#test | Logs for 2019-03-27
« return
[00:00:22] <chromas> oh I meant browsers run random, unverified code off the internet
[00:00:29] <fyngyrz> what you do is send a file with tokens for tabs and LFs... then a little program to postprocess thaqt into ACTUAL spaces and tabs... then you can run it
[00:00:45] <fyngyrz> oh, yes. So do can fonts. :)
[00:01:03] <fyngyrz> the hinting engine is turing complete
[00:01:09] <fyngyrz> ugly, but could be made to do whatever
[00:02:13] <fyngyrz> basically, once someone has access at this level, whatever's in that user's domain is open season. And it's probably not that far away from getting root, then sending along the info once that's achived
[00:02:29] <fyngyrz> might work in the background for 6 months trying
[00:02:35] <fyngyrz> then bang, compromise
[00:04:21] <fyngyrz> browsers tend to not have access at the user level for that code... although hacks can be done. At the level here, the access is already there
[00:04:24] <fyngyrz> user level
[00:05:06] <fyngyrz> and then there's the annoyer.... the blackhat who spawns a shitload of 100% CPU do-nothings just to make things difficult
[00:05:28] <chromas> the bot does that on its own :D
[00:05:29] <fyngyrz> or uses your sstem to make bitcoins, etc
[00:05:32] <fyngyrz> system
[00:06:33] <fyngyrz> then there's your network...
[00:06:51] <fyngyrz> =[sys ifconfig]
[00:06:52] <SecurityHoleBot> enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
[00:06:52] <SecurityHoleBot> inet 10.11.0.2 netmask 255.255.255.0 broadcast 10.11.0.255
[00:06:52] <SecurityHoleBot> inet6 fe80::8954:1bef:c0b:6701 prefixlen 64 scopeid 0x20<link>
[00:06:52] <SecurityHoleBot> ether d0:27:88:75:b9:5b txqueuelen 1000 (Ethernet)
[00:06:52] <SecurityHoleBot> RX packets 99772840 bytes 135011534528 (125.7 GiB)
[00:06:52] <SecurityHoleBot> RX errors 0 dropped 0 overruns 0 frame 0
[00:06:52] <SecurityHoleBot> TX packets 29854466 bytes 27528529459 (25.6 GiB)
[00:06:54] <SecurityHoleBot> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[00:06:55] <SecurityHoleBot> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
[00:06:55] <SecurityHoleBot> inet 127.0.0.1 netmask 255.0.0.0
[00:06:55] <SecurityHoleBot> inet6 ::1 prefixlen 128 scopeid 0x10<host>
[00:06:55] <SecurityHoleBot> loop txqueuelen 1000 (Local Loopback)
[00:06:56] <SecurityHoleBot> RX packets 10775108 bytes 4822249522 (4.4 GiB)
[00:06:56] <SecurityHoleBot> RX errors 0 dropped 0 overruns 0 frame 0
[00:06:57] <SecurityHoleBot> TX packets 10775108 bytes 4822249522 (4.4 GiB)
[00:06:57] <SecurityHoleBot> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[00:06:58] <SecurityHoleBot> wlp3s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
[00:06:59] <SecurityHoleBot> ether c0:f8:da:1d:b4:1b txqueuelen 1000 (Ethernet)
[00:06:59] <SecurityHoleBot> RX packets 0 bytes 0 (0.0 B)
[00:07:00] <SecurityHoleBot> RX errors 0 dropped 0 overruns 0 frame 0
[00:07:00] <SecurityHoleBot> TX packets 0 bytes 0 (0.0 B)
[00:07:01] <SecurityHoleBot> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[00:09:40] <fyngyrz> =[sys ping -o 10.11.0.2]
[00:09:56] -!- upstart [upstart!~systemd@0::1] has joined #test
[00:09:56] -!- mode/#test [+v upstart] by Artemis
[00:10:20] <chromas> upstart: nick S_HoleBot
[00:10:20] upstart is now known as S_HoleBot
[00:10:32] <chromas> S_HoleBot: set prefix &
[00:10:32] <S_HoleBot> k
[00:10:42] <chromas> &[sys df -h]
[00:10:42] <S_HoleBot> aa_macro exception: Not an executable file: /usr/bin/python2
[00:10:53] <chromas> oh
[00:11:15] <chromas> oh
[00:11:17] <chromas> &[sys df -h]
[00:11:17] <S_HoleBot> /usr/bin/python2: can't open file '/home/2b/bin/aa_macro/systemd_macrod.py': [Errno 2] No such file or directory
[00:11:27] <fyngyrz> =[sys ping -c 1 10.11.0.2]
[00:11:27] <SecurityHoleBot> PING 10.11.0.2 (10.11.0.2) 56(84) bytes of data.
[00:11:27] <SecurityHoleBot> 64 bytes from 10.11.0.2: icmp_seq=1 ttl=64 time=0.068 ms
[00:11:27] <SecurityHoleBot> --- 10.11.0.2 ping statistics ---
[00:11:27] <SecurityHoleBot> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
[00:11:28] <SecurityHoleBot> rtt min/avg/max/mdev = 0.068/0.068/0.068/0.000 ms
[00:11:57] <fyngyrz> =[sys ping -c 1 10.11.0.255]
[00:12:08] <fyngyrz> =[sys ping -b -c 1 10.11.0.255]
[00:12:11] <chromas> &[sys df -h]
[00:12:11] <S_HoleBot> Filesystem Size Used Avail Use% Mounted on
[00:12:11] <S_HoleBot> /dev/sda2 454G 122G 309G 29% /
[00:12:11] <S_HoleBot> tmpfs 1.8G 4.0K 1.8G 1% /tmp
[00:12:11] <S_HoleBot> tmpfs 1.8G 0 1.8G 0% /dev
[00:12:11] <S_HoleBot> tmpfs 1.8G 0 1.8G 0% /dev/shm
[00:12:11] <S_HoleBot> tmpfs 1.8G 36K 1.8G 1% /run
[00:12:12] <S_HoleBot> run 1.8G 732K 1.8G 1% /run/systemd/nspawn/incoming
[00:12:13] <S_HoleBot> tmpfs 1.8G 0 1.8G 0% /sys/fs/cgroup
[00:12:13] <S_HoleBot> tmpfs 355M 0 355M 0% /run/user/0
[00:12:18] <SecurityHoleBot> PING 10.11.0.255 (10.11.0.255) 56(84) bytes of data.
[00:12:18] <SecurityHoleBot> --- 10.11.0.255 ping statistics ---
[00:12:18] <SecurityHoleBot> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
[00:12:19] <chromas> there
[00:12:32] <chromas> if it makes ya feel better, S_HoleBot's in a shiny new container
[00:12:33] <fyngyrz> =[sys arp -a]
[00:12:33] <SecurityHoleBot> _gateway (10.11.0.1) at 9c:3d:cf:f1:62:13 [ether] on enp2s0
[00:12:33] <SecurityHoleBot> ? (10.11.0.3) at <incomplete> on enp2s0
[00:12:34] <SecurityHoleBot> ? (10.11.0.23) at 5c:f9:dd:45:0b:57 [ether] on enp2s0
[00:12:34] <SecurityHoleBot> ? (10.11.0.6) at 90:2b:34:1e:ac:8e [ether] on enp2s0
[00:12:34] <SecurityHoleBot> ? (10.11.0.7) at 90:2b:34:1e:ac:7f [ether] on enp2s0
[00:12:34] <SecurityHoleBot> ? (10.11.0.10) at 1c:7b:21:d9:fe:a0 [ether] on enp2s0
[00:12:34] <SecurityHoleBot> ? (10.11.0.14) at <incomplete> on enp2s0
[00:12:46] <fyngyrz> there's your network
[00:13:28] <fyngyrz> =[sys ping -c 1 10.11.0.23]
[00:13:34] <fyngyrz> =[sys ping -c 1 10.11.0.6]
[00:13:35] <SecurityHoleBot> PING 10.11.0.6 (10.11.0.6) 56(84) bytes of data.
[00:13:35] <SecurityHoleBot> 64 bytes from 10.11.0.6: icmp_seq=1 ttl=128 time=0.523 ms
[00:13:35] <SecurityHoleBot> --- 10.11.0.6 ping statistics ---
[00:13:35] <SecurityHoleBot> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
[00:13:35] <SecurityHoleBot> rtt min/avg/max/mdev = 0.523/0.523/0.523/0.000 ms
[00:13:38] <chromas> =[sys nmap -sn 10.11.0.0/24]
[00:13:38] <SecurityHoleBot> PING 10.11.0.23 (10.11.0.23) 56(84) bytes of data.
[00:13:39] <SecurityHoleBot> --- 10.11.0.23 ping statistics ---
[00:13:39] <SecurityHoleBot> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
[00:13:41] <SecurityHoleBot> Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-26 17:13 PDT
[00:13:41] <SecurityHoleBot> Nmap scan report for 10.11.0.1
[00:13:42] <SecurityHoleBot> Host is up (0.0013s latency).
[00:13:42] <SecurityHoleBot> Nmap scan report for 10.11.0.2
[00:13:42] <S_HoleBot> ^ �03Nmap: the Network Mapper - Free Security Scanner�
[00:13:43] <SecurityHoleBot> Host is up (0.0011s latency).
[00:13:43] <SecurityHoleBot> Nmap scan report for 10.11.0.4
[00:13:43] <SecurityHoleBot> Host is up (0.0093s latency).
[00:13:43] <SecurityHoleBot> Nmap scan report for 10.11.0.7
[00:13:45] <SecurityHoleBot> Host is up (0.00037s latency).
[00:13:45] <SecurityHoleBot> Nmap done: 256 IP addresses (4 hosts up) scanned in 2.58 seconds
[00:13:55] <fyngyrz> yep
[00:14:27] <fyngyrz> all kinds of ways in there
[00:14:39] <fyngyrz> and again, in python, all of this, and more :)
[00:14:46] <fyngyrz> or any other language, perhaps
[00:14:57] <fyngyrz> once you can write a file and execute it... well.
[00:15:06] <chromas> &[sys pwd]
[00:15:06] <S_HoleBot> /home/2b
[00:15:12] <chromas> &[sys whoami]
[00:15:12] <S_HoleBot> root
[00:15:17] <fyngyrz> lol
[00:15:19] <fyngyrz> omg
[00:15:34] <fyngyrz> rofl
[00:15:58] <fyngyrz> =[sys ls -l /root]
[00:16:06] <fyngyrz> hm
[00:16:08] <fyngyrz> not root then
[00:16:17] <chromas> there's two bots
[00:16:19] <fyngyrz> oh
[00:16:22] <fyngyrz> I see
[00:16:30] <fyngyrz> miss the ampersand
[00:16:34] <fyngyrz> missed
[00:16:43] <chromas> S_HoleBot's in a container. Feel free to abuse
[00:16:56] <chromas> see if you can escape the container :D
[00:17:14] <fyngyrz> nah, not my thing
[00:17:21] <fyngyrz> but within the container... etc
[00:17:40] <fyngyrz> someone might try rowhammer, etc
[00:18:01] <chromas> =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <SecurityHoleBot> &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <S_HoleBot> =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <SecurityHoleBot> &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <S_HoleBot> =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <SecurityHoleBot> &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <S_HoleBot> =say &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <SecurityHoleBot> &say =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <S_HoleBot> =say &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:01] <SecurityHoleBot> &say =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:02] <S_HoleBot> =say &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:02] <SecurityHoleBot> &say =say &say =say &say =say &say =say &say =say &say Hi
[00:18:02] <S_HoleBot> =say &say =say &say =say &say =say &say =say &say Hi
[00:18:02] <SecurityHoleBot> &say =say &say =say &say =say &say =say &say Hi
[00:18:02] <S_HoleBot> =say &say =say &say =say &say =say &say Hi
[00:18:02] <SecurityHoleBot> &say =say &say =say &say =say &say Hi
[00:18:03] <S_HoleBot> =say &say =say &say =say &say Hi
[00:18:03] <SecurityHoleBot> &say =say &say =say &say Hi
[00:18:03] <S_HoleBot> =say &say =say &say Hi
[00:18:04] <SecurityHoleBot> &say =say &say Hi
[00:18:04] <S_HoleBot> =say &say Hi
[00:18:04] <SecurityHoleBot> &say Hi
[00:18:04] <S_HoleBot> Hi
[00:18:04] <fyngyrz> ok, anyway, have fun. FFam again
[00:18:19] <chromas> Thanks for playing :)
[00:20:23] -!- SecurityHoleBot has quit [Remote host closed the connection]
[00:20:24] -!- upstart [upstart!~systemd@0::1] has joined #test
[00:20:24] -!- mode/#test [+v upstart] by Artemis
[00:20:35] <chromas> =[]
[00:20:35] -!- upstart has quit [Remote host closed the connection]
[00:21:15] -!- upstart [upstart!~systemd@0::1] has joined #test
[00:21:15] -!- mode/#test [+v upstart] by Artemis
[00:21:18] <chromas> =[]
[00:21:38] <chromas> and just think, you could've got some real secret info, like the bot's irc password
[00:22:07] <chromas> =nick SecurityHoleBot
[00:22:07] upstart is now known as SecurityHoleBot
[00:22:13] SecurityHoleBot is now known as systemd
[02:39:41] <chromas> &[pacman -Ss fortune]
[02:39:41] <S_HoleBot> (Unknown Built-in or Squiggly: tag="pacman" data="-Ss fortune")
[02:39:46] <chromas> &[sys pacman -Ss fortune]
[02:39:47] <S_HoleBot> community/cowfortune 0.1.2-6
[02:39:47] <S_HoleBot> Configurable fortune cookie proclaiming cow (and a few other creatures)
[02:39:47] <S_HoleBot> community/fortune-mod 2.6.2-1
[02:39:47] <S_HoleBot> The Fortune Cookie Program from BSD games
[02:43:36] <chromas> &[sys auracle search fortune]
[02:43:42] <S_HoleBot> aur/epifortune v1.0-1 (3, 0.01)
[02:43:42] <S_HoleBot> A fortune-like program which provide quotes from Epiquote.
[02:43:43] <S_HoleBot> aur/fortune-classe-americaine-fr 20110606-1 (13, 0.00)
[02:43:43] <S_HoleBot> Fortune cookies: La Classe americaine quotes in french
[02:43:43] <S_HoleBot> aur/fortune-mod-2brokegirls 1607160254-1 (4, 0.00)
[02:43:43] <S_HoleBot> Fortune quotes from 2 Broke Girls
[02:43:43] <S_HoleBot> aur/fortune-mod-3rfts 1609220137-1 (6, 0.00)
[02:43:43] <S_HoleBot> Fortune quotes from 3rd Rock from the Sun
[02:43:43] <S_HoleBot> aur/fortune-mod-all-en 14-1 (5, 0.00)
[02:43:44] -!- S_HoleBot has quit [Excess Flood]
[02:43:58] -!- S_HoleBot [S_HoleBot!~systemd@71.85.kn.vnl] has joined #test
[02:43:58] -!- mode/#test [+v S_HoleBot] by Artemis
[02:44:08] <chromas> not enough delay I guess
[08:58:01] <chromas> &[echo =submit https://torrentfreak.com
[08:58:14] <chromas> &[echo test]
[08:58:18] <chromas> &[sys ls]
[08:58:35] <chromas> fpos
[08:58:38] <chromas> #smake S_HoleBot
[08:58:38] * MrPlow smakes S_HoleBot upside the head with an unhandled exception
[08:59:34] <chromas> oh
[08:59:41] <chromas> S_HoleBot: set prefix &
[08:59:41] <S_HoleBot> k
[08:59:45] <chromas> &[echo test]
[08:59:45] <S_HoleBot> (Unknown Built-in or Squiggly: tag="echo" data="test")
[08:59:55] <chromas> &[sys echo test]
[08:59:55] <S_HoleBot> test
[09:00:26] <chromas> &nick SecurityHoleBot
[09:00:26] S_HoleBot is now known as SecurityHoleBot
[09:00:35] <chromas> &[sys echo =submit https://torrentfreak.com
[09:00:35] <SecurityHoleBot> =submit https://torrentfreak.com
[09:00:37] <systemd> Submitting "Google Unlocked Aims to 'Uncensor' Google Search Results - TorrentFreak"...
[09:00:58] <systemd> ✓ Sub-ccess! "Google Unlocked Aims to 'Uncensor' Google Search Results - TorrentFreak" -> https://soylentnews.org
[09:00:59] <SecurityHoleBot> ^ �03Google Unlocked Aims to 'Uncensor' Google Search Results - TorrentFreak: SoylentNews Submission�
[09:01:08] <chromas> &titlectl disable
[09:01:39] <chromas> &disable titles
[09:01:39] <SecurityHoleBot> k
[09:01:49] <chromas> that's a lame command name
[09:01:59] <chromas> &save
[09:01:59] <SecurityHoleBot> k
[09:06:31] -!- SecurityHoleBot has quit [Remote host closed the connection]
[09:06:40] -!- SecurityHoleBot [SecurityHoleBot!~systemd@71.85.kn.vnl] has joined #test
[09:06:40] -!- mode/#test [+v SecurityHoleBot] by Artemis
[09:14:08] <chromas> &ping
[09:14:08] <SecurityHoleBot> Pong!
[11:20:42] -!- SecurityHoleBot has quit [Remote host closed the connection]
[16:08:27] <fyngyrz> {help}
[16:08:27] <fungus> fyngyrz, here are the fungus macros:
[16:08:27] <fungus> More on fungus at http://ourtimelines.com
[16:08:28] <fungus> For specifics, try �09�09$��07{h item}��:
[16:08:28] <fungus> ----------------------------------------------------------------
[16:08:29] <fungus> ATM aa_macro ab abbr action adjective adverb adverbly age atm b
[16:08:29] <fungus> bgcolor bot bsod cats cb chr chromas colors cols64 cowpoop
[16:08:30] <fungus> cowsay crumble ctrlAltDelete darks date ddate dict dmorse dt
[16:08:30] <fungus> dude echo emojis enumerate fart github guilty h hchr help
[16:08:31] <fungus> hexdump i itemize joke kcat lawn lb list ls ma mathsci moo morse
[16:08:31] <fungus> nick nl noun oldwrap40 omg pat play prog r rb reboot reverse rs
[16:08:32] <fungus> sex shrug smake strike sub sudo threat tomswift u unmorse verb
[16:08:32] <fungus> wisdom wrap wrap40 year z
[16:08:33] <fungus>
[16:08:34] <fungus> State Control:
[16:08:34] <fungus> --------------
[16:08:35] <fungus> auto autooff gone here hereoff listsups noauto notopid states
[16:08:35] <fungus> status topid topidoff
[16:08:36] <fungus>
[16:08:37] <fungus> Emojis:
[16:08:37] <fungus> -------
[16:08:38] <fungus> beer booze cat check cocktail pepper pizza poop spaghetti
[16:08:38] <fungus> wine
[16:08:39] <fungus>
[16:08:40] <fungus> �04C��03o��11l��07o��09r��06s�:
[16:08:40] <fungus> -------
[16:08:41] <fungus> aqua black blue brown cyan green grey lblue lcyan lgrey lime
[16:08:41] <fungus> orange pink purple red teal white yellow
[16:08:51] <fyngyrz> {acro SCTP}
[16:08:51] <fungus> ? Unknown Style "acro" ?
[16:08:57] <fyngyrz> {abbr SCTP}
[16:08:57] <fungus> <abbr title="Stream Control Transmission Protocol">SCTP</abbr>
[17:05:00] -!- systemd has quit [Remote host closed the connection]
[17:05:03] -!- upstart [upstart!~systemd@71.85.kn.vnl] has joined #test
[17:05:03] -!- upstart has quit [Changing host]
[17:05:03] -!- upstart [upstart!~systemd@0::1] has joined #test
[17:05:03] -!- mode/#test [+v upstart] by Artemis
[17:05:48] upstart is now known as systemd
[17:05:56] systemd is now known as upstart