found]

This script merely checks for vulnarabilities but will not exploit them.