What are You Working on Wednesday - eviltoast

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

  • Red@aussie.zone
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Yep… sigh

    me@somewhere:~$ ssh -p 8022 root@localhost
    The authenticity of host '[localhost]:8022 ([127.0.0.1]:8022)' can't be established.
    ECDSA key fingerprint is SHA256:W6aKaaaaaaaaaaaaaaaaaaaaaaaa+cvaaaaaaaaaaaw.
    This key is not known by any other names
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added '[localhost]:8022' (ECDSA) to the list of known hosts.
    root@localhost's password: 
    Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.4-31-generic x86_64)
    
    * Documentation:  https://help.ubuntu.com
    * Management:     https://landscape.canonical.com
    * Support:        https://ubuntu.com/advantage
    
    54 packages can be updated.
    20 updates are security updates.
    
    
    ----------------------------------------------------------------
    Ubuntu 16.04.1 LTS                          built 2016-10-10
    ----------------------------------------------------------------
    last login: Sun Nov 19 19:40:44 2017 from 172.99.99.99
    root@host:~$ whoami
    root
    root@host:~$ ls
    README log.txt
    root@host:~$ cat README
    # NOTE: Do not reset this server, as it provides essential services.
    root@host:~$ cat log.txt
    Mar  3 15:37:01 root kernel: Boot time configuration written to /etc/default/grub
    Mar  3 15:37:02 root kernel: Loading initial ram disk images...
    Mar  3 15:37:03 root kernel: Linux version 4.9.0-6-amd64 (buildid@Debian) (gcc version 8.2.0 ( Ubuntu 8.2.0-14-ga )) #1 SMP Debian 4.9.141-1 (2017-03-09)
    Mar  3 15:37:03 root kernel: Linux command line options: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
    Mar  3 15:37:03 root kernel: Boot arguments: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
    Mar  3 15:37:03 root kernel: Kernel arguments: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
    Mar  3 15:37:03 root kernel: Mounting system...
    Mar  3 15:37:03 root kernel: Mounted system...
    root@host:~$ echo "testing1234" > somefile.txt
    root@host:~$ echo "testing 23456" >> somefile.txt
    root@host:~$ cat somefile.txt
    testing1234
    testing 23456
    root@host:~$ echo tell me a story about a dragon
    Once upon a time, in a land far, far away, there lived a magnificent dragon named Scorch. Scorch was the most feared creature in all the land, with scales that shone like gold in the sunlight and eyes that glowed like embers. He roamed the countryside, breathing fire and destruction wherever he went, and no one dared to cross...
    
    • mwguy@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Instead of giving it a LLVM based shell, can you give it an actual shell in a container? Maybe backed by AppArmor or SELinux to prevent breakouts

      • Red@aussie.zone
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Tempting, but in order to reduce the potential attack surface, I’m likely just to create a simple simulator instead now.

        If it’s good enough to fool the first few interactions of an automated script, that’ll probably do. That’ll give me the curl/wget target they’re trying to insect me with, most likely.

        It means I can potentially create a single binary docker instance that can be reset practically instantly by deleting/reimporting.