Linux Fu: Walk, Chew Gum
If you ever think about it, computers are exceedingly stupid. Even the most powerful CPU can’t do very much. However, it can do what it does very rapidly and repeatably. …read more Continue reading Linux Fu: Walk, Chew Gum
Category Archives: Bash
Can’t write to /etc/shadow with "echo" but with "nano" i can [migrated]
My goal is to write in /etc/passwd to escalate privileges to root.
i generated password "test1" for the new root user : openssl passwd test1
and i use echo to append a new entry in /etc/passwd file : sudo echo "root2:rmeF3kd… Continue reading Can’t write to /etc/shadow with "echo" but with "nano" i can [migrated]
Unable to click Enter after foreground a process [migrated]
This maybe a lame question but I am facing serious trouble with this. I am practicing penetration testing on some lab boxes. I got the partial reverse shell. In order to make this fully interactive shell, I need to background that current … Continue reading Unable to click Enter after foreground a process [migrated]
Linux Fu: Mixing Bash and Python
Although bash scripts are regularly maligned, they do have a certain simplicity and ease of creation that makes them hard to resist. But sometimes you really need to do some …read more Continue reading Linux Fu: Mixing Bash and Python
AI Makes Linux Do What You Mean, Not What You Say
We are always envious of the Star Trek Enterprise computers. You can just sort of ask them a hazy question and they will — usually — figure out what you …read more Continue reading AI Makes Linux Do What You Mean, Not What You Say
Is there a way to change your current UID to equal your EUID?
Here is the scenario:
running id gives this :
uid=1001(test1) gid=1001(test1) euid=1000(bl4ckc4t) groups=1001(test1) –
This means that I am user test1, but my euid is set to another user.
My goal is to get my uid to change to 1000 from my … Continue reading Is there a way to change your current UID to equal your EUID?
How to supply both passphrase and string to encrypt to GnuPG using command line?
Considering using echo -n "passphrase" | gpg –batch –passphrase-fd 0 … inside of Bash script (which should mitigate leaking passphrase to process list given echo is a built-in command, right?).
I need to know passphrase to cr… Continue reading How to supply both passphrase and string to encrypt to GnuPG using command line?
Linux Fu: Shell Script File Embedding
You need to package up a bunch of files, send them somewhere, and do something with them at the destination. It isn’t an uncommon scenario. The obvious answer is to …read more Continue reading Linux Fu: Shell Script File Embedding
Are positional parameters vulnerable to command injection?
I am trying to find if the following shell script is vulnerable to command injection
#!/bin/sh
set -x
dig +noall +answer TXT $2._domainkey.$1
Now when I try something like this,
sh script.sh "sparkpost.com & echo \$(whoami)"… Continue reading Are positional parameters vulnerable to command injection?
Possible to inject in the middle of a ROOT NOPASSWD command with a wild card?
I’m testing for privilege escalations on a Ubuntu 18.04 host, and after running sudo -l , I’ve discovered a couple of root NOPASSWD commands for a standard user (w/unknown password). These commands contain wild cards.
Example: (root) NOPAS… Continue reading Possible to inject in the middle of a ROOT NOPASSWD command with a wild card?