UQ Cyber Squad 0x03 Shells

Introduction

0x03 Shells session presented by the UQ Cyber Squad. Access via OpenVPN connection. OpenVPN configuration bundle provided during the workshop.

Challenge 1 - Family Binding Time - 10pts

Let’s bind together at 192.168.57.11:8297

nc 192.168.57.11 8297
id
uid=1002(user) gid=1002(user) groups=1002(user)
pwd
/home/user
ls -las
total 60
 4 drwxr-xr-x 3 user    user  4096 Mar 27 06:02 .
 4 drwxr-xr-x 4 root    root  4096 Mar 24 02:13 ..
 4 -rw------- 1 user    user  1584 Mar 26 01:26 .bash_history
 4 -rw------- 1 user    user   105 Mar 26 00:50 .lesshst
 4 -rw------- 1 user    user     5 Mar 24 03:38 .python_history
 4 drwxr-xr-x 2 user    user  4096 Mar 26 00:59 .ssh
 8 -rw------- 1 user    user  5066 Mar 27 06:01 .viminfo
 4 -r-xr-xr-x 1 root    user   892 Mar 27 06:02 init_shell.py
20 -rwsr-xr-x 1 richard root 16728 Mar 26 00:54 read_secret_message
 4 -rw-r--r-- 1 user    user    24 Mar 24 02:14 user.txt
cat user.txt	
flag{n1c3_b0nd1ng_t1m3}

Challenge 2 - shhhhhhhh - 20pts

How do I ssshhhhh? How do I know how to?

[Read More]
ctf  uq  less  ssh  nc  netcat  suid  shell  bash 

Patching Bash "shellshock" on Apple Mac OS X 10.9.5

Given the recent bash vulnerability disclosure[1] most linux distributions have released patches. Unfortunately Apple still expected users to compile their patches into bash. If you were using Homebrew or Macport you were in better standing and simply had to create symlinks to the patched executables. I’ve documented the steps I had to take on my Mac desktop.

Compile

  1. mkdir bash
  2. cd bash/
  3. wget http://opensource.apple.com/tarballs/bash/bash-92.tar.gz
  4. tar zxvf bash-92.tar.gz
  5. cd bash-92
  6. cd bash-3.2/
  7. curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
  8. curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0
  9. curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0
  10. cd ..
  11. xcodebuild

Verify

[Read More]

Gnu Screen

Running some experiment on a VM server I rapidly ran out of patience having to wait for commands to run, and/or switching back and forth using Ctrl+Z, bg, and fg. My thoughts went back to Nick Black who had introduced me to Gnu Screen several years back, alas I has forgotten the short-cuts, Thankfully Google and the man page came to the rescue.

Since the VM server was a CentOS 6.0 box, with minimal install, I had to install Gnu Screen using;

[Read More]