Note

Bandit 2

Read a file beginning with a dash (-)

The easiest way to read a file beginning with a dash (-) is generally just to prefix it with a path; so, cat ./- reads a file called - in the current directory (as opposed to cat -, which tries to read from STDIN).

Link to original

Bandit 13

xxd

The xxd command is actually pretty standard on Linux systems.

# Create a hex dump of binary file $BINARY.
#
xxd $BINARY $HEXDUMP
 
# Reconstitute a binary file from a hex dump! Wow!
#
xxd -r $HEXDUMP $BINARY 
Link to original

Bandit 16

Send a command using OpenSSL

echo "$TEXT" | openssl s_client $HOST:$PORT -ign_eof

The -ign_eof keeps the s_client open on EOF, which can (does?) get sent after each command. This is necessary if you, say, want to read the connected server’s respond to sending it $TEXT.

Link to original

Bandit 26

more

Tip

The more command acts like cat whenever it can. The only way to force more into interactive mode is to make your terminal smaller than the number of lines in the file being displayed.

Incidentally, this means that it’s impossible to send commands to more when using it to display a one-line file.

An editor can be invoked from more using v; by default this tries to invoke $VISUAL, and then $EDITOR, and then just Vi before giving up.

If more can be run with NOPASSWD via sudo, then an admin shell can be achieved by using ! to invoke a command (!/bin/bash, etc.). Note, however, that this is just executing $SHELL -c $COMMAND, which can fail if $SHELL is set to something exotic in /etc/passwd.

Important

Link to original

Get a shell from ViM

If ViM can be run with NOPASSWD via sudo, then commands can be executed as admin using the ! prefix.

However, if a non-standard shell is set in /etc/passwd, Vi and ViM may not be able to shell out with :shell or execute shell commands with !. This is because these apps are attempting to execute $SHELL (in the case of :shell) or $SHELL -c $COMMAND (in the case of !).

Fortunately, Vi and ViM can be set to override the default $SHELL using :set shell=/bin/bash.

(Exotic shells in /etc/passwd can also cause commands executed via ssh to fail for the same reason.)

Link to original