Skip to content

Instantly share code, notes, and snippets.

View Carayav's full-sized avatar

Carayav

19 followers · 85 following
View GitHub Profile
@Carayav
Carayav / setuid-root-backdoor.md
Created May 11, 2019 23:27 — forked from dergachev/setuid-root-backdoor.md
How to use setuid to install a root backdoor.

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

@Carayav
Carayav / a
Created June 5, 2018 21:32
https://cmpsb.net/asm/x86/instr/
https://stackoverflow.com/questions/24904584/how-to-access-seafile-server-in-a-virtual-machine-through-iptables
https://snyk.io/docs/
https://www.tecmint.com/linux-iptables-firewall-rules-examples-commands/
https://www.coursera.org/learn/secure-networked-system-with-firewall-ids/lecture/YyaJ1/iptables-and-outbound-traffic
https://blog.takipi.com/oracle-java-mission-control-the-ultimate-guide/
https://www.howtoforge.com/nat-gateway-iptables-port-forwarding-dns-and-dhcp-setup-ubuntu-8.10-server
https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
https://medium.com/capital-one-developers/exposing-container-services-to-a-bridge-network-aa5fe17a9332
https://serversforhackers.com/c/firewalls-basics-of-iptables
@Carayav
Carayav / rnd.txt
Created June 5, 2018 19:59
https://www.youtube.com/watch?v=72OhmRGrLLE
https://www.youtube.com/watch?v=N39uwTykTQk
https://www.youtube.com/watch?v=7RDfNn7crqE
https://www.youtube.com/watch?v=p3TPPGb1X8A
https://www.youtube.com/watch?v=jdNDYBt9e_U
https://www.youtube.com/watch?v=QqjZSHIKWzE
https://www.youtube.com/watch?v=sQvjD2-p98U
https://www.youtube.com/watch?v=P8aW1Ae6gcI
https://www.youtube.com/user/DiggOriginal/videos
https://www.youtube.com/watch?v=IjeKw0B8PG8
@Carayav
Carayav / ass.js
Created October 17, 2017 15:34
function createDefaultMedicos(){
Medico.find({}).exec(function(err, collection) {
if(collection.length === 0) {
Medico.create({
run:'2654073-9',
nombre: 'pedro gonzales',
especialidad: 'espec 1',
email: 'correoDoctor1@example.com'});
Medico.create({
run:'14943899-8',
@Carayav
Carayav / google-search-variables.md
Created May 27, 2017 22:56 — forked from magicznyleszek/google-search-variables.md
Google Search Variables

Google Search Variables

If you forgot about any of these terms, go to the Advanced Search page and be happy.

Words-related

Either/or -- search for pages containing any of phrases

@Carayav
Carayav / linuxprivchecker.py
Created May 9, 2017 03:09 — forked from sh1n0b1/linuxprivchecker.py
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
#!/usr/env python
###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]:
## This script is intended to be executed locally on a Linux box to enumerate basic system info and
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.
@Carayav
Carayav / README-Template.md
Created May 9, 2017 03:04 — forked from PurpleBooth/README-Template.md
A template to make good README.md

Project Title

One Paragraph of project description goes here

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites

@Carayav
Carayav / signal.c
Created May 9, 2017 02:53 — forked from aspyct/signal.c
Unix signal handling example in C, SIGINT, SIGALRM, SIGHUP...
/**
* More info?
* a.dotreppe@aspyct.org
* http://aspyct.org
* @aspyct (twitter)
*
* Hope it helps :)
*/
#include <stdio.h>
@Carayav
Carayav / latency.txt
Created May 8, 2017 00:30 — forked from jboner/latency.txt
Latency Numbers Every Programmer Should Know
Latency Comparison Numbers
--------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD
@Carayav
Carayav / Makefile
Last active November 23, 2016 00:49
#
# Seccion 1
#
# Esta seccion se puede modificar segun
# los requerimientos de su proyecto
CC=gcc
SRC1=ejemplo.c stack-lde.c
CFLAGS=-Wall -W -std=c99 -g
#LIBS=-ldl