JxTx

Recently I’ve discovered the wonderful life of code review, and although I tried VS code, it felt clunky, and hard to navigate. Don’t get me wrong VS code has its place, and its a decent editor. But I felt more ate home with emacs. Anyone doing code review will most likely tell you to up your grep game. Or maybe if you spoke to me about code review, I’d tell you that.

Sod it, its my blog, I’ll write about what I want. Its also letting me trial out ox-hugo and spoiler, I love it. But anyway, Rotten Sound… One of my favorite bands of all time, and nearly (by 1 year) as old as me. I got into Rotten Sound when I was 15 with the Cycles album. The cover alone got the young me very intrigued. Still to this day, some 15 years later, this is still very much a goto album of mine.

Data Type Format Specifiers Size Range Signed char %c 1 Byte -128 to 127 Unsigned char %c 1 Byte 0 to 255 Int or Long Int or Signed or Long Int %d 4 Bytes -2147483648 to 2147483647 Unsigned Int or Unsigned Long Int %u 4 Bytes 0 to 4 Gb Short Int %hd 2 Bytes -32768 to 32767 Unsigned short Int %hu 2 Bytes 0 to 65535 Float %f 4 Bytes 3.

In January 2021, Qualys released a blog post detailing a terrifying new vulnerability in the Unix sudo program. Specifically, this was a heap buffer overflow allowing any user to escalate privileges to root – no misconfigurations required. This exploit works with the default settings, for any user regardless of sudo permissions, which makes it all the scarier. The vulnerability has been patched, but affects any unpatched version of the sudo program from 1.

I need to get rid of some of these notes I’ve gathered over the years of being a pentester, that although are cool, I never ended up using. So I doubt there will be much in here, I’m not going to explain each one in detail, I just need them gone from my life. Golang HTTP Within golang you can make http(s) requests like so. package main import ( "fmt" "io/ioutil" "net/http" ) func main() { resp, err := http.

Throughout my career I’ve always been the one that knew more that your typical ssh command. Colleges would often ping me if they ever needed to do anything “advanced” with ssh. Recently I found myself in the depths of man ssh and scripting my fair share of ssh shell scripts. So I thought I’d dump some of that knowledge in a post. The Config File If you ever find yourself making an alias like alias foo=ssh you@192.

Trying to get a ARM32 host to run 32bit assembly is harder than I expected. This is how to run 32bit assembly on a ARM64 bit host. First install some cross compilation tools. sudo apt install gcc-arm-linux-gnueabihf binutils-arm-linux-gnueabihf binutils-arm-linux-gnueabihf-dbg gcc gdb-multiarch Now trying to assemble the following 32 bit example, that just prints “Hello World” will fail with the as command. .section .text .global _start _start: /* syscall write(int fd, const void *buf, size_t count) */ mov r0, #1 ldr r1, =msg ldr r2, =len mov r7, #4 svc #0 /* syscall exit(int status) */ mov r0, #0 mov r7, #1 svc #0 msg: .

I forgot about this note, and its saved me in the past. The code signature from a mach-o file can easily be extracted with tools like dd or jtool2 as the code signature is always at the end of the file in the LC_CODE_SIGNATURE section. For example, here is how to do it with dd % file ./TwoDots ./TwoDots: Mach-O 64-bit executable arm64 % jtool2 -l TwoDots | grep SIG LC 42: LC_CODE_SIGNATURE Offset: 50448, Size: 21040 (0xc510-0x11740) % dd if=.

I wanted to spend some time looking around different file types in the Apple world, and this is what I’ve got. Mach-O Mach-O is the executable format used on macOS and iOS. In the Windows world this could be like a .exe file. A Mach-O file contains a header comprised of a series of load commands – commands telling dyld information about the file. Some load commands specify metadata about the file, such as the version it is compiled for, or the file’s entry point.

On mobile assessments, we often report the “No Anti-Tampering” finding, but Id’s like to explore this a bit, and maybe show you a different technique to do this. A lot of the time, is show by attaching Frida to the application, which is fine, assuming that the reader knows how Fida/Objection work under the hood. But let’s assume the reader does not know how Frida works and they only have our finding to go off.