June 2023
M	T	W	T	F	S	S
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Archive for the ‘*nix’ Category

The CPU load average metric often is not a good one to alert on

Posted by jpluimers on 2023/04/20

Boy I wish threads with more than one person could be saved by the ThreadReaderApp.

Anyway:

[WayBack] Thread by @mipsytipsy: oh boy.. i was just idly musing over how the single most ubiquitous/useless metric is “CPU load average”, lol i wonder if you could use CPU…

Charity Majors

Follow @mipsytipsy

Jun 4th 2020

oh boy.. i was just idly musing over how the single most ubiquitous/useless metric is “CPU load average”, lol

i wonder if you could use CPU load alerts to score how modern and powerful a team’s toolchain is, like a Waffle House Index for tooling. 🤔

https://twitter.com/drk/status/1261412705316925440

…oh oh! but i was gonna say, this thread between @drk and @shelbyspees is a killer nanotutorial in how to ask better questions about your code — where to start, how to drill down and dig in, how to instrument, and how to approach such an open-ended exploratory jaunt. 👏🐝❤️

it’s a really good illustration of this thing we end up saying all the time, which is “don’t fear the future, it is simpler and clearer and *easier* here! the way you are doing it NOW is the hard way!” 😖

time for cpu load average to go the way of the PC LOAD LETTER …

0:00

/ 0:01

Read the rest of this entry »

Posted in *nix, Cloud, Development, DevOps, Infrastructure, Power User, Software Development, Systems Architecture | Leave a Comment »

xxd examples of big/little/middle endianness (thanks @jilles_com!)

Posted by jpluimers on 2023/04/18

Cool one-liner program via [Archive] Jilles🏳️‍🌈 (@jilles_com) / Twitter:

for s in 0123456789ABCDEF 172.16.0.254 Passwd:admin;do echo -en "Big    Endian: $s\nMiddle Endian: ";echo -n $s|xxd -e -g 4 | xxd -r;echo -en "\nLittle Endian: ";echo -n $s|xxd -e -g 2 | xxd -r;echo -en "\nReversed     : ";echo -n $s|xxd -p -c1 | tac | xxd -p -r;echo -e "\n";done

Note that the hex are bytes, not nibbles, so the endianness is OK:

Big Endian: 0123456789ABCDEF
Middle Endian: 32107654BA98FEDC
Little Endian: 1032547698BADCFE
Reversed : FEDCBA9876543210

Big Endian: 172.16.0.254
Middle Endian: .2710.61452.
Little Endian: 71.2610.2.45
Reversed : 452.0.61.271

Big Endian: Passwd:admin
Middle Endian: ssaPa:dwnimd
Little Endian: aPssdwa:mdni
Reversed : nimda:dwssaP

That nibble/byte thing confused me at first (as I associate hexadecimal output with hex dumps, where each hexadecimal character represents a nibble)) so here are some interesting messages from the thread that Jilles_com started:

Some related man pages:

–jeroen

Posted in *nix, *nix-tools, bash, Development, Power User, Scripting, Software Development, xxd | Leave a Comment »

Installing Windows OpenSSH from the command-line on Windows 10 and 11

Posted by jpluimers on 2023/03/28

While writing On my reading list: Windows Console and PTY, I found out that OpenSSH had become available as an optional Windows feature.

It was in [Wayback/Archive.is] Windows Command-Line: Introducing the Windows Pseudo Console (ConPTY) | Windows Command Line:

Thankfully, OpenSSH was recently ported to Windows and added as a Windows 10 optional feature. PowerShell Core has also adopted ssh as one of its supported PowerShell Core Remoting protocols.

Here are a few links:

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, ConPTY, Console (command prompt window), Development, Internet protocol suite, OpenSSH, Power User, SSH, ssh/sshd, TCP, Windows, Windows 10, Windows 11 | Leave a Comment »

llamasoft/polyshell: A Bash/Batch/PowerShell polyglot!

Posted by jpluimers on 2023/03/16

PolyShell is a script that’s simultaneously valid in Bash, Windows Batch, and PowerShell (i.e. a polyglot).

[Wayback/Archive] llamasoft/polyshell: A Bash/Batch/PowerShell polyglot!

Need to check this out, as often I have scripts that have to go from one language to the other or vice versa.

Maybe it enables one language to bootstrap functionality in the other?

The quest

The above polyglot started with a quest to see if I can could include some PowerShell statements in a batch file with two goals:

if the batch file started from the PowerShell command prompt, then execute the PowerShell code
if the batch file started from the cmd.exe command prompt, then have it start PowerShell with the same command-line arguments

The reasoning is simple:

PowerShell scripts will start from the PATH only when PowerShell is already running
Batch files start from the path when either cmd.exe or PowerShell are running

Lots of users still live in the cmd.exe world, but PowerShell scripts are way more powerful, and since PowerShell is integrated in Windows since version 7, so having a batch file bootstrap PowerShell still makes sense.

Since my guess was about quoting parameters the right way, my initial search for the link below was [Wayback/Archive] powershell execute statement from batch file quoting – Google Search.

I have dug not yet into this, so there are still…

Many links to read

These should give me a good idea how to implement a polyglot batch file/PowerShell script.

[Wayback/Archive] powershell execute statement from batch file quoting – Google Search
- [Wayback/Archive] How to execute PowerShell commands from a batch file? – Stack Overflow was a step up into getting to the right queries and got me to:
  - [Wayback/Archive] PowerShell script in a .bat file | Dmitry’s Blog: Cloud, PowerShell and beyond has convoluted solutions (encoding as base64 or into a single string), but are intriguing as these means are often used to disguise code during attacks (be it from red teams or bad guys).
[Wayback/Archive] hybrid powershell batch file – Google Search
- [Wayback/Archive] How to run a PowerShell script within a Windows batch file – Stack Overflow has a first answer that does not support parameters, but does show that quoting enables the use of scripts that have spaces in their filenames (always a pain, but still important to support):
  - This one only passes the right lines to PowerShell:
    
    dosps2.cmd:
```
@findstr/v "^@f.*&" "%~f0"|powershell -&goto:eof
Write-Output "Hello World" 
Write-Output "Hello some@com & again" 
```
    The regular expression excludes the lines starting with @f and including an & and passes everything else to PowerShell.
```
C:\tmp>dosps2
Hello World
Hello some@com & again
```
  but the second answer got me in the below polyglot search query
  - It sounds like you’re looking for what is sometimes called a “polyglot script”. For CMD -> PowerShell,
```
@@:: This prolog allows a PowerShell script to be embedded in a .CMD file.
@@:: Any non-PowerShell content must be preceeded by "@@"
@@setlocal
@@set POWERSHELL_BAT_ARGS=%*
@@if defined POWERSHELL_BAT_ARGS set POWERSHELL_BAT_ARGS=%POWERSHELL_BAT_ARGS:"=\"%
@@PowerShell -Command Invoke-Expression $('$args=@(^&{$args} %POWERSHELL_BAT_ARGS%);'+[String]::Join([char]10,$((Get-Content '%~f0') -notmatch '^^@@'))) & goto :EOF
```
    If you don’t need to support quoted arguments, you can even make it a one-liner:
```
@PowerShell -Command Invoke-Expression $('$args=@(^&{$args} %*);'+[String]::Join([char]10,(Get-Content '%~f0') -notmatch '^^@PowerShell.*EOF$')) & goto :EOF
```
    Taken from http://blogs.msdn.com/jaybaz_ms/archive/2007/04/26/powershell-polyglot.aspx. That was PowerShell v1; it may be simpler in v2, but I haven’t looked.
- [Wayback/Archive] PowerShell polyglot | Microsoft Docs
[Wayback/Archive] powershell polyglot – Google Search
- [Wayback/Archive] Command Line Interpreters: POSIX Shell, Cmd.exe, PowerShell – Hyperpolyglot (a great table with differences between the various command-line interpreters / scripting engines)
- [Wayback/Archive] PowerShell embedded in a batch script, AKA Polyglot script – Microsoft Tech Community (this solution looks very unreadable to me, but that might be because the listing in it is neither indented, nor syntax highlighted)
- [Wayback/Archive] PolyShell: a Bash/Batch/PowerShell polyglot template for input injection : programming
  - [Wayback/Archive] Polyshell : A Bash/Batch/PowerShell Polyglot 2020 gave much insight, especially on the how:
    …
    
    There are quite a few quirks that were leveraged or had to be worked around:
    - All three languages have different escape characters:
      
      Bash: backslash (\)
      
      Batch: caret (^)
      
      PowerShell: backtick (`)
    - Escape characters work inside Bash and PowerShell strings, but not batch strings.
    - Redirects (i.e. < and >) have special meaning in all three languages unless quoted.
    - Redirects don’t have to be at the end of a command.
      
      This is valid Bash/Batch/PowerShell: echo >output.txt "Hello World"
    - Batch is the only language without multi-line strings or comments.
    - Batch treats > as a redirect even when it directly touches a string, but PowerShell doesn’t.
    - Batch script GOTO statements only work when run as a script, not when run interactively.
    - PowerShell’s multi-line comment (<#) must be immediately preceded by whitespace.
    - Bash’s here documents may begin anywhere so long as it’s unquoted and not a comment.
    …
    It also pointed me to the above repository on GitHub, so lets include it here as well:
    - [Wayback/Archive] llamasoft/polyshell: A Bash/Batch/PowerShell polyglot!
[Wayback/Archive] koma-private/Polyglots: PowerShell scripts encapsulated into batch files
I had a short play around with it from a cmd.exe prompt, and it hides that prompt after finishing. Need to figure out why, and if it can be prevented or undone.

The culprit is the below call in [Wayback/Archive] Polyglots/PSWrapper.cmd at master · koma-private/Polyglots · GitHub:
```
hideWindow $script:cmdPid   # Prevent user from closing command prompt
```
- [Wayback/Archive] Embed PowerShell inside a batch file : Dave Amenta
[Wayback/Archive] windows – Strange redirect in Batch/Powershell polyglot – Stack Overflow basically asks all the questions I have (how does a polyglot actually work?)
- [Wayback/Archive] Powerglot – encodes offensive powershell scripts using polyglots
  - [Wayback/Archive] mindcrypt/powerglot: Powerglot encodes offensive powershell scripts using polyglots . Offensive security tool useful for stego-malware, privilege escalation, lateral movement, reverse shell, etc.
    
    Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload.
    
    It basically is a Python script that allows you to generate a polyglot from multiple separate scripts.
[Wayback/Archive] powershell batch polyglot – Google Search (still need to check out the results there if I bump into issues creating one myself)
[Wayback/Archive] powershell batch hybrid – Google Search
- [Wayback/Archive] batch-file Tutorial – Batch files and Powershell hybrids
[Wayback/Archive] powershell batch hybrid iex – Google Search (to see if some part of the script could be automatically downloaded by iex, aka [Wayback/Archive] Invoke-Expression (Microsoft.PowerShell.Utility) – PowerShell | Microsoft Docs)
[Wayback/Archive] How to enable execution of PowerShell scripts? – Super User
- [Wayback/Archive] command line – Set up PowerShell Script for Automatic Execution – Stack Overflow
  - [Wayback/Archive] PowerShell polyglot – jaybaz [MS] WebLog – Site Home – MSDN Blogs, which does not exist any more, but this does:
    - [Wayback/Archive] Wrapping some other scripting language inside a batch file – The Old New Thing showing how to do polyglot with Batch Files and either Perl or JavaScript.

–jeroen

Posted in *nix, *nix-tools, bash, bash, Batch-Files, Development, JavaScript/ECMAScript, Perl, Polyglot, Power User, PowerShell, Scripting, Software Development | Leave a Comment »

linux – Newline-separated xargs – Server Fault

Posted by jpluimers on 2023/03/07

A long time ago, on just one system, I forgot which one, I needed explicit [Wayback/Archive] linux – Newline-separated xargs – Server Fault.

The simple solution was to replace the newline with null before running xargs:

tr '\n' '\0'

The clean solution was to install gnu xargs:

GNU xargs (default on Linux; install findutils from MacPorts on OS X to get it) supports -d which lets you specify a custom delimiter for input, so you can do
ls *foo | xargs -d '\n' -P4 foo 

–jeroen

Posted in *nix, *nix-tools, bash, Development, Power User, Scripting, Software Development, xargs | Leave a Comment »

« Previous Entries

	Mike Verhagen on geerlingguy/my-backup-plan: Ho…
	Attila Kovacs on docs.embarcadero.com unreachab…
	David Blue on MacOS: converting a man page t…
	jpluimers on How do I pretty-print JSON in…
	jpluimers on Delphi 10.2 Tokyo Godzilla ISO…

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘*nix’ Category

The CPU load average metric often is not a good one to alert on

xxd examples of big/little/middle endianness (thanks @jilles_com!)

Installing Windows OpenSSH from the command-line on Windows 10 and 11

llamasoft/polyshell: A Bash/Batch/PowerShell polyglot!

The quest

Many links to read

linux – Newline-separated xargs – Server Fault

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘*nix’ Category

The CPU load average metric often is not a good one to alert on

Rate this:

Share this:

Like this:

xxd examples of big/little/middle endianness (thanks @jilles_com!)

Rate this:

Share this:

Like this:

Installing Windows OpenSSH from the command-line on Windows 10 and 11

Rate this:

Share this:

Like this:

llamasoft/polyshell: A Bash/Batch/PowerShell polyglot!

The quest

Many links to read

Rate this:

Share this:

Like this:

linux – Newline-separated xargs – Server Fault

Rate this:

Share this:

Like this: