Archive for the ‘*nix’ Category
Posted by jpluimers on 2023/08/17
A while ago I wrote about Figuring out the open network connections for processes ran by python, which explained the TL;DR:
pidof python | tr " " "\n" | xargs -r -n 1 lsof -i -a -e /run/user/1001/gvfs -p
Now I needed thread information as well, so below two examples using ps and pstree. I won’t explain the pidof and xargs stuff here as that was already covered in the above blog-post and I found out that ps already has a built-in way to filter on process name.
The ps solution uses the H, -L or -T argument to show the threads:
Read the rest of this entry »
Posted in *nix, *nix-tools, bash, Development, lsof, Power User, ps, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2023/07/26
TL;DR is at the bottom (;
5 days ago this exploit development got published: [Wayback/Archive] snowcra5h/CVE-2023-38408: CVE-2023-38408 Remote Code Execution in OpenSSH’s forwarded ssh-agent.
It is about [Wayback/Archive] NVD – CVE-2023-38408 which there at NIST isn’t rated (yet?), neither at [Wayback/Archive] CVE-2023-38408 : The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remot.
However at [Wayback/Archive] CVE-2023-38408- Red Hat Customer Portal it scores 7.3 and [Wayback/Archive] CVE-2023-38408 | SUSE it did get a rating of 7.5, so since I mainly use OpenSuSE I wondered what to do as the CVE is formulated densely at [Wayback/Archive] www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt: it mentions Alice, but no Bob or Mallory (see Alice and Bob – Wikipedia).
Luckily, others readly already did the fine reading and emphasised the important bits, especially at [Wayback/Archive] RCE Vulnerability in OpenSSH’s SSH-Agent Forwarding: CVE-2023-38408 (note that instead of Alex, they actually mean Alice)
“A system administrator (Alice) runs SSH-agent on her local workstation, connects to a remote server with ssh, and enables SSH-agent forwarding with the -A or ForwardAgent option, thus making her SSH-agent (which is running on her local workstation) reachable from the remote server.”
According to researchers from Qualys, a remote attacker who has control of the host, which Alex has connected to, can load (dlopen()) and immediately unload (dlclose()) any shared library in /usr/lib* on Alice’s workstation (via her forwarded SSH-agent if it is compiled with ENABLE_PKCS11, which is the default).
The vulnerability lies in how SSH-agent handles forwarded shared libraries. When SSH-agent is compiled with ENABLE_PKCS11 (the default configuration), it forwards shared libraries from the user’s local workstation to the remote server. These libraries are loaded (dlopen()) and immediately unloaded (dlclose()) on the user’s workstation. The problem arises because certain shared libraries have side effects when loaded and unloaded, which can be exploited by an attacker who gains access to the remote server where SSH-agent is forwarded to.
Mitigations for the SSH-Agent Forwarding RCE Vulnerability
Read the rest of this entry »
Posted in *nix, *nix-tools, bash, bash, Communications Development, Development, Internet protocol suite, OpenSSH, Power User, PowerShell, Scripting, Security, Software Development, SSH | Leave a Comment »
Posted by jpluimers on 2023/07/11
TL;DR:
pidof python | tr " " "\n" | xargs -r -n 1 lsof -i -a -e /run/user/1001/gvfs -p
Breakdown:
Via:
–jeroen
Posted in *nix, *nix-tools, bash, bash, Development, lsof, Power User, Scripting, Software Development, xargs | Leave a Comment »
Posted by jpluimers on 2023/06/15
For my link archive some ISO links via [Wayback/Archive] openSUSE Leap 15.5 – Get openSUSE as I am steadily working my way back into IT and Software Development so I was anxious to see what has changed on this front. In the past I usually ran OpenSuSE Tumbleweed, but now I am going for OpenSuSE Leap versions that are stable for a longer period of time as per [Wayback/Archive] Lifetime – openSUSE Wiki
Leap Major Release (15.x) extends maintenance and support until a successor. At present, a successor has not been declared; Leap 15’s lifecycle fully aligns with SUSE Linux Enterprise. There is a projection as of March 2021 that Leap 15 will extend to Leap 15.5. The previous major version of Leap, 42, was supported for more than 36 months, while the current major version of Leap, 15, would then have up to 72 months of support (12×6).
Full DVD download for off-line installation:
Read the rest of this entry »
Posted in *nix, LEAP, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2023/04/18
Cool one-liner program via [Archive] Jilles🏳️🌈 (@jilles_com) / Twitter:
for s in 0123456789ABCDEF 172.16.0.254 Passwd:admin;do echo -en "Big Endian: $s\nMiddle Endian: ";echo -n $s|xxd -e -g 4 | xxd -r;echo -en "\nLittle Endian: ";echo -n $s|xxd -e -g 2 | xxd -r;echo -en "\nReversed : ";echo -n $s|xxd -p -c1 | tac | xxd -p -r;echo -e "\n";done
Note that the hex are bytes, not nibbles, so the endianness is OK:
Big Endian: 0123456789ABCDEF
Middle Endian: 32107654BA98FEDC
Little Endian: 1032547698BADCFE
Reversed : FEDCBA9876543210
Big Endian: 172.16.0.254
Middle Endian: .2710.61452.
Little Endian: 71.2610.2.45
Reversed : 452.0.61.271
Big Endian: Passwd:admin
Middle Endian: ssaPa:dwnimd
Little Endian: aPssdwa:mdni
Reversed : nimda:dwssaP
That nibble/byte thing confused me at first (as I associate hexadecimal output with hex dumps, where each hexadecimal character represents a nibble)) so here are some interesting messages from the thread that Jilles_com started:
Some related man pages:
–jeroen
Posted in *nix, *nix-tools, bash, Development, Power User, Scripting, Software Development, xxd | Leave a Comment »
Posted by jpluimers on 2023/03/28
Posted in *nix, *nix-tools, Communications Development, ConPTY, Console (command prompt window), Development, Internet protocol suite, OpenSSH, Power User, SSH, ssh/sshd, TCP, Windows, Windows 10, Windows 11 | Leave a Comment »
Posted by jpluimers on 2023/03/16
PolyShell is a script that’s simultaneously valid in Bash, Windows Batch, and PowerShell (i.e. a polyglot).
[Wayback/Archive] llamasoft/polyshell: A Bash/Batch/PowerShell polyglot!
Need to check this out, as often I have scripts that have to go from one language to the other or vice versa.
Maybe it enables one language to bootstrap functionality in the other?
The quest
The above polyglot started with a quest to see if I can could include some PowerShell statements in a batch file with two goals:
- if the batch file started from the PowerShell command prompt, then execute the PowerShell code
- if the batch file started from the
cmd.exe command prompt, then have it start PowerShell with the same command-line arguments
The reasoning is simple:
- PowerShell scripts will start from the PATH only when PowerShell is already running
- Batch files start from the path when either
cmd.exe or PowerShell are running
Lots of users still live in the cmd.exe world, but PowerShell scripts are way more powerful, and since PowerShell is integrated in Windows since version 7, so having a batch file bootstrap PowerShell still makes sense.
Since my guess was about quoting parameters the right way, my initial search for the link below was [Wayback/Archive] powershell execute statement from batch file quoting – Google Search.
I have dug not yet into this, so there are still…
Many links to read
These should give me a good idea how to implement a polyglot batch file/PowerShell script.
–jeroen
Posted in *nix, *nix-tools, bash, bash, Batch-Files, Development, JavaScript/ECMAScript, Perl, Polyglot, Power User, PowerShell, Scripting, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 