idarlund

Got an update from Darren. The problem seems to be with the date and not the CA database 😄 Here's an easy fix for it: root@shark:/# curl https://downloads.hak5.org curl: (51) Error root@shark:/# date Mon Aug 23 23:37:01 UTC 2021 root@shark:/# ntpd -q -p 1.openwrt.pool.ntp.org root@shark:/# date Tue Mar 29 07:46:03 UTC 2022 root@shark:/# curl https://downloads.hak5.org <!doctype html> [...]

This is getting really annoying. pip is also affected by this (maybe because it also uses wget): root@shark:~# pip3 install netifaces Collecting netifaces Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] unknown error (_ssl.c:852)'),)': /simple/netifaces/ [...] Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] unknown error (_ssl.c:852)'),)) - skipping The /etc/ssl/certs/ directory does exist with many certificates. The /etc/ssl/cert.pem points to /etc/ssl/certs/ca-certificates.crt which also exists. I believe that there's either an old ca-certificates.crt or wget are not using the /etc/ssl/* correctly. Please look into this.

I encountered this error as well today. I didn't know about this forum unill now so I posted an issue on github; https://github.com/hak5/sharkjack-payloads/issues/53 The problem seems to be that wget are unable to verify the ssl certificate from 'downloads.hak5.org'. After some more testing I also saw that wget was unable to verify many more certificates, such as wikipedia, google, etc; root@shark:~# wget https://wikipedia.org -O /tmp/wikipedia Downloading 'https://wikipedia.org' Connecting to 91.198.174.192:443 Connection error: Invalid SSL certificate root@shark:~# wget https://google.com -O /tmp/google Downloading 'https://google.com' Connecting to 142.250.74.78:443 Connection error: Invalid SSL certificate My guess is that shark jack either has really old CA repository or wget are unable to verify against the CA repository on the shark jack.