Category Archives: BSD

AWK: how to get filenames from ls -la command

example:
$ ls -la
итого 8
drwxrwxr-x 2 alter alter 4096 июл 10 17:18 .
drwxrwxr-x. 56 alter alter 4096 июл 10 16:44 ...
— rw-rw-r-- 1 alter alter 13 июл 10 16:44 log file name for test
— rw-rw-r-- 1 alter alter 5 июл 10 16:44 two words
— rw-rw-r-- 1 alter alter 40 июл 10 16:44 words.txt

1
ls -la | awk '{ for (i=9; i<=NF; i++) if( $i != $NF ) str = str " " $i; else str = str " " $i "\n"}; END {print str}'

or

1
ls -la | awk '{str=""; for (i=9; i<=NF; i++) if( $i != $NF ) str = str " " $i; else str = str " " $i; print str};'

result:
.
...
log file name for test
two words
words.txt

if we need to get names including filesize

1
ls -la | awk '{str = ""; for (i=9; i<=NF; i++) if( $i != $NF ) str = str " " $i; else str = $5 " " str " " $i; print str};'

result:
4096 .
4096 ...
13 log file name for test
5 two words
40 words.txt

Specific bash and tool features for working with quotes

Magic dollar

Try to make
user$ x='\n' && echo $x
\n
the same if you use double-quotes, how to output new line ?

user$ x=$'\n' && echo $x

and you get new line! — magic $''

Hex in commands

Try to replace «asd to 'dsa in file
user$ sed -i 's/\»asd/\'dsa/g' file
> ^C
but shell will try to open quotes and it get 3 qoutes, of course it ask you to close one of quotes:
use hex!
user$ sed -i 's/\x22asd/\x27dsa/g' file

ansible: playbooks howto

You could create 2 types of playbooks:
1 — just a simple yaml file, example (poweroff.yml):

1
2
3
4
5
6
- hosts: vbox
  sudo
: yes
  gather_facts
: no
  tasks
:
    - name
: poweroff
      command
: /sbin/poweroff

2 — project, example:
structure:

1
2
3
4
5
6
7
8
9
10
11
12
deploy/
deploy/roles
deploy/roles/preconf
deploy/roles/preconf/vars
deploy/roles/preconf/vars/main.yml
deploy/roles/preconf/files
deploy/roles/preconf/files/.vimrc
deploy/roles/preconf/handlers
deploy/roles/preconf/tasks
deploy/roles/preconf/tasks/main.yml
deploy/roles/preconf/templates
deploy/site.yml

site.yml — something like main file where will be included roles
content of site.yml:

1
2
3
4
5
- name: First deploy, install necessary packages and users
  hosts
: vbox

  roles
:
   - preconf

roles folder — subcategories for your project, different roles for different logical steps,
in this example only 1 role with name «preconf»,
role folder contains folders:
tasks — it's a main role folder which contains tasks description.
vars — variables which could be used in tasks
files — folder with files
templates — folder with templates (I don't use it here)

vars/main.yml:

1
2
3
4
5
6
7
8
admin_team:
  - { user
: 'alter', comment: 'Roman', key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYIX38J/i16iedtP0wUnTK13eh1eGkCL0sa2GMi/TPA6ANFdF/D1AbUXgp88SuQNXrMa8hs9E5+D+/LtCFy+jN+RHEZmVXtnW7WckYAynw5i66Le8MUeRpjBo1m5C865WY0qCoKwkQfZSX6yecw8Gt9sw26SrL3oeLEM4zoiI+NHhahQYanwA7i6LLE6A2UEz2ni/ZNZH3eVaOVknD8D9b6MjDRtMoBkdHu2g3Xx2fOGpIQXOp99H0oofDCTB7BBwelWOYmRHUAvbyNIdJlWFFdamSWAevoHarrypZiCKc0TUYzi6etzSyJkOJoOoyy1xt2UG6jaAzKs2iqFgcBJ0n alter@M1USER0061', shell: '/bin/zsh' }
  - { user
: 'n506', comment: 'Dmitriy', key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjjXrr6cZIDRRGih90P1WPjA2o5YXNG9Y2+Jhq18hBYJs6NKWaMyXsjvwBuHIJrbb9T9Rn9vVOr4fvMyGM0I+N9jr1bpGeq7BGZgqRtLoNrW/fvODKkKImDrwDKJG/B+EPRNLlOTvs2EsdVEJbJDi4ix0Ilj3D+SKe+AJ5gURY26DIKYEmMmyq2Ea8WmLam+rs8EfDkQw6NCkQvZSDzgs5pK+iwI4MVOKYisa0hakwfeS+qCiZr3nORy+TdwfJLJXovWFpQ24GacK3iK4FWdB3iafcFNc5BuHxpZeWcPUFoDf1ePlWD+sts44mzfaWyk95xV2NTUZmIsZ2L/Brucb1 n506@n506', shell: '/bin/bash' }
  - { user
: 'sticeberg', comment: 'Alexander', key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpFL+DrUxRsGOjC041AMx7SNwaxF7uUHGLtwq1/YkexpctkpJStYRv9mbvqRTDit5Mugy6Khk3Uux/S0r7g2ZxjgK+QU6iex9SKzm6/pRZkWEFVA0NQCBjrkRlRVCoRBpYhnO0OSwdE/QLIe9k2FwSGnMf6M5RbmlSViVDCrZ68CsArs7N6rrmAcMK0yy+BwrWSvVtvc92ao4K9li8rTg4VVy3E/F+NSNAJj90a+RAf6sb8M6qfbf0pTtxXU51kdRP2iS5QRj8KNkgdMFAD9+wYZpm9bs7vlWOaycVFlGsN9zevXaYrjkHLPYtCGGvCISfgEWAbUgdmuimUGnAMm7n sticeberg@gosts-MacBook-Air.local', shell: '/bin/bash' }

game_users
:
  - { user
: 'f1', shell: '/bin/bash', home: '/f1', uid: '6001' }
  - { user
: 'a1', shell: '/bin/bash', home: '/a1', uid: '6002' }

and tasks/main.yml:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
- name: update system packages
  sudo
: yes
  apt
: upgrade=safe update_cache=yes

- name
: installing packages
  sudo
: yes
  apt
: pkg={{ item }}
  with_items
:
   - zsh
    - htop
    - vim
    - mc
    - wget
    - curl
    - tmux
    - facter
    - tcpdump
    - iptraf
    - pbzip2
    - pigz
    - tcptraceroute


- name
: add users for project
  sudo
: yes
  user
: name="{{ item.user }}" shell="{{ item.shell }}" home="{{ item.home }}" uid="{{ item.uid }}"
  with_items
:
   - "{{ game_users }}"

- name
: add admins
  sudo
: yes
  user
: name="{{ item.user }}" shell="{{ item.shell }}" groups='sudo' comment="{{ item.comment }}"
  with_items
:
   - "{{ admin_team }}"

- name
: add ssh keys for admins
  sudo
: yes
  authorized_key
: user="{{ item.user }}" key="{{ item.key }}"
  with_items
:
   - "{{ admin_team }}"

- name
: copy vimrc file
  sudo
: yes
  copy
: src=".vimrc" dest="/home/{{ item.user }}/.vimrc" owner="{{ item.user }}"
  with_items
:
   - "{{ admin_team }}"

playbooks run by comman ansible-playbook:
1 — ansible-playbook poweoff.yml
2 — ansible-playbook site.yml

mongodb: replica master-slave + creating of db and collection

Replica master-slave

master
add to mongod.conf:
master = true
client
add to mongod.conf:
slave = true
source = $masterHost:$masterPort #(for example 127.0.0.1:27017)

stop master
rsync folder with db from master to slave
start master
start slave

Creating of db and collection

# open mongo shell
mongo --host 127.0.0.1:27017
# use db name which you'd like to create
use newDbName
# data which you'd like to add to collection
j = { name : «mongo» }
# insert previous data to collection
db.testData.insert ( j )

# check that db/collection/data were created
show dbs
show collections
db.testData.find ()

check replica

# open mongo shell on slave
mongo --host 10.0.0.2:27017
# check that db/collection/data were created
show dbs
show collections
db.testData.find ()

IT Security Brothers (http://itsb.pro)

Hi guys, I would like to present you our new project IT Security Brothers http://itsb.pro
We provide pentest, consultations and IT outsourcing services.
Feel free to hire us for IT jobs.

How to use LD_PRELOAD for cracking applications

How to use LD_PRELOAD for cracking applications.
test.cpp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#include<stdio.h>
#include<stdlib.h>
#include<cstring>
#include<iostream>
using namespace std;

int main()
{
  char *pre_pass = "a382fbe8e8f087352e250561d724c0a";
  char *salt =     "1qazxcvfdswer435tgbnhy67ujmkdfg";
  char pass[32];
  for(int i = 0; i < 32; i++)
  {
    int a = pre_pass[i];
    int b = salt[i];
    int c = (a + b)/2;
    pass[i] = c;
  }
  char user_input[32];
  cout << "Enter your password's md5 hash for enter to root access level" << endl;
  cout << "> ";
  cin.width(32);
  cin >> user_input;
  if ( strncmp( pass, user_input, 32)==0 )
    {
      cout <<  "Secret is " << pass << endl;
    }
  else
    {
      cout << "Access denied, fucking looser" << endl;
    }
  return 1;
}

Compile it with g++:
g++ test.cpp -o test

try to get pass ^_^
./test

1
2
3
Enter your password's md5 hash for enter to root access level
> asd
Access denied, fucking looser

How to hack it ? LD_PRELOAD is answer!

Let's take a look at code, we see that we have to get zero in the return value of strncmp, let's do it !
strncmp_lib.c

1
2
3
4
int strncmp(const char * string1, const char * string2, int num )
{
return 0;
}

compite it with gcc:
gcc -Wall -O2 -fpic -shared -ldl -o strncmp_lib.so strncmp_lib.c

and run:
LD_PRELOAD="./strcmp_lib.so" ./test

1
2
3
Enter your password's md5 hash for enter to root access level
> asd
Secret is IRLVobmOdUnJU535SfJQLW64lPOOcKd