Skip to content

Instantly share code, notes, and snippets.

View Caesurus's full-sized avatar

Caesurus Caesurus

34 followers · 2 following
View GitHub Profile
@Caesurus
Caesurus / Readme.md
Last active January 6, 2024 18:49
Unlocking "Partial" TTY Interactivity in Basic Reverse Shell Environments

Revconsole

We all know that feeling, your exploit finally lands and you pop a /bin/sh shell. You're IN, but now you have to deal with interacting with a dumb shell. Your muscle memory kicks in, and you press the up arrow to rerun a command, and are faced with a ^[[A on the screen. Frustrating, right? It's like stepping back in time to an era before the comforts of modern shells. No command history, no stderr visibility - just you and a bare-bones command line that doesn't understand your shortcuts or needs. It's enough to make you miss the slick, feature-rich terminals you're used to.

Now for a slightly better approach. We can use our trusty pwntools to add some additional functionality:

python3 -c "from pwn import*;p=remote('192.168.1.123',31337);p.interactive()"

We've upgraded and have command history, and we can edit commands before we send them, making the remote interaction less of a headache. It's not perfect, but it's an improvment. If we send a command that results in output to

@Caesurus
Caesurus / Mitsuzen HDI-10 (Cerebral Cortex) Solve.md
Last active March 29, 2020 21:25
Mitsuzen HDI-10 (Cerebral Cortex)

Cycles: 949

Size: 100

Activity: 193

;XA
REPL INITIAL
@Caesurus
Caesurus / SELinux_cryptic_messages.md
Last active August 8, 2023 01:13
SELinux policy Load Errors

Recently started working on policy migration to a new system. The following errors are cryptic and it took some digging to figure out what was going on. I saw others online had the same errors but the general fix seemed to be "load the new policy". But didn't really go into details of how policies are fixed.

Compiling targeted netmgr module
Creating targeted netmgr.pp policy package
Loading targeted modules: netmgr
Failed to resolve filecon statement at /var/lib/selinux/targeted/tmp/modules/400/netmgr/cil:50
/usr/sbin/semodule:  Failed!
make: *** [/usr/share/selinux/devel/include/Makefile:145: reload] Error 1

Cause: fc file contains a type that it can't resolve. So using:

@Caesurus
Caesurus / router_network.md
Last active July 20, 2020 21:42
Convoluted Router Design

Network Challenge

I love doing CTF challenges, they usually involve binary exploitation or reverse engineering but this challenge is a whole different story... I was asked to give input into a networking challenge that was anything but straight forward.

Disclaimer

I like keeping things simple... The more complex the solution, the more likely it will go wrong. I do not advocate for complexity like in the solution outlined in this gist. My goal is to show that with some networking knowledge, some well placed rules, anything is possible. I would love to have a simpler solution, and if you have ideas I'm all ears. I do not advocate for putting something like this into production without trying to exhaust other avenues to simplify the overall design.

High level diagram:
@Caesurus
Caesurus / injection_exploit.py
Created October 29, 2019 04:16
https://old.reddit.com/r/securityCTF/comments/dlvk57/getting_the_address_of_the_buffer_on_stack_right/
# in response to https://old.reddit.com/r/securityCTF/comments/dlvk57/getting_the_address_of_the_buffer_on_stack_right/
# binary: https://sis-ctf.security.cs.pub.ro/download?file_key=71c9785434fc975eacb85fa0eda6288070f7ca03331a34ac56070d89264ff2d8&team_key=10ac18d83e9f697367026cebbd8fc6aff7a384018dce39e050d47ced4867b316
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
# This exploit template was generated via:
# $ pwn template ./injection
from pwn import *
# Set up pwntools for the correct architecture
exe = context.binary = ELF('./injection')