#command shell | Explore Tumblr Posts and Blogs

ladyzirkonia · 11 months

Text

The faces of Commander Wolffe.

I love this beautiful man your honor.

#commander wolffe #bark bark #he's allowed to ruin me #but he has a soft side too #you just have to break his hard shell #zirkonias edits #the clone wars

920 notes · View notes

mount-and-do-blahaj-blast · 10 months

Text

>hopelessly pining after commanding officer

>commanding officer is a badass cyborg

>quits his job and spirals when she disappears for two years

>detective

>gigantic dork

Lo! Gaze upon these dumbass special agents and despair! Their girlbosses cannot stop dying!

#shakarian #commander shepard #mass effect #garrus vakarian #ghost in the shell #major motoko kusangi #batou #batoko #they are so important to me #everybody has that one assassin commando chick best friend who they would follow into hell without a second thought #not romantic not platonic #some other third thing (so devoted the lines blur)

215 notes · View notes

eamour · 1 year

Text

neville goddard's books

⤷ wanna get into the law of assumption? here you go!

1⌇at your command⌇1939

2⌇your faith is your fortune⌇1941

3⌇freedom for all⌇1942

4⌇feeling is the secret⌇1944

5⌇prayer — the art of believing⌇1945

6⌇the search⌇1946

7⌇out of this world⌇1949

8⌇the power of awareness⌇1952

9⌇awakened imagination⌇1946

10⌇seedtime and harvest⌇1956

11⌇i know my father⌇1960

12⌇the law and the promise⌇1961

13⌇he breaks the shell⌇1964

14⌇resurrection — a confession of faith⌇1966

⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀© readnevillegoddard.com

416 notes · View notes

geekynerfherder · 1 year

Text

Showcasing art from some of my favourite artists, and those that have attracted my attention, in the field of visual arts, including vintage; pulp; pop culture; books and comics; concert posters; fantastical and imaginative realism; classical; contemporary; new contemporary; pop surrealism; conceptual and illustration.

The art of Muju (Ignatius Tan).

230 notes · View notes

cakeleighh · 5 months

Text

Blue Beetle Doodle dump with an AU sprinkled in. If someone manages to understand the au, well done, you can understand the mess that is my mind.

[please forgive any grammatical/spelling mistakes, my brain has yet to come back after it left me to be with another]

#my art #au #my comic #blue beetle #jaime reyes #khaji da #minor body horror #booster gold #dc #doodle #the au is actually surprisingly dark #other than what happens to Jaime -the people in the black spots slowly loose their sense of being #until they become a shell of themselves wondering through the pitch black darkness #searching for people who haven’t yet fallen into their state of being #so zombies essentially #but not as ravenous and they just stare at you with their black eyes until they get the command to take you #blackspots au

20 notes · View notes

sysig · 10 months

Photo

Blusters in, flusters out (Patreon)

#Doodles #Wander Over Yonder #Emperor Awesome #Commander Peepers #Yet again some light Eyesome - at Least on the friendship side of things <3 #Drawing Awesome's big smile-laugh was so fun ahh ♥ His mouth and teeth shape with his gums showing! The fact both eyes are hidden!#His hand grabbing his chest lol ♪ I was thinking the way Chris Evans laughs haha #And then pulling a ''Cute'' on Peeps hehe <3 He's said that before when he's being mean! (Though I like to think he also meant it lol)#He probably thinks cute is lame :P But cute is cute! Girls can be cute Peepers can be cute dolls can be cute! Cute runs the gamut!#I am so pleased with the little blush hashmarks where Awesome pinched him haha ♪ He is So pissed #It seems like Watchdog eyes can be touched - lightly - or at least they can choose to touch things with their eyes open #Biting/licking tends to be a closed-eye activity but Peepers has been seen drinking with his eye open! It's interesting #I think it'd probably be uncomfortable but not painful - I dunno whether to think of Watchdog eyes as being more or less moist haha #If they're more then they'd have a thicker mucus membrane to protect them - almost like frog skin?#But if it's less then it's almost more like plain skin itself - self-hydrating but thicker #I guess it comes down to what parts of the eye are actually ''eye'' lol - maybe just the iris? Though veins are visible in the sclera!#And they do clearly have eyelids and the ability to blink so they need flexible smooth-moving opaque skin on top :0 Not like a shell haha #Their helmets - Peepers' especially - act more like a shell which is very cute :) I love Peepers' ridiculous ''widows peak'' haha <3 #Feel free to imagine the rest of Awesome as him leaning as far back as possible as he walks away lol #Kicking myself quietly for going with ''Napoleon'' rather than ''Bonaparte'' I think it would've flowed better and been a bit more clever #How does he know who Napoleon Bonaparte is and what he's referring to? Counterpoint what the hell is ''Bon Appétit'' - Wander & Peepers #Lol #Gone as quick as he came #He'll be back in no time to bother him again haha

46 notes · View notes

lieutenantbiscute · 11 months

Note

You new reference sheet for the Rise boys got me curious. Are they different than their show counterparts and if so, in what way?

Hmm, I’d say that their flaws in canon show aren’t as prominent in the AU. like, with Rise Donnie he needs validation from older parental figures but in my AU Corrin has had that support and praise since he was a kid so he knows his capabilities and such.

Rise Leo is hype man and has his insecurities about being only the hype man. In AU Cino has insecurities yes, but they’re more so surrounded about personal actions rather than acting as a co-leader to Rovva.

Rise Raph and Rovva both share their anger issue but Rovva differs in the fact that he has his father, His uncle Slash and Leatherhead to help process and use his anger in an efficient way for combat and defense.

Rise Mikey and Orion both still hold the ‘Dr. Delicate/Feelings’ persona but with Orion is very much a gag rather than a 15 playing therapist.

The ShellShock sons have a much more stable base of reference compared to their canon Rise counterparts. Points of interest when it comes to values and fighting and family. If Cino doesn’t wanna talk with his parents he goes to Uncle Leo or Mikey, if Corrin just wants to blow off steam he joins his brother Orion and Dad Raph to go spray paint tagging around the sewers and alleyways.

Rovva sticks with his mom Mona and Uncle Mikey when he wants to spend time cooking or weapons cleaning. Orion himself besides doing art stuff or foodstuffs with his uncle, is often spent chilling with Leo in the dojo training with Cino when he joins in or just meditating when stuff topside gets too much.

The kids have multiple points to go out and seek comfort from understanding parental figures in their lives. And our 12 Gang is here just for that! They know what it’s like to have questions that go unanswered because they have a lost authority figure or are in bouts of self isolation.

With the au it’s about having a support network; one I feel the Rise gang didn’t have enough of and where the 12 gang shined in some instances.

#Biscute answers #shell shocked au #the 12 gang besides themselves and Splinter had April Casey the Mutanimals Kirby commander Sal Mr. Murakami-san Karai Renet Shinigami Mona #the list goes on is what I’m getting at from outside points of view for the boys #while with Rise it’s them Splinter later Draxum and Cas and that’s about it #ye we could add the more villain of the week guys but I wouldn’t count them

32 notes · View notes

elfcollector · 1 year

Photo

PRIORITY: EARTH.

#meleedit #me3edit #meedit #mass effect #mass effect 3 #femshep #peach shepard #dailygaming #gamingedit #vgedit #myedit #myedits #mygif #mygifs #i am a hollow shell of a man #blood #commander shepard

53 notes · View notes

touhoutunes · 1 year

Audio

Title: 信じてくれ偶像 (Believe in Me, Idol)

Arrangement: DJ Command

Vocals: 越田Rute隆人

Album: Shell Shock

Circle: A-One

Original: Entrust the World to Idols ~ Idolatrize World

#touhou #touhou project #touhou music #keiki haniyasushin #entrust the world to idols ~ idolatrize world #wily beast and weakest creature #shell shock #a-one #a one #rute #越田Rute隆人 #DJ Command

25 notes · View notes

herosplatling-replica · 2 years

Note

Ooo Tarter and Freya are bffs now!

"'BFFs' is a generous term."

"If anything it likes to make comments on whatever I eat."

"I am endlessly lucky that the Triple-Fried Galactic Schwaffle is entirely absent in Splatsville."

#agent 3 #captain 3 #commander tartar #splatoon #splatoon 3 #do you ever think about how the fucking. splatoon 3 food has a whole crab with shell.#they were insane for this one actually #freya

93 notes · View notes

catabibaz0n · 1 year

Text

#rain world #slug cat #scavengers #fan art #made a slug cat scavenger hybrid because why the fuck not #and they are adorable and I love them #they’re a sneaky little thing very fond of explosives and have commandeered a large shell that they found as a defense mechanism #hiding inside it and using a chunk of metal to seal up the front to avoid predators #they eventually managed to tame a lizard though I’m not sure what kind😔🤔#they have bags inside of their shell that holds useful items such as pearls and rocks and extra spears #their family is mostly slug cats and they’re constantly trying to make friends with scavengers #also if you’ve never played rain world you’re missing out it’s stupid amounts of fun #especially if you can play co-op with friends the Mayham is just ridiculous

28 notes · View notes

zoobus · 1 year

Text

I think it's fucked up we let Android get more obnoxious with each update with relatively little pushback. They were kings of user choice at one point. How are we five system updates in and they STILL have the fucking gaslighting poltergeist auto-rotate button that requires Android SDK Platform Tools to destroy??? Why didn't we beat their ass for that alone??? Heads-up notification??? I'll kill you

#btw the command is #adb shell settings put secure show_rotation_suggestions 0 #adb shell settings put global heads_up_notifications_enabled 0 #Do you know how many months of random rotation it took for me to learn this was a universal android feature not a bug specific to my phone #We need to get madder about small things. We need to riot over small things.

15 notes · View notes

oatbugs · 9 months

Text

.

#i havent come to terms with the fact that one of the people i held closest to my heart has graduated and i wont see him for a good while #until i can shell out the money to fly to singapore. i get the feeling this is the conductors first shift on the train.#(all the black and breathing rapture) so welcome to charing cross? are you ready? an adminstration error #you are covered in the metallic stench of the rusty chains of command. its time to make four thousand pounds. i thought of you.#here in the garden of england she scrapes the shards of glass from the black sea. first with a spoon and then a knife and the with the #hairdryer that belonged to his mother. in the back of his car i can feel the stutter and jutter of the wheels the same shaky-straight path #of a beginner driver. i love you and the trees. hes finally growing his hair out. here is an enclosed metal room #more man than machine. i wont see you for another year. driving dangerously close to an 8-wheeled tall box i feel safer with you #than i ever will at home. weve already started a campfire in the backseat of your car ive got you didnt i?#we laid in the luxury of a four-person tent next to the mass of campfires and stars and i told her i thought you hated me #I've never hated you. ive never hated anyone except my father. here is how to forgive unspeakable things.#i am really all that ive been looking for. youre not a narcissist baby youve just got a lying problem. take molten gold #and glue the fragments of yourself back together. we cant stop crashing into the sky. drink wine straight from the grapes in the vineyard #and when you give it give it all. studies have shown you view your own future self as a seperate person #and oftentimes you have less empathy for this other person than for a friend. it is time to extend your kindness unequivocally.#the aviation tax attorney on the train floating on water told us a short story of her life. a smile full of charisma and #feeling old retiring at 47. theres a lot about you we shouldn't know. GRAB A GUN AND SHOOT THE IMAGE OF YOURSELF STRAIGHT IN THE MIRROR.

14 notes · View notes

c-cracks · 1 year

Text

Catch

So over the last few weeks I've been working on Catch. With work and the festive period I haven't had a lot of time; I finally got the opportunity to finish it last night. :)

It has a medium rating but I wouldn't say it's due to the initial foothold and privilege escalation being difficult- it's more due to there being a couple of rabbit holes (all of which I fell into for a period!)

Enumeration

As always, a port scan kicks off the process. Unfortunately I can't show the output of the port scan as during the time I switched laptops and I'm too lazy to power my old one on. xD However, the results were roughly as follows:

Port 80: HTTP (Catch Global Systems main page)

Port 3000: Gitea(?)

Port 5000: Lets Chat(?)

Port 8000: Cachet status page system

Port 80 was the first location I checked. You're greeted with what appears to be Catch's main application:

The signup/login functionality isn't present; I did notice the ability to download a file. The file that downloads is an apk.

For those that are unfamiliar with mobile applications, apk is one of the file formats for an Android mobile application which uses XML and Java. Having a little experience with mobile applications, my first thought was to decompile the apk and check for any hidden hardcoded secrets, usually stored in strings.xml.

To decompile the apk, I used apktool.

$ apktool d catchv1.0.apk

This decompiles the apk to near it's original form and places the resulting files in ./catchv1.0/. From here, I viewed ./res/values/strings.xml and found 3 potentially usable tokens for other applications:

$ grep token catchv1.0/res/values/strings.xml <string name="gitea_token">b87bfb6345ae72ed5ecdcee05bcb34c83806fbd0</string> <string name="lets_chat_token">NjFiODZhZWFkOTg0ZTI0NTEwMzZlYjE2OmQ1ODg0NjhmZjhiYWU0NDYzNzlhNTdmYTJiNGU2M2EyMzY4MjI0MzM2YjU5NDljNQ==</string> <string name="slack_token">xoxp-23984754863-2348975623103</string>

Foothold

With these in hand, I started with Lets Chat at random. Lets Chat is an open-source chat application utilizing a REST api. With it being open-source, it didn't take long at all to find how to use the discovered token:

As you can see, a password for John is viewable in one of the chat rooms. This grants you access to another one of their applications called Cachet- open-source yet again.

Cachet is the last stop before system access; admittedly this is where I fell rabbit hole 1 as I did spend some time trying to use the gitea_token, more out of curiosity than anything. After spending some time on this, however, I gave up and focused on Cachet.

As it turns out, the version of Cachet in use had two pubicly known vulnerabilities related to interaction with the application's dotenv file. One allowed you to leak values set in dotenv while the other allowed you to add new values to dotenv which could be used to achieve remote command execution. This is done by hosting a redis server, altering the dotenv file to make the application use your hosted redis server as a session driver and finally changing the value of the session key after the initial connection to a payload generated by phpggc. Better detail off this is given here.

I did spend some time playing around with the RCE vulnerability here, more out of interest as I haven't had any experience with Redis prior to this and it took me a while to get RCE working as the video doesn't explicitly show the process step-by-step.

Originally, I was getting the token from the source code in the application, adding this as a key with the phpggc payload as the value and then altering the dotenv file to connect to my Redis Server. As the RCE occurs when the client connects the second time and reads the value from the original session token, this didn't work.

I did eventually get this working, uploaded a PHP web shell and upgraded this to a reverse shell; this ultimately proved to be a waste of time as you end up in a Docker instance with no ability to break out of it!

With a heavy heart, I turned to the second vulnerability and leaked the database password from the dotenv file. This grants us access to the server through SSH as WIll.

Privilege Escalation

Privilege escalation was actually quite easy! Some simple enumeration reveals the presence of world-writeable directory /opt/mdm/apk_bin. In /opt/mdm, there is a Bash file verify.sh.

verify.sh is used to verify the legitimacy of apks uploaded to apk_bin and is executed as part of a cronjob which is executed as root. While references to verify.sh cannot be directly found, there is reference to 'check.sh' in the root directory in running processes (netstat -ano.)

The interesting lines of the script are here:

app_check() { APP_NAME=$(grep -oPm1 "(?<=string name=\"app_name\">)[^<]+" "$1/res/values/strings.xml") echo $APP_NAME ...

The function app_check is taking the app_name from strings.xml and echoing it back with no form of mitigation against command injection. For example, wrapping the variable name with ${} would have prevented this vulnerability being exploitable as this would have specified that only variable expansion was expected- the app name would have been echoed back as a string and not interpreted as a literal Bash command.

I tested this first by simply making the app name 'Catch; touch /opt/mdm/heuheu' and uploading it using python -m SimpleHTTPServer on my end and curl on Catch's end which achieved the expected outcome.

I did this with APK Editor Studio after encountering some errors trying do manually decompile and then recompile with apktool. Note that you also need to create a key for signing the APK as verify.sh uses jarsigner to verify this.

will@catch:/opt/mdm/apk_bin$ ls -al .. total 16 drwxr-x--x+ 3 root root 4096 Jan 6 21:55 . drwxr-xr-x 4 root root 4096 Dec 16 2021 .. drwxrwx--x+ 2 root root 4096 Jan 6 22:03 apk_bin -rw-r--r-- 1 root root 0 Jan 6 21:55 heuheu -rwxr-x--x+ 1 root root 1894 Mar 3 2022 verify.sh

From here, I went old school and just made /etc/passwd fully accessible by everyone before changing root's password to 'mwaha'

Generating the password:

$ openssl passwd mwaha KW56XEY7wxZuU

Where the password is added in /etc/passwd:

root:KW56XEY7wxZuU:...

There you go. ^-^

#hackthebox #hacking #android apk #apktool #command injection #redis server #dotenv #cachet #lets chat #gitea #cronjob #web shell #reverse shell #ssh #docker #open source

20 notes · View notes

randomidiocyncrazies · 3 months

Text

Help I'm being held hostage by fem!Nie Mingjue AU