Saturday, June 3, 2017

when i started searching for OpenDns i started by reverse engeniering...that's the wrong approach...if your a MIM you need a to access the VPN by a frame on the docker..and so it is what's the post is about

if you want to access the Docker API from the containers, you can setup Docker to listen on the IP address of the Docker bridge.
To do that, you would:
  • create a bridge
    ip link add docker0 type bridge
  • assign an IP address to it
    ip link set docker0 up
    ip addr add 172.17.0.1/16 dev docker0
  • start docker and bind the API to the bridge
    docker -d -H 172.17.0.1:4242
Now you can access the Docker API from your containers.

stdio.h Source File - if you include this header on the shell...you might hack it on 61 seconds

stdio.h


to fit things in six character monocase externals, the
00022  * stdio code uses the prefix `__s' for stdio objects, typically
00023  * followed by a three-character attempt at a mnemonic.
00024  */
00025 
00026 #ifndef _STDIO_H_
00027 #ifdef __cplusplus

https://www.gnu.org/software/m68hc11/examples/stdio_8h-source.html


The ERESI Reverse Engineering Software Interface http://www.eresi-project.org

Hello dear ELFsh & E2dbg user, 

Try to read this README, its a precious information ressource for the ELF shell project . 

For impatient people, this is a short list of provided features : 

 . Analysis on nearly all types of sections
 . Cool disasm/resolving engine with libelfsh and libasm
 . Raw read/write capability into ELF32 AND ELF64
 objects
 . Modify ELF header, PHT, SHT, GOT, CTORS, DTORS, .dynamic, PAX bits
 . Modify symbol table, dynamic symbol table and relocation tables
 . Remove or reconstruct SHT
 . Real interactive and scripting modes
 . Many kind of section injection [even working in non-exec environments]
 . Control flow graphs with graphviz output (i386) : see modflow
 . ELFsh Module support and ELFsh internal API
 . Quiet output for tiny screens and shellcript friendship
 . Experimental ET_EXEC relocation and remapping feature (INTEL)
 . Full ET_REL injection into ET_EXEC (INTEL / SPARC / ALPHA)
 . PLT infection (INTEL, SPARC, ALPHA, MIPS)
 . ALTPLT technique (INTEL, SPARC, ALPHA)

https://github.com/thorkill/eresi

Hook function calls by replacing PLT(Procedure Linkage Table) entries.

What is plthook.

A utility library to hook library function calls issued by specified object files (executable and libraries). This modifies PLT (Procedure Linkage Table) entries in ELF format used on most Unixes or IAT (Import Address Table) entries in PE format used on Windows.

DynamoRIO Overview DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64/ARM/AArch64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows, Linux, or Android) and commodity IA-32, AMD64, ARM, and AArch64 hardware.

Existing DynamoRIO-based tools

Tools built on DynamoRIO and available in the release package include:

THE VAULT : The #! magic, details about the shebang/hash-bang mechanism on various Unix flavours

  • Fancy code

    • 2.8BSD implemented the test for the #! magic with a multi character constant
       #define SCRMAG '#!'
    • Demos (originally based on 2.9 BSD) inherited SCRMAG, and even added its own multi character constant for a variant of the magic:
       # define SCRMAG2 '/*#!'
       # define ARGPLACE "$*"
      Find more information in the end notes [Demos].
    • BSD/OS (2.0, sys/i386/i386/exec_machdep.c) shows a readable way to construct the magic
       [...]
       switch (magic) {
       /* interpreters (note byte order dependency) */
       case '#' | '!' << 8:
        handler = exec_interpreter;
        break;
       case [...]
  • POSIX.2 or SUSv2 / SUSv3 / SUSv4 mention #! only as a possible extension:
        Shell Introduction
        [...]
        If the first line of a file of shell commands starts with the
        characters #!, the results are unspecified.
    
        The construct #! is reserved for implementations wishing to provide
        that extension. A portable application cannot use #! as the first
        line of a shell script; it might not be interpreted as a comment.
        [...]
    
        Command Search and Execution
        [...]
        This description requires that the shell can execute shell
        scripts directly, even if the underlying system does not support
        the common #! interpreter convention. That is, if file foo contains
        shell commands and is executable, the following will execute foo:
    
          ./foo 
    There was a Working Group Resolution trying to define the mechanism.
    On the other hand, speaking about "#!/bin/sh" on any Unix:
     This is a really rocksolid and portable convention by tradition, if you expect anything from the Bourne shell family and its descendants to be called.

  • what's special about #!#! was a great hack to make scripts look and feel like real executable binaries.
    But, as a little summary, what's special about #!? (list mostly courtesy of David Korn)

    • the interpretername must not contain blanks
    • the length of the #! is much smaller than the maximum path length
    • $PATH is not searched for the interpreter
       (apart from an absolute path, the #! line also accepts a relative path,
       and #!interpreter is equivalent to #!./interpreter,
      however, it's not of any practical use)
    • the interpreter usually must no be a #! script again
    • the handling of arguments in the #! line itself is varying
    • the setuid mechanism may or may not be available for the script
    • there's no way to express #!$SHELL
  • Possible errors:
    • If the interpreter is not found, the system returns ENOENT.This error can be misleading, because many shells then print the script name instead of the interpreter in its #! line:
       $cat script.sh
       #!/bin/notexistent
       $ ./script.sh
       ./script.sh: not found 
      bash since release 3 subsequently itself reads the first line and gives a diagnostic concerning the interpreter
       bash: ./script.sh: /bin/notexistent: bad interpreter: No such file or directory
    • If the #! line is too long, at least three things can happen:
      • The line is truncated, usually to the maximum length allowed.
      • The system returns E2BIG (IRIX, SCO OpenServer) or ENAMETOOLONG (FreeBSD, BIG-IP4.2, BSD/OS4.1)
        and you get something like "Arg list too long" / "Arg list or environment too large" or "File name too long", respectively.
      • The kernel refuses to execute the file and returns ENOEXEC. In some shells this results in a silent failure.
        Other shells subsequently try to interprete the script itself.

that's what the NSA - National Security Agency calls the Vault ..because they can hack all Solaris Oracle mirrors...It might be possible a very old 1992 technique, but upgraded now, which begins by making a symlink to set-UID script, that now solaris shell does not aloud kernel t open the interpreter (...on my humble knowledge, double checking the executable) however....

#! hacks

Scripts are executed as #!interpreter [arg] and most often as #!/usr/bin/env interpreter. Additional arguments cannot be used. This repo catalogs single file workarounds mostly for fun but also slightly serious.

Script Guidelines

  • Must be self-contained as a single file executable
  • Must support any number of interpreter arguments inline
  • Must use #!/usr/bin/env interpreter
  • Must echo the first argument with zero exit status
  • Must exit with nonzero status when no argument
  • Must work as any filename but should be named after the target program
  • Should be a paradigm (terse, clear, extensible)

License (Public Domain)

All code is public domain and may be used without limitation.

Satellite hacking Intel 1 (BACK@WAR CyberArmy friends let´s start Satellite GPS navigation hack IT WILL HV A PRICE)

  https://stackoverflow.com/questions/63010812/how-to-access-http-port-5001-from-public-internet