Page 1 of 1

1808: "Hacking"

Posted: Wed Mar 08, 2017 5:52 am UTC
by Mikeski
Image

Title text: "The dump also contains a list of millions of prime factors, a 0-day Tamagotchi exploit, and a technique for getting gcc and bash to execute arbitrary code."

The CIA got wikileaks to redact the part about the tool knowing what to do with the words "at" and "dot". Sinister!

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 6:01 am UTC
by rhomboidal
No data is safe from the savage, merciless ravages of regex.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 9:35 am UTC
by The Moomin
They've found out that POKE 35136,0 gets you infinite lives.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 10:03 am UTC
by Soupspoon
"Sudo tell me all your passwords"

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 11:44 am UTC
by itaibn
Does gcc have any features that let you run arbitrary code? After all it's a compiler, not an interpreter.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 12:16 pm UTC
by Lucia
I don't know if the title text is sincere or not but I do know there's a secret CIA emoji file in the vault.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 12:26 pm UTC
by speising
itaibn wrote:Does gcc have any features that let you run arbitrary code? After all it's a compiler, not an interpreter.

https://en.wikipedia.org/wiki/Template_metaprogramming

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 1:33 pm UTC
by cellocgw
rhomboidal wrote:No data is safe from the savage, merciless ravages of regex.


Except for XHTML

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 2:11 pm UTC
by Spambot5546
TIL you can have a space in your email address.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 2:57 pm UTC
by orthogon
itaibn wrote:Does gcc have any features that let you run arbitrary code? After all it's a compiler, not an interpreter.

It really ought to have a switch to execute the output file automatically. Another thing it ought to have is a warning when you're about to overwrite the input source file with the output. That's a favourite trick of mine. It's ok if you get it right first time and don't need to modify it later.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 2:59 pm UTC
by pogrmman
itaibn wrote:Does gcc have any features that let you run arbitrary code? After all it's a compiler, not an interpreter.


Because it mentions gcc and bash in tandem, I was thinking something simple like:

Code: Select all

$ gcc code.c -o code
$ ./code


Not some way to get just gcc to execute code.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 3:05 pm UTC
by Mutex
Spambot5546 wrote:TIL you can have a space in your email address.

I too was thinking "huh, a space can be a valid character in an email address?" - but then it occurred to me they probably mean when someone posts their email address somewhere, and writes it "username @ domain.com" to try and avoid any bots harvesting it.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 3:10 pm UTC
by ahammel
Spambot5546 wrote:TIL you can have a space in your email address.

Fun fact: this_is(technically a perfectly valid address)@accordingtotheoriginalspec.com

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 3:23 pm UTC
by Xenomortis
orthogon wrote:
itaibn wrote:Does gcc have any features that let you run arbitrary code? After all it's a compiler, not an interpreter.

It really ought to have a switch to execute the output file automatically. Another thing it ought to have is a warning when you're about to overwrite the input source file with the output. That's a favourite trick of mine. It's ok if you get it right first time and don't need to modify it later.

Real Programmers get it right first time.
Or if they don't, it's easier to patch the binary.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 3:26 pm UTC
by Cave Wizard
Anyone got a link to that tamagotchi exploit?

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 3:34 pm UTC
by pogrmman
orthogon wrote:
itaibn wrote:Does gcc have any features that let you run arbitrary code? After all it's a compiler, not an interpreter.

It really ought to have a switch to execute the output file automatically. Another thing it ought to have is a warning when you're about to overwrite the input source file with the output. That's a favourite trick of mine. It's ok if you get it right first time and don't need to modify it later.


That would be a great switch to have -- what's the first thing most people do after compiling? Run the executable they just made. Why not make it easier?

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 3:37 pm UTC
by Flumble
Xenomortis wrote:Or if they don't, it's easier to patch the binary.

Damn, I'll never be a real programmer in any modern language. (I'd rather write the whole code again than figure out where the hell that foldl call has gone)

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 4:03 pm UTC
by chridd
cellocgw wrote:
rhomboidal wrote:No data is safe from the savage, merciless ravages of regex.


Except for XHTML

Code: Select all

<[^<>&="' \t\r\n]+([ \t\r\n]+[^<>&="' \t\r\n]+[ \t\r\n]*=[ \t\r\n]*("[^"]*"|'[^']*'))*[ \t\r\n]*>
(note that this doesn't check that it's valid—there are characters this regular expression allows in names that the spec doesn't allow; it could be modified to check for them, but it would be much longer)

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 5:08 pm UTC
by Flumble
chridd wrote:
cellocgw wrote:
rhomboidal wrote:No data is safe from the savage, merciless ravages of regex.


Except for XHTML

Code: Select all

<[^<>&="' \t\r\n]+([ \t\r\n]+[^<>&="' \t\r\n]+[ \t\r\n]*=[ \t\r\n]*("[^"]*"|'[^']*'))*[ \t\r\n]*>
(note that this doesn't check that it's valid—there are characters this regular expression allows in names that the spec doesn't allow; it could be modified to check for them, but it would be much longer)

Note that it merely matches a single start or end tag, no self-closing tags, no escaped quotes inside string attributes, doesn't check for semantic constraints (like not having the same attribute multiple times), does allow < in attribute values, doesn't check for valid &entities; in values and probably lots more (mostly semantics).

Yes, you'd better use an XML parser.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 5:38 pm UTC
by somitomi
Mutex wrote:
Spambot5546 wrote:TIL you can have a space in your email address.

I too was thinking "huh, a space can be a valid character in an email address?" - but then it occurred to me they probably mean when someone posts their email address somewhere, and writes it "username @ domain.com" to try and avoid any bots harvesting it.

Pros use the format username(at)roundaboutreferencetodomain(dot)TLD. Translating the domain name (example: gmail-->gposta) or spelling it phonetically is also common where I live.

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 6:09 pm UTC
by Tub
pogrmman wrote:That would be a great switch to have -- what's the first thing most people do after compiling? Run the executable they just made. Why not make it easier?

The switch is called

Code: Select all

&& ./a.out

and must be appended at the end of the command line. :roll:

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 6:17 pm UTC
by chridd
Flumble wrote:
chridd wrote:
cellocgw wrote:
rhomboidal wrote:No data is safe from the savage, merciless ravages of regex.


Except for XHTML

Code: Select all

<[^<>&="' \t\r\n]+([ \t\r\n]+[^<>&="' \t\r\n]+[ \t\r\n]*=[ \t\r\n]*("[^"]*"|'[^']*'))*[ \t\r\n]*>
(note that this doesn't check that it's valid—there are characters this regular expression allows in names that the spec doesn't allow; it could be modified to check for them, but it would be much longer)

Note that it merely matches a single start or end tag, no self-closing tags, no escaped quotes inside string attributes, doesn't check for semantic constraints (like not having the same attribute multiple times), does allow < in attribute values, doesn't check for valid &entities; in values and probably lots more (mostly semantics).

Yes, you'd better use an XML parser.
(oops, I meant to also exclude /; it's supposed to only match opening tags)
It answers the question that was asked. Given a well-formed XML document, it matches opening tags. The question wasn't asking to validate the document or check for well-formedness. Most of the time, validating the document isn't what people want to do; they want to extract data from a document given the assumption that it's valid. You can extract data from an XML/XHTML/HTML document in a known format with regular expressions. You can find tags in an XML/XHTML/HTML document with regular expressions. You can parse or validate an XML/XHTML/HTML document with the a combination of regular expressions and other code. You can't write a single regular expression that matches valid or well-formed documents and rejects others, but that's okay, because no one's trying to do that in the first place. (The main thing that you can't do that someone might want to do is make a regular expression that matches an entire element that might include nested elements of the same type.)
(Also there needs to be some additional processing to deal with comments and CDATA sections; but that can be done with regular expressions as well. Also, this doesn't necessarily mean that using regular expressions is a better idea than using a parser; that depends more on what one is trying to do and what tools are most readily available.)

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 8:29 pm UTC
by Keyman
somitomi wrote:
Mutex wrote:
Spambot5546 wrote:TIL you can have a space in your email address.

I too was thinking "huh, a space can be a valid character in an email address?" - but then it occurred to me they probably mean when someone posts their email address somewhere, and writes it "username @ domain.com" to try and avoid any bots harvesting it.

Pros use the format username(at)roundaboutreferencetodomain(dot)TLD. Translating the domain name (example: gmail-->gposta) or spelling it phonetically is also common where I live.

Here's one I use often lately, especially when the checkout clerk at the retail stores ask "what's your email?"

nunna@your.biz

Harvest that one all you want!! :mrgreen:

Re: 1808: "Hacking"

Posted: Wed Mar 08, 2017 9:24 pm UTC
by Soupspoon
invalid@invalid.invalid should work, if you want to legitimately fake a dead-end without then risking landing on a real account. Unless the validation script is actually designed1 to reject that mandated usable-but-GNDN TLD.

Skip straight to <inserttopicaljokehere>@whitehouse.gov, though, if I'm feeling like it and not too worried about a semi-formal memo to the NSA to backtrack my identity... ;)


1 And not so stupid as to reject even stuff like my legitimate ".me.uk" domain, which would normally make me change that to ".me.uk.com" and let someone else (and the "uk.com" domain owner) deal with the fallout of their limited knowledge of secondary-level UK domains.

Re: 1808: "Hacking"

Posted: Thu Mar 09, 2017 2:06 am UTC
by pogrmman
Tub wrote:
pogrmman wrote:That would be a great switch to have -- what's the first thing most people do after compiling? Run the executable they just made. Why not make it easier?

The switch is called

Code: Select all

&& ./a.out

and must be appended at the end of the command line. :roll:


Of course I know that -- but it's still much, much more to type than a switch like whatever.

Re: 1808: "Hacking"

Posted: Thu Mar 09, 2017 3:33 am UTC
by jgh
My email address on my CV is an image, which results in CV assessment services complaining there's no email address in my CV.

Re: 1808: "Hacking"

Posted: Thu Mar 09, 2017 7:16 am UTC
by xtifr
pogrmman wrote:That would be a great switch to have -- what's the first thing most people do after compiling? Run the executable they just made. Why not make it easier?


Actually, the first thing I do after compiling is usually linking. So, if anything, it should be a switch to ld. :P

But the next thing I usually do after compiling and linking (which I usually spell "make" or "cmake" or something like that), is run something like "make test".

Re: 1808: "Hacking"

Posted: Thu Mar 09, 2017 7:32 am UTC
by Carlington
pogrmman wrote:
Tub wrote:
pogrmman wrote:That would be a great switch to have -- what's the first thing most people do after compiling? Run the executable they just made. Why not make it easier?

The switch is called

Code: Select all

&& ./a.out

and must be appended at the end of the command line. :roll:


Of course I know that -- but it's still much, much more to type than a switch like whatever.

Say you want -R to be the switch to run after compiling. Just append the line -R = && ./a.out to /etc/profile
Problem solved, right?

Re: 1808: "Hacking"

Posted: Thu Mar 09, 2017 7:45 am UTC
by Tub
xtifr wrote:Actually, the first thing I do after compiling is usually linking.

Really? The first thing I do after compiling is to fix all the typos that caused the compilation to fail.

If only gcc had a switch to automatically run that step.

Re: 1808: "Hacking"

Posted: Thu Mar 09, 2017 10:21 am UTC
by Xenomortis
xtifr wrote:But the next thing I usually do after compiling and linking (which I usually spell "make" or "cmake" or something like that), is run something like "make test".

Configure gcc to launch gdb straight after compiling and linking - we all know it won't be working right, might as well save some typing.

Re: 1808: "Hacking"

Posted: Thu Mar 09, 2017 4:27 pm UTC
by spilk
Cave Wizard wrote:Anyone got a link to that tamagotchi exploit?


This was something I wanted to look into. I will do some digging and get back to you if I find something. Anyone else care to weigh in?

Re: 1808: "Hacking"

Posted: Mon Mar 13, 2017 1:10 pm UTC
by Geitda
Cave Wizard wrote:Anyone got a link to that tamagotchi exploit?

I created an account here just to share, but new users can't post links, so you'll have to find it yourself.
Search for PoC || GTFO issues 0x02 and 0x04.
PoC || GTFO describes itself as,
A friendly little collection of articles for ladies and gentlemen of distinguished ability and taste in the field of software exploitation and the worship of weird machines.

Re: 1808: "Hacking"

Posted: Thu Mar 16, 2017 6:54 pm UTC
by Archgeek
Geitda wrote:
Cave Wizard wrote:Anyone got a link to that tamagotchi exploit?

I created an account here just to share, but new users can't post links, so you'll have to find it yourself.
Search for PoC || GTFO issues 0x02 and 0x04.
PoC || GTFO describes itself as,
A friendly little collection of articles for ladies and gentlemen of distinguished ability and taste in the field of software exploitation and the worship of weird machines.

Wow...thank you very much for bringing that to my attention. That little publication seems utterly delighftul. I forsee much enjoyment reading the backlog. Looking at the description of issue 1, sec 4, I'm lead to the inevitable joke: weren't the hats secretly green?