SMASH THE STACK LEVEL2
time to play
|
1 2 |
level2@io:/levels$ ./level02 source code is available in level02.c |
let’s read what it says
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
level2@io:/levels$ cat level02.c //a little fun brought to you by bla #include <stdio.h> #include <stdlib.h> #include <signal.h> #include <setjmp.h> void catcher(int a) { setresuid(geteuid(),geteuid(),geteuid()); printf("WIN!\n"); system("/bin/sh"); exit(0); } int main(int argc, char **argv) { puts("source code is available in level02.c\n"); if (argc != 3 || !atoi(argv[2])) return 1; signal(SIGFPE, catcher); return abs(atoi(argv[1])) / atoi(argv[2]); } level2@io:/levels$ |
first function catcher and it trigger the suid and drop the bash nice this is what we want
SMASH THE STACK Level1
after login to the ssh server levels located on /levels so let’s play level1
|
1 2 |
level2@io:/levels$ ls -alh level01 -r-sr-x--- 1 level2 level1 1.2K Jan 13 2014 level01 |
as u notice it had suid permeation -r-sr-x— for level2 so it will lead us to a user (level2 )
|
1 2 |
level1@io:/levels$ ./level01 Enter the 3 digit passcode to enter: 838 |
I entered any test number and it leads me with no respond 😀 crazy huh! so I decided to look
NGINX forward visitor real ip to apache
let’s assume u have NGINX on port 80 apache on port 8080 in nginx config -> sever config -> virtualhost config
|
1 2 3 4 5 6 7 |
location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } |
Files Encrypt with GPG
GPG = Gnu Privacy Guard To secure file from unauthorised access with the password in Linux/Unix is very simple method 🙂 lets assume we have a secure file with some financials stuff called orders.xls and we want to email it to our partners and we want to get sure just he is the only one
Script : MySQL Create Database UTF-8 with user and password
we do create many databases every day and i love UTF-8 data formate so i decided to make something simple and save my time here is the syntax to create a database called unixawy in utf8
|
1 |
CREATE DATABASE `unixawy` CHARACTER SET utf8 COLLATE utf8_general_ci; |
to add a user for unixawy with password unixawysecret
|
1 2 |
GRANT ALL ON `test1`.* TO 'unixawy'@'localhost' IDENTIFIED BY 'unixawysecret'; FLUSH PRIVILEGES; |
also, i made a simple script to save my
Rest MySQL root password
we all hate this ERROR 1045 (28000): the problem starts with “you can’t access and u will not be able to change the MySQL/MariaDB password while the service is running u have to disable it and run mysqld_safe which will allow u to update the user table inside MySQL database with no password then u will
Hello world!
Welcome to UNIXAWY. This is my first post. I made the blog to save someone time as someone saved my time 😉