File Info Gathering & Script Abuse

Gather info from script or file

If it's a file we can't read like a binary file we might be able to still gather some info of how it works or maybe even credentials.

Examples

Valley

Kali

strings $FILE > out.txt

Abusing Library paths

Examples

Wonderland Opacity Valley

If a script is using libraries check if the paths can be abused. It may be possible to instead of importing the library to go to a script we create instead or modify the existing one if we have access to do so.

Check the script and which libraries it uses.

Check to see what takes precedence. For example in the screenshot below it says ' ' has the highest priority which means the current working directory.

Victim

python3 -c 'import sys; print (sys.path)'
locate $FILE

Check if we have access to modify any of the libraries' that the script uses.

Victim

locate $FILE
ls -lah /path/to/file/$FILE
groups

Kali

cd db
cat joomladb.sql | grep admin

Ghidra

PreviousStatic Binaries NextCredential Gathering & Cracking

Last updated 5 months ago