Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Malwrologist Profile picture
Malwrologist
@DissectMalware
Cybersecurity researcher DM is always open xlmdeobfuscator: https://t.co/zlbtaqE1YS

Aug 4, 2018, 5 tweets

#linux #bash #path #obfuscation
goal: obfuscate /etc/passwd
1) #directorytraversal: /mnt/././../etc/././passwd
2) escape characher: /etc/.\/\/\/\/\/passwd /etc/.\/.\/.\/.\/passwd /\e\t\c/passwd
3) null character /et$'c/pa\u0000/notexist/path'sswd
....

#path #obfuscation using #symbolic #link
ln -s / anything
head -n 2 anything////../etc/passwd

ln -s ../../ wow
head -n 2 ././wow/../etc/passwd

* ../ after a sym link applies to the sym link not the current path

filename expansion #globbing

cat /et*/pa**wd

command expansion
$(echo /e)tc$(echo /pa*)wd

+ other string obfuscation techniques

#bash #obfuscation by string manipulation

${var//pattern/string} --> Find and replace all occurrences of pattern in var by string

test=/ehhh/hmtc/pahhh/hmsswd
${test//hhh\/hm/}
${test//hh??hm/}
are equal to /etc/passwd

Using #symbolic #link (#softlink) for #path #obfuscation
You can read the file path referred to by a soft link with #readlink command.

Note: soft link is a special file that its content is supposed to be a path. But one can store anything there!

#command #obfuscation #bash

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling