{"id":181,"date":"2019-01-17T04:08:07","date_gmt":"2019-01-17T04:08:07","guid":{"rendered":"https:\/\/mrjsec.co.uk\/blog\/?p=181"},"modified":"2019-01-17T04:08:15","modified_gmt":"2019-01-17T04:08:15","slug":"wunorse-openslae-stall-mucking-report-cranberry-pi-terminal","status":"publish","type":"post","link":"https:\/\/mrjsec.co.uk\/blog\/wunorse-openslae-stall-mucking-report-cranberry-pi-terminal\/","title":{"rendered":"
Wunorse Openslae – Stall Mucking Report Cranberry Pi terminal<\/center>"},"content":{"rendered":"\n

When you speak to Wunorse Openslae, they explain they had forgotten there a password for the samba share, and they need to upload reports.txt!
Wunorse Openslae explains it could be in memory somewhere “Still, with all the automated tasks we use, I’ll bet there’s a way to find it in memory\u2026”, and the game gives you a link about “Passwords on the command line visible to ps? Not in Linux”<\/p>\n\n\n\n

First let’s do a “ps -aux | less”, as this is what the game is hinting.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Lot’s of, umm, stuff? Let’s copy it to notepad making it easy to read!<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

“sudo -u manager \/home\/manager\/samba-wrapper.sh –verbosity=none –no-check-certificate –extraneous-command-argument –do-not-run-as-tyler –accept-sage-advice -a 42 -d~ –ignore-sw-holiday-special –suppress –suppress \/\/localhost\/report-upload\/ directreindeerflatterystable -U report-upload”<\/p>\n\n\n\n

Interesting, so user wise there is an elf (us), manager and report-upload, we can’t log in with an elf as we don’t know the password and either does Wunorse Openslae, and the manager also requires a password. However, the user report-upload also requires a password (Back, to step one!).<\/p>\n\n\n\n

“directreindeerflatterystable” If passwords have taught me anything, anything that seems out of place usually is something we need to try! (Or something like that?)<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Well, that worked! Now we need to upload the file!<\/p>\n\n\n\n

smbclient \/\/localhost\/report-upload\/ -U report-upload -w directreindeerflatterystable -c \"put report.txt report.txt\"<\/code><\/pre>\n\n\n\n
\"\"<\/figure><\/div>\n\n\n\n
Moreover, that’s how I saved Christmas <\/del> Wunorse Openslae.<\/p>\n\n\n\n
References:
\nhttps:\/\/blog.rackspace.com\/passwords-on-the-command-line-visible-to-ps
\nhttps:\/\/linux.die.net\/man\/1\/smbclient
\nhttps:\/\/www.computerhope.com\/unix\/smbclien.htm<\/p>\n","protected":false},"excerpt":{"rendered":"
When you speak to Wunorse Openslae, they explain they had forgotten there a password for the samba share, and they need to upload reports.txt! Wunorse Openslae explains it could be in memory somewhere “Still, with…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[10],"tags":[13,14,12],"class_list":["post-181","post","type-post","status-publish","format-standard","hentry","category-kringlecon-2018","tag-13","tag-ctf","tag-kringlecon"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paD3U6-2V","_links":{"self":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=181"}],"version-history":[{"count":4,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/181\/revisions"}],"predecessor-version":[{"id":189,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/181\/revisions\/189"}],"wp:attachment":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}