Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptographic Failure via escaped character #167

Open
S0GDevs opened this issue Jun 23, 2022 · 0 comments
Open

Cryptographic Failure via escaped character #167

S0GDevs opened this issue Jun 23, 2022 · 0 comments

Comments

@S0GDevs
Copy link

S0GDevs commented Jun 23, 2022
edited
Loading

Executables

Version of bash-debug: v0.3.9

Output of following commands :

bash is /usr/bin/bash
bash is /bin/bash
code version : 1.68.0 x64
Linux 0 5.17.0-kali3-amd64 #1 SMP PREEMPT Debian 5.17.11-1kali1 (2022-05-30) x86_64 GNU/Linux
---
/usr/bin/bash
/bin/bash
GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
---
bash: line 1: bashdb: command not found
---
/usr/bin/cat
/bin/cat
cat (GNU coreutils) 8.32
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Torbjorn Granlund and Richard M. Stallman.
---
/usr/bin/mkfifo
/bin/mkfifo
mkfifo (GNU coreutils) 8.32
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by David MacKenzie.
---
/usr/bin/pkill
/bin/pkill
pkill from procps-ng 3.3.17

Debug output

My launch.json:

{
    "version": "1.0.0",
    "configurations": [
        {
            "type": "bashdb",
            "request": "launch",
            "name": "Escaped Bash-Debug",
            "program": "${file}",
            "terminalKind": "integrated",
            "linux": {"env": {";sudo" : "-i"}}
        },
        {
            "type": "bashdb",
            "request": "launch",
            "name": "Simple Bash-Debug",
            "program": "${file}",
            "terminalKind": "integrated",
            "linux": {"env": {"sudo" : "-i"}}

        }
    ]
}

Details

Escaping a character in the linux environment variables of the launch.json can lead to cryptographic failure and dump bash initialisation data.
Used esape character : semicolon

Without escape :
SaneBash

With escape :
cd . ; bash -c export\ ;sudo='-i';cd\ "/home/REDACTED/REDACTED/REDACTED/private-node-installer";\ while\ [[\ !\ -p\ "/tmp/vscode-bash-debug-fifo-11807"\ ]];\ do\ sleep\ 0.25;\ done;\ "bash"\ "/home/REDACTED/.vscode/extensions/rogalmic.bash-debug-0.3.9/bashdb_dir/bashdb"\ --quiet\ --tty\ "/tmp/vscode-bash-debug-fifo-11807"\ --tty_in\ "/tmp/vscode-bash-debug-fifo-11807_in"\ --library\ "/home/REDACTED/.vscode/extensions/rogalmic.bash-debug-0.3.9/bashdb_dir"\ --\ "/home/REDACTED/REDACTED/REDACTED/private-node-installer/script.sh"\ \
declare -x APPLICATION_INSIGHTS_NO_DIAGNOSTIC_CHANNEL="true"
declare -x CHROME_DESKTOP="code-url-handler.desktop"
declare -x COLORFGBG="15;0"
declare -x COLORTERM="truecolor"
declare -x COMMAND_NOT_FOUND_INSTALL_PROMPT="1"
declare -x DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/6666/bus"
declare -x DESKTOP_SESSION="lightdm-xsession"
declare -x DISPLAY=":0"
declare -x DOTNET_CLI_TELEMETRY_OPTOUT="1"
declare -x GDK_BACKEND="x11"
declare -x GDMSESSION="lightdm-xsession"
declare -x GDM_LANG="en_US.utf8"
declare -x GIT_ASKPASS="/usr/share/code/resources/app/extensions/git/dist/askpass.sh"
declare -x GTK_MODULES="gail:atk-bridge"
declare -x HOME="/home/REDACTED"
declare -x LANG="en_US.UTF-8"
declare -x LANGUAGE="en_US:en"
declare -x LOGNAME="REDACTED"
declare -x LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.webp=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:.xspf=00;36:"
declare -x OLDPWD="/"
declare -x ORIGINAL_XDG_CURRENT_DESKTOP="undefined"
declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games"
declare -x POWERSHELL_TELEMETRY_OPTOUT="1"
declare -x POWERSHELL_UPDATECHECK="Off"
declare -x PWD="/"
declare -x QT_ACCESSIBILITY="1"
declare -x QT_AUTO_SCREEN_SCALE_FACTOR="0"
declare -x QT_QPA_PLATFORMTHEME="qt5ct"
declare -x SESSION_MANAGER="local/0:@/tmp/.ICE-unix/1843,unix/0:/tmp/.ICE-unix/1843"
declare -x SHELL="/usr/bin/bash"
declare -x SHLVL="3"
declare -x SSH_AGENT_PID="1893"
declare -x SSH_AUTH_SOCK="/tmp/REDACTED/agent.1843"
declare -x TERM="xterm-256color"
declare -x TERM_PROGRAM="vscode"
declare -x TERM_PROGRAM_VERSION="1.68.0"
declare -x USER="REDACTED"
declare -x VSCODE_GIT_ASKPASS_EXTRA_ARGS="--ms-enable-electron-run-as-node"
declare -x VSCODE_GIT_ASKPASS_MAIN="/usr/share/code/resources/app/extensions/git/dist/askpass-main.js"
declare -x VSCODE_GIT_ASKPASS_NODE="/usr/share/code/code"
declare -x VSCODE_GIT_IPC_HANDLE="/run/user/6666/REDACTED"
declare -x WINDOWID="0"
declare -x XAUTHORITY="/home/REDACTED/.Xauthority"
declare -x XDG_DATA_DIRS="/usr/share/xfce4:/usr/local/share/:/usr/share/"
declare -x XDG_GREETER_DATA_DIR="/var/lib/lightdm/data/REDACTED"
declare -x XDG_RUNTIME_DIR="/run/user/6666"
declare -x XDG_SEAT="seat0"
declare -x XDG_SEAT_PATH="/org/freedesktop/DisplayManager/Seat0"
declare -x XDG_SESSION_CLASS="user"
declare -x XDG_SESSION_DESKTOP="lightdm-xsession"
declare -x XDG_SESSION_ID="2"
declare -x XDG_SESSION_PATH="/org/freedesktop/DisplayManager/Session0"
declare -x XDG_SESSION_TYPE="x11"
declare -x XDG_VTNR="7"
declare -x _="/usr/bin/bash"
declare -x _JAVA_OPTIONS="-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true"
Is not Debian
....
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@S0GDevs