Thursday, August 15, 2019

Linux Bypasses

#How to read a file without cat or string in Linux?

1. fold [filename]
2. tar c [filename/directory]
3. iconv [filename]
4. shuf [filename]
5. lzop -v -c [filename]
6. more, less, head, tail
7.python, Perl

#Execute files which might be restricted


1. setpriv --nnp [executable]
2. install [../executable] /tmp
2.a run-parts tmp [free of all other binaries]
3. /lib/ld-linux.so [1-2] [FULL PATH of executable]
The binary does not need to "chmod +x", mean you can chmod executable again if needed

#Scan for executable containing functions


1. scanelf
1.a scanelf -s chmod -R / (looks for executable containing chmod from "/" recursively)


Posted by at No comments:
Labels: , ,

Friday, August 9, 2019

My Linux Sandbox Setup

Checklist


  • Check internet [dnsmasq issue]
  • tmux
  • burp
  • wireshark
  • chrome
  • foxy proxy
Posted by at No comments:

Thursday, August 8, 2019

Image forensics

steganography 


Tools and tips

Posted by at No comments:
Labels: ,

CTF

Posted by at No comments:

Friday, August 2, 2019

Splunk Lookup quirks

Some of the splunk lookup related quirks are:

1. filename must be .csv
2. cloumn_name for lookup must be = a field name in splunk. Should be exactly the same.

Example 1

index="whatever" sourcetype="dns"
   NOT [| inputlookup whitelist.csv
    | fields query ]

*whitelist.csv must have the column name as query.

Example 2
Lookup in secondary search

index="whatever" sourcetype="dns"
| eval DomainName={Logic........}
| search   NOT [| inputlookup whitelistdomain.csv
    | fields DomainName ]

| stats dc(Host) AS HostsPerDomain BY DomainName

*whitelistdomain.csv must have the column name as DomainName.


Posted by at No comments:
Subscribe to: Comments (Atom)