Идеальная удочка, правда для слишком неопытного пользователя.
Бот предлагает ввести код ( с такими вот интересными кнопочками) , который придет от ТГ))))
Бот предлагает ввести код ( с такими вот интересными кнопочками) , который придет от ТГ))))
👍3
https://github.com/mas0yama/bahnhofzooC2.T1090.004
В рамках курсача реализовал технику прикрытия доменом Domain Fronting
В рамках курсача реализовал технику прикрытия доменом Domain Fronting
GitHub
GitHub - mas0yama/bahnhofzooC2.T1090.004: C2 with basic domain fronting implemented.
C2 with basic domain fronting implemented. Contribute to mas0yama/bahnhofzooC2.T1090.004 development by creating an account on GitHub.
👍2
Итак! Начал ковырять SQL-инъекции на sql.training.hackerdom.ru.
По ходу дела райтапил то, что писал.
Илья Шапошников
Еще одна преза с конфы
По ходу дела райтапил то, что писал.
Илья Шапошников
Еще одна преза с конфы
🔥2
На лекции, посвященной побочным каналам связи, Пугачёв Илья Борисович рассказал про перехват ПЭМИН (побочных электромагнитных излучений) и последующие воспроизведение.
Вот пример, можно сразу на 03:00 промотать
https://www.youtube.com/watch?v=iSScvB4Rgj0
Вот пример, можно сразу на 03:00 промотать
https://www.youtube.com/watch?v=iSScvB4Rgj0
YouTube
💥 АМ ПЕРЕДАТЧИК из монитора ПК. Модулируем помехи. Tempest for Eliza - AM Radio Signal Transmitter
Программы, которые используют монитор вашего компьютера для отправки радиосигналов AM.
1) Tempest AM Radio Signal Transmitter (Передатчик радиосигналов Tempest AM): https://github.com/priikone/tempest-AM
2) Tempest for Eliza: http://www.erikyyy.de/tempest/…
1) Tempest AM Radio Signal Transmitter (Передатчик радиосигналов Tempest AM): https://github.com/priikone/tempest-AM
2) Tempest for Eliza: http://www.erikyyy.de/tempest/…
👍1
#pentest_kiddo
Real UID - the one who owns the process.
Effective UID - what the operating system looks at to make a decision whether smth is allowed to be done.
You can temporarily do it by setting the euid to the real user id and then changing the uid to anything you want.And later when you need the root privilege back you can setuid to root and the effective userid will change back to root. This is because the saved user id is not changed.
www.root-me.org/en/Challenges/App-Script/ELF32-System-1?lang=en
So, there is compiled .c file with the next source code.
So, we may try setting up an
An alias is a shell feature: any environment that invokes utilities directly, without involving a shell will not see aliases.
Note: Even when calling shell commands from languages such as Python (using, e.g., os.system()), user-specific shell initialization files are typically not called, so user-specific aliases still won't be visible.
A directory added to the $PATH environment variable is respected by any process that tries to invoke an executable by mere filename, whether via a shell or not.
Similarly, this assumes that any calling process sees the $PATH environment-variable additions of interest, so additions made by the user-specific initialization files are typically not seen, unless the calling process was launched from an interactive shell.
All in all, the solution is next:
Резюмирую, прав на перекомпиляцию кода не хватает, нужен обходной путь. Для этого мы меняем переменную окружения, добавляя в нее /tmp/ls , что есть /bin/cat
setreuid(), setregid(), seteuid(), geteuid().The matter is that there is different types of user ID (uid) in Linux.
Real UID - the one who owns the process.
Effective UID - what the operating system looks at to make a decision whether smth is allowed to be done.
You can temporarily do it by setting the euid to the real user id and then changing the uid to anything you want.And later when you need the root privilege back you can setuid to root and the effective userid will change back to root. This is because the saved user id is not changed.
www.root-me.org/en/Challenges/App-Script/ELF32-System-1?lang=en
So, there is compiled .c file with the next source code.
#include <stdlib.h>Obviously, we need to read .
#include <sys/types.h>
#include <unistd.h>
int main(void)
{
setreuid(geteuid(), geteuid());
system("ls /challenge/app-noscript/ch11/.passwd");
return 0;
}
passwd file, and there is no way to recompile this code.So, we may try setting up an
alias or editing the $PATH variable.An alias is a shell feature: any environment that invokes utilities directly, without involving a shell will not see aliases.
Note: Even when calling shell commands from languages such as Python (using, e.g., os.system()), user-specific shell initialization files are typically not called, so user-specific aliases still won't be visible.
A directory added to the $PATH environment variable is respected by any process that tries to invoke an executable by mere filename, whether via a shell or not.
Similarly, this assumes that any calling process sees the $PATH environment-variable additions of interest, so additions made by the user-specific initialization files are typically not seen, unless the calling process was launched from an interactive shell.
All in all, the solution is next:
cp /bin/cat /tmp/lsAnd then, run the binary.
export PATH = /tmp:$PATH
Резюмирую, прав на перекомпиляцию кода не хватает, нужен обходной путь. Для этого мы меняем переменную окружения, добавляя в нее /tmp/ls , что есть /bin/cat
www.root-me.org
Challenges/App - Script : Bash - System 1 [Root Me : Hacking and Information Security learning platform]
Bash - System 1 : Find your path, padawan!
🔥2❤1