Tim Brown timb-machine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Script started on Thu 26 Oct 2017 14:46:21 BST | |
| _ _ _ _ _ | |
| | (_)_ __ (_) | ____ _| |_ ____ | |
| | | | '_ \| | |/ / _` | __|_ / | |
| | | | | | | | < (_| | |_ / / | |
| |_|_|_| |_|_|_|\_\__,_|\__/___| | |
| =[ @timb_machine ]= | |
| === Machine secrets === |
timb-machine
/ Arguing with @hxmonsegur
Last active
September 24, 2017 23:33
Arguing with @hxmonsegur
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| lquerylv_fix/ecfile: TARGET_FILE=/usr/sbin/lquerylv - this is likely the "same" fix as in lvm_fix, i.e. a regression | |
| lsmcode_fix2/ecfile: TARGET_FILE=/usr/bin/bsh - not worked out what the relates to, i reckon there is another bug... | |
| lsmcode_fix2/ecfile: TARGET_FILE=/usr/ccs/lib/libc.a - this is likely a fix for a regression from malloc_file | |
| lsmcode_fix2/ecfile: TARGET_FILE=/usr/ccs/lib/libc.a.min - this is likely a fix for a regression from malloc_file | |
| lsmcode_fix/ecfile: TARGET_FILE=/usr/sbin/lsmcode - not worked out what the relates to, i reckon there is another bug... | |
| lvm_fix/ecfile: TARGET_FILE=/usr/sbin/lquerylv - this actually fixes a bug in DBGCMD_LQUERYLV | |
| malloc_fix/ecfile: TARGET_FILE=/usr/ccs/lib/libc.a | |
| malloc_fix/ecfile: TARGET_FILE=/usr/ccs/lib/libc.a.min | |
| FWIW: this is why I think the lquerylv patch and lvm patch are identical, they patch the same file and from a quick check the more significant change |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # https://osandamalith.wordpress.com | |
| sed -i "" "s/\x00\x30\x93\xe4/\x00\x30\x93\xe5/g;s/\x00\x30\xd3\xe4/\x00\x30\xd3\xe5/g;" "${1}" | |
| ldid -s "${1}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| description: Computer | |
| product: Google Compute Engine () | |
| vendor: Google | |
| serial: GoogleCloud-<hex> | |
| width: 64 bits | |
| capabilities: smbios-2.4 dmi-2.4 vsyscall32 | |
| configuration: boot=normal uuid=<uuid> | |
| ... | |
| *-core |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/stat.h> | |
| #include <fcntl.h> | |
| #include <sys/mman.h> | |
| #include <stdio.h> | |
| int main(int argc, char **argv) { | |
| int filehandle; | |
| char *mmapbuffer; | |
| filehandle = open("sarpedon-000002.vmdk", O_RDWR); | |
| mmapbuffer = mmap(0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, f, 0); |
timb-machine
/ Hardening Sendmail cipher suites
Created
September 4, 2017 14:28
Hardening Sendmail cipher suites
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Taken from http://www.michaelm.info/blog/?p=1256: | |
| LOCAL_CONFIG | |
| O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE | |
| O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE | |
| O CipherList=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA |
timb-machine
/ CVE-2013-2171 FreeBSD ptrace() & mmap() EoP
Last active
August 30, 2025 16:57
CVE-2013-2171 FreeBSD ptrace() & mmap() EoP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Redistribution and use in source and binary forms, with or without | |
| modification, are permitted provided that the following conditions are met: | |
| * Redistributions of source code must retain the above copyright notice, this | |
| list of conditions and the following disclaimer. | |
| * Redistributions in binary form must reproduce the above copyright notice, | |
| this list of conditions and the following disclaimer in the documentation | |
| and/or other materials provided with the distribution. | |
| * Neither the name of the Nth Dimension nor the names of its contributors may |
timb-machine
/ BB10 accessible via usb0 on 169.254.x.x
Created
September 4, 2017 14:16
BB10 accessible via usb0 on 169.254.x.x
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| + usb0 IPv6 Invoke_AD4E4603568803A4 _bp2p._tcp local | |
| + usb0 IPv6 Friendly_F034C06D29A99B20_0AB96FC3A2E87129 _bp2p._tcp local | |
| + usb0 IPv4 Invoke_AD4E4603568803A4 _bp2p._tcp local | |
| + usb0 IPv4 Friendly_F034C06D29A99B20_0AB96FC3A2E87129 _bp2p._tcp local | |
| + usb0 IPv6 24EF7DCD11803ADA9573A4E61C4C02 _tunnel._tcp local | |
| + usb0 IPv4 24EF7DCD11803ADA9573A4E61C4C02 _tunnel._tcp local |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # largely purloined from http://www.perlmonks.org/?node_id=1093916 as my PoC for the old options overflow proved too messy^wPerlish to rework - [machine] | |
| use strict; | |
| use IO::Socket; | |
| use Net::DHCP::Packet; | |
| use Net::DHCP::Constants; | |
| my $serveripaddress = "10.10.10.1"; |
timb-machine
/ no-unqualified-linker-paths.diff.txt example 2
Created
September 4, 2017 13:46
no-unqualified-linker-paths.diff.txt example 2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ LD_LIBRARY_PATH=unqualified:/qualified: SLEEP=0 ../glibc-2.19/build-tree/amd64-libc/elf/ld.so ./test-dlopen-LD_LIBRARY_PATH | |
| 10030: [+] operating on non setuid binary | |
| 10030: [+] being opened via LD_LIBRARY_PATH | |
| 10030: [+] not marked insecure=unqualified/ | |
| 10030: [+] not fully qualified, marking insecure=unqualified/ (via LD_LIBRARY_PATH) | |
| 10030: [+] operating on non setuid binary | |
| 10030: [+] being opened via LD_LIBRARY_PATH | |
| 10030: [+] not marked insecure=unqualified/ | |
| 10030: [+] not fully qualified, marking insecure=unqualified/ (via LD_LIBRARY_PATH) | |
| 10030: [+] operating on non setuid binary |