Author: Ahmad
Date: December 1, 2014
Categories:
Security,
tech
time to play
|
|
level2@io:/levels$ ./level02 source code is available in level02.c |
let’s read what it says
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
level2@io:/levels$ cat level02.c //a little fun brought to you by bla #include <stdio.h> #include <stdlib.h> #include <signal.h> #include <setjmp.h> void catcher(int a) { setresuid(geteuid(),geteuid(),geteuid()); printf("WIN!\n"); system("/bin/sh"); exit(0); } int main(int argc, char **argv) { puts("source code is available in level02.c\n"); if (argc != 3 || !atoi(argv[2])) return 1; signal(SIGFPE, catcher); return abs(atoi(argv[1])) / atoi(argv[2]); } level2@io:/levels$ |
first function catcher and it trigger the suid and drop the bash nice this is what we want
Author: Ahmad
Date: December 1, 2014
Categories:
Security,
tech
after login to the ssh server levels located on /levels so let’s play level1
|
|
level2@io:/levels$ ls -alh level01 -r-sr-x--- 1 level2 level1 1.2K Jan 13 2014 level01 |
as u notice it had suid permeation -r-sr-x— for level2 so it will lead us to a user (level2 )
|
|
level1@io:/levels$ ./level01 Enter the 3 digit passcode to enter: 838 |
I entered any test number and it leads me with no respond 😀 crazy huh! so I decided to look […]
Author: Ahmad
Date: November 30, 2014
let’s assume u have NGINX on port 80 apache on port 8080 in nginx config -> sever config -> virtualhost config
|
|
location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } |
Author: Ahmad
Date: November 24, 2014
Categories:
Linux,
Security
GPG = Gnu Privacy Guard To secure file from unauthorised access with the password in Linux/Unix is very simple method 🙂 lets assume we have a secure file with some financials stuff called orders.xls and we want to email it to our partners and we want to get sure just he is the only one […]
Author: Ahmad
Date: November 24, 2014
we do create many databases every day and i love UTF-8 data formate so i decided to make something simple and save my time here is the syntax to create a database called unixawy in utf8
|
|
CREATE DATABASE `unixawy` CHARACTER SET utf8 COLLATE utf8_general_ci; |
to add a user for unixawy with password unixawysecret
|
|
GRANT ALL ON `test1`.* TO 'unixawy'@'localhost' IDENTIFIED BY 'unixawysecret'; FLUSH PRIVILEGES; |
also, i made a simple script to save my […]
Author: Ahmad
Date: November 24, 2014
Categories:
Databases,
Linux
we all hate this ERROR 1045 (28000): the problem starts with “you can’t access and u will not be able to change the MySQL/MariaDB password while the service is running u have to disable it and run mysqld_safe which will allow u to update the user table inside MySQL database with no password then u will […]
Author: Ahmad
Date: November 24, 2014
Welcome to UNIXAWY. This is my first post. I made the blog to save someone time as someone saved my time 😉