bind – DNS server query by the registry of my domain name is fine. But browser cannot fetch my website by its address

When I query my DNS server by the website of the the registry of .com** top-level domains, I can see that my DNS server is found:

Query
Domain: example**.com**
Answer:
Following name-servers have been defined in **NIC DNS for your domain:

1. ns.example**.com**

IP addresses defined for NS servers in **NIC DNS (glue records):

1. ns.example**.com**. *4.*41.2*.1*4
Name Server: "ns.example**.com**"
List of defined name-servers in this name server is SYNC with the list of name-servers which has been defined in **NIC name-server.

List of name-server from this server:

1. ns.example**.com**

SOA detail from this server:

localhost. root.localhost. (
                    2021053002  ; Serial
                    10800   ; Refresh
                    3600    ; Retry
                    604800  ; Expire
                    86400 ) ; Minimum TTL

But on any network, the web browsers are not able to show my website by its example**.com** address.

What are my options to debug my DNS server? Thanks!

google cloud platform – Unable to push docker image into GCP container registry [permission error]

I am trying to push a docker image into my container registry on google cloud platform. I am able to build my image successfully on my local machine. I tried the following command:

sudo docker push eu.gcr.io/$PROJECT_ID/$CONTAINER_NAME

I get a permission denied error:

unauthorized: You don’t have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

I tried following the steps in the provided link, specifically the gcloud credential helper instructions. I also tried gcloud auth configure-docker and gcloud auth login, all to no avail. Regarding IAM permissions my personal email is listed as Owner and Storage Admin role. I also have manually set up a service account with Owner and Storage admin roles. My $GOOGLE_APPLICATION_CREDENTIALS environment variable points to a json file extracted from this manually created service account. gcloud auth configure-docker provides the following output:

WARNING: Your config file at [/home/awa5114/.docker/config.json] contains these credential helper entries:

{
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    "eu.gcr.io": "gcloud",
    "asia.gcr.io": "gcloud",
    "staging-k8s.gcr.io": "gcloud",
    "marketplace.gcr.io": "gcloud"
  }
}
Adding credentials for all GCR repositories.
WARNING: A long list of credential helpers may cause delays running 'docker build'. We recommend passing the registry name to configure only the registry you are using.
gcloud credential helpers already registered correctly.

At this point, I really don’t understand why I am getting denied permission to push this image into the container registry. Any help would be most welcome. Thanks very much.

windows – Why am i seeing IFEO debugger registry, whenever svchost.exe -k gpsvcgroup?

As we all know IFEO settings are stored in the Windows registry. The intention of creating the IFEO registry key is to give developers the option to debug their software. However, adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by Image File Execution Options (IFEO) debuggers.

While looking for a similar execution I could see

Process path: svchost.exe -k gpsvcgroup

Registry : HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsWerfault.exe

Does anyone have an idea why I am seeing this and if this is legit? I am unable to find anything on the internet which says svchost.exe can use werfault.exe

werfault.exe belongs to wer services used for error reposting, which is legit.

Node.js Service Registry – Code Review Stack Exchange

  register(name, version, ip, port) {
    this.cleanup();
    const key = name + version + ip + port;

    if (!this.services(key)) {
      this.services(key) = {};
      this.services(key).timestamp = Math.floor(new Date() / 1000);
      this.services(key).ip = ip;
      this.services(key).port = port;
      this.services(key).name = name;
      this.services(key).version = version;
      this.log.debug(`Added services ${name}, version ${version} at ${ip}:${port}`);
      return key;
    }
    this.services(key).timestamp = Math.floor(new Date() / 1000);
    this.log.debug(`Updated services ${name}, version ${version} at ${ip}:${port}`);
    return key;
  }

I thought the code looked kinda amateurish. I am not sure if I am imagining things. Isn’t there a better way to assign values, also what about how the key is made, shouldn’t we use a random string generator or at least encode it after appending the values? What’s the best practice?

https://github.com/bluebrid/base-knowledge/blob/317bcdacd3a3806a6f98f05a7660dc97c506e8fb/javascript/advance/microservices/demo.1/service-registry/server/lib/ServiceRegistry.js

rust – What are the security implications of using anonymous download for Cargo Registry

We are setting up a Cargo registry in our company’s Artifactory. According to JFrog documentation, we need to allow anonymous downloads because Cargo client does not send any authentication headers when running install and search.

To quote the documentation: “Select the “Allow anonymous download and search” to block anonymous requests but still allow anonymous Cargo client downloads and performing search, to grant anonymous access specifically to those endpoints for the specific repository.” We are unsure what that exactly means security-wise.

We tested that any user we created, even if lacking the permissions to the Cargo repo, is allowed to download a crate from it by passing their credentials to git http authentication. We are ok with that.

But we assume that only the users from our organization are allowed to access the crates, since the git http authentication is to https://mycompany.jfrog.io. Is that correct?

  • Can anyone elaborate on this topic?
  • Is there a way to be able to use Artifactory permission model for download operation for Rust registries now or we have to wait on a change in Cargo client?

performance – Python script that converts Windows Registry Scripts (.reg) into PowerShell scripts (.ps1)

Well this a re-implementation of a PowerShell script that I wrote which does exactly the same thing, and I have ported it into Python.

After a quick Google search I found that there is only one other script that does the same thing, which can be found here: https://reg2ps.azurewebsites.net, though the output of Get remediation script isn’t as beautiful as mine, so my script does something truly special and pioneering.

You can find the PowerShell version here: https://codereview.stackexchange.com/a/261267/234107

This Python script converts a Windows registry file into a PowerShell script that is readily executable, it converts contents of the .reg file into New-PSDrive (if the script modifies a hive that isn’t HKCU or HKLM), New-Item, Set-ItemProperty, Remove-Item and Remove-ItemProperty commands.

It supports all five default registry hives:HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE and HKEY_USERS, and conversion from all six registry data types: REG_SZ, REG_DWORD, REG_QWORD, REG_EXPAND_SZ, REG_MULTI_SZ and REG_BINARY.

For starters, reg_sz and reg_dword are encoded in plain text, reg_sz values are plain ASCII string values, and the datatype for them in Set-ItemProperty cmdlet is String, REG_DWORD values are 32-bit (4 bytes, or two words) binary values encoded in hexadecimal, or 8 hexadecimal bits, their datatype is DWord and their values must be preceded by the hexadecimal header 0x.

String values are indicated by a double quotes after assignment sign, dword values are indicated by =dword:.

REG_QWORD is a 64-bit (8 bytes or four words) binary value, equivalent to 16 hexadecimal bits, it is usually split into chunks of two bits, reversed order and joined by comma.

Qword values are indicated by =hex(b):, "Qword0"=hex(b):8d,02,4e,b8,00,00,00,00 means the value is qword b84e028d, their datatype is qword and their values must be preceded by 0x.

REG_EXPAND_SZ is expandstring, it is indicated by =hex(2):, it is a string of multiple substrings delimited by semicolons, then encoded in ASCII, then 00 (null char) is inserted between every byte, the bytes are delimited by commas, then the whole encoding is broke up into multiple lines using backslashes as line breaks.

Like this:

"ExpandString"=hex(2):53,00,74,00,72,00,69,00,6e,00,67,00,31,00,3b,00,53,00,74,
  00,72,00,69,00,6e,00,67,00,32,00,3b,00,53,00,74,00,72,00,69,00,6e,00,67,00,
  33,00,3b,00,53,00,74,00,72,00,69,00,6e,00,67,00,34,00,00,00

Notice that every second byte is a null byte.

REG_MULTI_SZ is multistring, it is indicated by =hex(7) and very similar to expandstring, but it is a null delimited string of multiple lines with null characters serving as line breaks, so there are null bytes with odd indexes, like this:

"MultiString0"=hex(7):4c,00,69,00,6e,00,65,00,20,00,31,00,00,00,4c,00,69,00,6e,
  00,65,00,20,00,32,00,00,00,4c,00,69,00,6e,00,65,00,20,00,33,00,00,00,4c,00,
  69,00,6e,00,65,00,20,00,34,00,00,00,4c,00,69,00,6e,00,65,00,20,00,35,00,00,
  00,00,00

The odd indexed null characters must be represented by commas in PowerShell, the correct way to modify multistring values is supplying a array of the strings delimited by null chars, the commas should be where the odd indexed nulls are.

REG_BINARY is an arbitrary binary value in any format, indicated by =hex:, encoded in the same way as expandstring and multistring.

Like this:

"Test Binary"=hex:74,68,69,73,20,69,73,20,61,20,74,65,73,74,20,73,74,72,69,6e,
67

That are all the principles of the value conversions.

So here is the code:

import os, re, sys

def reg2ps1(args):
    
    hive = {
        'HKEY_CLASSES_ROOT':   'HKCR:',
        'HKEY_CURRENT_CONFIG': 'HKCC:',
        'HKEY_CURRENT_USER':   'HKCU:',
        'HKEY_LOCAL_MACHINE':  'HKLM:',
        'HKEY_USERS':          'HKU:'
    }
    
    addedpath = ()
    args = rf'{args}'
    
    if os.path.exists(args) and os.path.isfile(args) and args.endswith('.reg'):
        commands = ()
        f = open(args, 'r', encoding='utf-16')
        content = f.read()
        f.close()
        for r in hive.keys():
            if r in content and hive(r) not in ('HKCU:', 'HKLM:'):
                commands.append("New-PSDrive -Name {0} -PSProvider Registry -Root {1}".format(hive(r).replace(':', ''), r))
        filecontent = ()
        for line in content.splitlines():
            if line != '':
                filecontent.append(line.strip())
        
        text = ''
        joinedlines = ()
        
        for line in filecontent:
            if line.endswith('\'):
                text = text + line.replace('\', '')
            else:
                joinedlines.append(text + line)
                text = ''
        
        for joinedline in joinedlines:
            if re.search('(HKEY(.*)+)', joinedline):
                key = re.sub('(-?|)', '', joinedline)
                hivename = key.split('\')(0)
                key = '"' + (key.replace(hivename, hive(hivename))) + '"'
                if joinedline.startswith('(-HKEY'):
                    commands.append(f'Remove-Item -Path {key} -Force -Recurse -ErrorAction SilentlyContinue')
                else:
                    if key not in addedpath:
                        commands.append(f'New-Item -Path {key} -ErrorAction SilentlyContinue | Out-Null')
                        addedpath.append(key)
            elif re.search('"((^"=)+)"=', joinedline):
                delete = False
                name = re.search('("(^"=)+")=', joinedline).groups()(0)
                if '=-' in joinedline:
                    commands.append(f'Remove-ItemProperty -Path {key} -Name {name} -Force')
                    delete = True
                elif '"="' in joinedline:
                    vtype = 'String'
                    value = re.sub('"((^"=)+)"=', '', joinedline)
                elif 'dword' in joinedline:
                    vtype = 'Dword'
                    value = '0x' + re.sub('"((^"=)+)"=dword:', '', joinedline)
                elif 'qword' in joinedline:
                    vtype = 'QWord'
                    value = '0x' + re.sub('"((^"=)+)"=qword:', '', joinedline)
                elif re.search('hex(((2,7,b)))?:', joinedline):
                    value = re.sub('"((^"=)+)"=hex(((2,7,b)))?:', '', joinedline).split(',')
                    hextype = re.search('(hex(((2,7,b)))?)', joinedline).groups()(0)
                    if hextype == 'hex(2)':
                        vtype = 'ExpandString'
                        chars = ()
                        for i in range(0, len(value), 2):
                            if value(i) != '00':
                                chars.append(bytes.fromhex(value(i)).decode('utf-8'))
                        value = '"' + ''.join(chars) + '"'
                    elif hextype == 'hex(7)':
                        vtype = 'MultiString'
                        chars = ()
                        for i in range(0, len(value), 2):
                            if value(i) != '00':
                                chars.append(bytes.fromhex(value(i)).decode('utf-8'))
                            else:
                                chars.append(',')
                        chars0 = (''.join(chars)).split(',')
                        chars.clear()
                        for i in chars0:
                            chars.append('"' + i + '"')
                        value = '@(' + ','.join(chars).replace(',"",""', '') + ')'
                    elif hextype == 'hex(b)':
                        vtype = 'QWord'
                        value.reverse()
                        value = '0x' + ''.join(value).lstrip('0')
                    elif hextype == 'hex':
                        vtype = 'Binary'
                        value1 = ()
                        for i in value:
                            value1.append('0x' + i)
                        value = '((byte())$(' + ','.join(value1) + '))'
                if not delete:
                    if '@=' in joinedline:
                        value = joinedline.replace('@=', '')
                        commands.append(f'Set-ItemProperty -Path {key} -Name "(Default)" -Type "String" -Value {value}')
                    else:
                        commands.append('Set-ItemProperty -Path {0} -Name {1} -Type {2} -Value {3} -Force'.format(key, name, vtype, value))
        filename = args.replace('.reg', '_reg.ps1')
        output = open(filename, 'w+')
        print(*commands, sep='n', file=output)
        output.close()

if __name__ == '__main__':
    reg2ps1(sys.argv(1))

I am really very new to Python and this is the first time I have written something so complex like this in Python, and I know my script is really ugly, but it does get the conversions done right.

Sample input:

Windows Registry Editor Version 5.00

(HKEY_CURRENT_USERTest)
"Test String"="This is a test string"
"Test Binary"=hex:74,68,69,73,20,69,73,20,61,20,74,65,73,74,20,73,74,72,69,6e,
  67
"Dword0"=dword:b5e50577
"Dword1"=dword:b7feec6c
"Qword0"=hex(b):8d,02,4e,b8,00,00,00,00
"Qword2"=hex(b):ff,ff,ff,ff,00,00,00,00
"MultiString0"=hex(7):4c,00,69,00,6e,00,65,00,20,00,31,00,00,00,4c,00,69,00,6e,
  00,65,00,20,00,32,00,00,00,4c,00,69,00,6e,00,65,00,20,00,33,00,00,00,4c,00,
  69,00,6e,00,65,00,20,00,34,00,00,00,4c,00,69,00,6e,00,65,00,20,00,35,00,00,
  00,00,00
"ExpandString"=hex(2):53,00,74,00,72,00,69,00,6e,00,67,00,31,00,3b,00,53,00,74,
  00,72,00,69,00,6e,00,67,00,32,00,3b,00,53,00,74,00,72,00,69,00,6e,00,67,00,
  33,00,3b,00,53,00,74,00,72,00,69,00,6e,00,67,00,34,00,00,00

Sample output:

Registry Editor view:

enter image description here

New-Item -Path "HKCU:Test" -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path "HKCU:Test" -Name "Test String" -Type String -Value "This is a test string" -Force
Set-ItemProperty -Path "HKCU:Test" -Name "Test Binary" -Type Binary -Value ((byte())$(0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,0x61,0x20,0x74,0x65,0x73,0x74,0x20,0x73,0x74,0x72,0x69,0x6e,0x67)) -Force
Set-ItemProperty -Path "HKCU:Test" -Name "Dword0" -Type Dword -Value 0xb5e50577 -Force
Set-ItemProperty -Path "HKCU:Test" -Name "Dword1" -Type Dword -Value 0xb7feec6c -Force
Set-ItemProperty -Path "HKCU:Test" -Name "Qword0" -Type QWord -Value 0xb84e028d -Force
Set-ItemProperty -Path "HKCU:Test" -Name "Qword2" -Type QWord -Value 0xffffffff -Force
Set-ItemProperty -Path "HKCU:Test" -Name "MultiString0" -Type MultiString -Value @("Line 1","Line 2","Line 3","Line 4","Line 5") -Force
Set-ItemProperty -Path "HKCU:Test" -Name "ExpandString" -Type ExpandString -Value "String1;String2;String3;String4" -Force

Please help me simplify and beautify my code, so that it does the same conversions correctly with less code and better format, thank you!

Accidently deleted ‘wow6432node’ from ‘hkey_local_machine software’ registry

I was instaling and uninstalling some softwares. Found some leftovers in registry. Tried to remove em. Found one name ‘wow6432node’ and thought it was also a leftover. So clicked delete. It said unable to delete. I Ignored it but then pc started acting stangely. Fonts are all messed up. I neither can’t use any software nor login. Unfortunetly I am dual booting it with ubuntu so I don’t know how to get into recovery (Doesn’t know if it helps or not).

Is it possible to bypass install UAC prompt without registry editing (Windows 10)

You cannot install without administrator permissions that you don’t have.

If you have any virtual machine product that is already installed on
the computer, you could create a virtual machine, which is basically
a computer where you are the only administrator.
This way, you will not enter in conflict with your company’s
security policy.

Another solution to installing software products is to find a portable version
of these products that can work without installation.
The website
PortableApps.com
contains a list of such products.