Technology Errors

svn co Error: Server certificate verification failed: issuer is not trusted

When attempting to sync a repo to a server or to your desktop you will receive an error if the certificate being used to protect the HTTPS repository URL is not issued by the proper authority. Many companies generate their own certificates for repository URL’s especially if the repository is primary used internally. In this example I was attempting to sync a repository using SVN to a folder on the desktop of my Macbook Pro running OSX Mountain Lion. Below I describe the error in more detail followed by resolution to the svn certificate error.

Technology Insights

SVN Mountain Lion

I needed to use SVN on a new installation of Mountain Lion OSX on my Macbook Pro and initially assumed it would be there because I already had Xcode installed however it was not or was not located in my path. After playing around in the Xcode interface for a moment I located the Command Line Tools package available for download which ended up installing svn on the command line. Below I describe how to verify if SVN is installed on OSX and explain how to install it if it does not already exist.

Information Security

SQLMap won’t enumerate databases

Well, I run with psymera a CTF game and we are constantly adding new VMWare machines and new tests just to keep on playing and not get bored. As part of a internal training where I work I started to create some videos on how to use SQLMap (I promise to upload here shortly in a big rant about it) so I started on what everyone does: update your version.

And something interesting happened, sqlmap enumeration broke (gorgeous) but it didn’t look much like it, it baffled me at first, so much that I had to do all by hand and asked psymera if he changed something, he said no.

So this is the info of the updated sqlmap version to that date:

bash

  1. root@fsckOSX:/pentest/database/sqlmap# svn info
  2. Path: .
  3. URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
  4. Repository Root: https://svn.sqlmap.org/sqlmap
  5. Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
  6. Revision: 4380
  7. Node Kind: directory
  8. Schedule: normal
  9. Last Changed Author: stamparm
  10. Last Changed Rev: 4380
  11. Last Changed Date: 2011-09-19 12:08:08 -0700 (Mon, 19 Sep 2011)

the SVN rev is 4380, latest at Sep 19th, here is the example of a run against the vulnerable web server with this revision.

Technology Insights

How to Get Email Notifications from Subversion on Commits

I recently was asked by some guys on my team if it was possible to get email notifications for every commit to svn with a description of what was removed, what was committed and a diff if possible. Now it seems like this would be easy and maybe even built into subversion so I checked into that first. There was a ruby script which can be made as a hook-script which is supposed to send email notifications. I spent quite some time trying to get it to work and didn’t have much luck so I decided to research some other options. I ran across a python program which was written specifically for this task called svnmailer.

Below I will detail the steps needed to get svnmailer working on your system: