• Integrate Homebrew Ruby with chruby

    For a while after switching from RVM to chruby, I’ve been quite satisfied with chruby, except for one thing. Every time Ruby releases a new version, I had to compile that version from scratch using ruby-install. It takes quite a long time, and I should do that on every macOS device I use.

    Compiling

    Why should I compile?

    I wanted to install pre-compiled Ruby. It should exist! Then I thought up Homebrew. Almost every formula of Homebrew has “bottles” for multiple versions of macOS. So I thought: ‘Just use Homebrew Ruby with chruby!’

    Read on →

  • How to open binary plist files using vim-plist

    Vim editing a binary plist file

    Using macOS, you may have had experiences of handling plist files. For example, ~/Library/Preferences/.GlobalPreferences.plist file holds some configurations of macOS. When you type defaults write -g ApplePressAndHoldEnabled -bool false on terminal, the following lines are added to .GlobalPreferences.plist:

    <key>ApplePressAndHoldEnabled</key>
    <false/>
    

    So when you dig down the preferences or resources of macOS system, you’ll meet plist files.

    vim-plist

    darfink’s vim-plist plugin handles *.plist files quite well. A plist file is in one of three formats; json, binary, xml. macOS is bundled with the plutil command that can convert a plist file from one format to another. The plugin also uses plutil to handle read and write of plist files.

    The plugin registers autocmd for BufReadCmd and FileReadCmd to read *.plist files, BufWriteCmd and FileWriteCmd to write *.plist files. BufRead and BufWrite events are triggered after reading the file into the buffer, but BufReadCmd and BufWriteCmd events are triggered before reading the file, and that autocmd should handle actual read and write operation of that file. These differences make handling plist files more complex.

    Read on →

  • How to make a bootable USB with GRUB2 and ISO

    Do you have multiple ISO files to install, with quite enough storage of USB stick? You’ll want to install all of them with a single USB stick. Here’s how.

    Read on →

  • Pushing git repository to multiple remotes

    I’m currently managing my dotfiles repository on both of GitHub and Bitbucket. These two repositories are the same, but I don’t want to remove one of them. I mainly use GitHub for hosting code now, but the first place I uploaded my dotfiles to was Bitbucket.

    I want to keep the HEAD of two remote repositories be the same, so when I push code to my dotfiles, the both of them must be updated at the same time.

    Read on →

  • Boston Key Party CTF 2017: vimjail write-up

    vimjail (pwn 150)

    • ssh ctfuser@ec2-54-200-176-5.us-west-2.compute.amazonaws.com
    • password: loginPWforVimJail

    Can you read the flag?

    UPDATES

    • (13:38 UTC Saturday): The flag is not in /tmp.
    • (13:31 EST Saturday): new ip

    Looking around

    Well, you would do ls first when you logged in, so do we. And there was ~/flagReader.

    ctfuser@ip-172-31-31-196:~$ ls -als /home/ctfuser/flagReader
    12 ---S--x--- 1 topsecretuser secretuser 8768 Feb 25 08:42 /home/ctfuser/flagReader
    

    If you try completion by pressing Tab key or try to move around using cd, it fails with an error message from rbash. It’s restricted bash, but you can simply run bash to escape.

    While moving around, we found nothing special without /.flag. Also there were some .s[a-z][a-z] files under /var/tmp/ and /tmp/, created by secretuser. But there are not in fixed location when the problem server was changed, so we thought there would be a way to run Vim under secretuser’s permission.

    ctfuser@ip-172-31-31-196:~$ ls -als /.flag
    4 -r-------- 1 topsecretuser topsecretuser 39 Feb 25 08:42 /.flag
    

    We also tried to find setuid or setgid files, but there was only the previous flagReader.

    ctfuser@ip-172-31-31-196:/tmp$ find / -perm -4000 -o -perm -2000 -type f 2>/dev/null
    /bin/ping
    /bin/ping6
    /bin/fusermount
    /bin/umount
    /bin/su
    /bin/mount
    /bin/ntfs-3g
    /sbin/unix_chkpwd
    /sbin/pam_extrausers_chkpwd
    /usr/lib/x86_64-linux-gnu/utempter/utempter
    /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
    /usr/lib/openssh/ssh-keysign
    /usr/lib/snapd/snap-confine
    /usr/lib/eject/dmcrypt-get-device
    /usr/lib/dbus-1.0/dbus-daemon-launch-helper
    /usr/lib/policykit-1/polkit-agent-helper-1
    /usr/bin/crontab
    /usr/bin/newuidmap
    /usr/bin/at
    /usr/bin/chage
    /usr/bin/sudo
    /usr/bin/bsd-write
    /usr/bin/pkexec
    /usr/bin/chfn
    /usr/bin/expiry
    /usr/bin/newgrp
    /usr/bin/screen
    /usr/bin/chsh
    /usr/bin/gpasswd
    /usr/bin/newgidmap
    /usr/bin/ssh-agent
    /usr/bin/passwd
    /usr/bin/mlocate
    /home/ctfuser/flagReader
    

    Read on →