Author: Ahmad
time to play
1 2 |
level2@io:/levels$ ./level02 source code is available in level02.c |
let’s read what it says
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
level2@io:/levels$ cat level02.c //a little fun brought to you by bla #include <stdio.h> #include <stdlib.h> #include <signal.h> #include <setjmp.h> void catcher(int a) { setresuid(geteuid(),geteuid(),geteuid()); printf("WIN!\n"); system("/bin/sh"); exit(0); } int main(int argc, char **argv) { puts("source code is available in level02.c\n"); if (argc != 3 || !atoi(argv[2])) return 1; signal(SIGFPE, catcher); return abs(atoi(argv[1])) / atoi(argv[2]); } level2@io:/levels$ |
first function catcher and it trigger the suid and drop the bash nice this is what we want
after login to the ssh server levels located on /levels so let’s play level1
1 2 |
level2@io:/levels$ ls -alh level01 -r-sr-x--- 1 level2 level1 1.2K Jan 13 2014 level01 |
as u notice it had suid permeation -r-sr-x— for level2 so it will lead us to a user (level2 )
1 2 |
level1@io:/levels$ ./level01 Enter the 3 digit passcode to enter: 838 |
I entered any test number and it leads me with no respond 😀 crazy huh! so I decided to look
NGINX forward visitor real ip to apache
let’s assume u have NGINX on port 80 apache on port 8080 in nginx config -> sever config -> virtualhost config
1 2 3 4 5 6 7 |
location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass; } |
Files Encrypt with GPG
GPG = Gnu Privacy Guard To secure file from unauthorised access with the password in Linux/Unix is very simple method 🙂 lets assume we have a secure file with some financials stuff called orders.xls and we want to email it to our partners and we want to get sure just he is the only one
Script : MySQL Create Database UTF-8 with user and password
we do create many databases every day and i love UTF-8 data formate so i decided to make something simple and save my time here is the syntax to create a database called unixawy in utf8
1 |
CREATE DATABASE `unixawy` CHARACTER SET utf8 COLLATE utf8_general_ci; |
to add a user for unixawy with password unixawysecret
1 2 |
GRANT ALL ON `test1`.* TO 'unixawy'@'localhost' IDENTIFIED BY 'unixawysecret'; FLUSH PRIVILEGES; |
also, i made a simple script to save my
Rest MySQL root password
we all hate this ERROR 1045 (28000): the problem starts with “you can’t access and u will not be able to change the MySQL/MariaDB password while the service is running u have to disable it and run mysqld_safe which will allow u to update the user table inside MySQL database with no password then u will
Hello world!
Welcome to UNIXAWY. This is my first post. I made the blog to save someone time as someone saved my time 😉