Posts

Showing posts from November, 2019

Bash LS Coloring Internals: How Does `ls` Know Which Colors To Use?

Image
Many of us take for granted ls's convenient display, and probably didn't ever stop to consider how it even knows which colors to use for which files. This very question sparked my curiosity and lead me to researching the internals of this mechanism.

While ls is open source and you can read its code to understand the underlying logic, I decided not to do so as I wanted to take a black box approach.

tl;dr at end of post
How Does ls Identify File Types? Do File Contents Matter? I engineered two simple test to check if ls takes into account a file's content when it chooses its color:

I created empty files each with a different extension and ran ls to see which colors it selected for the filesI exchanged the contents of an image and executable and ran ls to see which colors it selected for the files The first experiment showed that ls uses the filename's extension to select a color when the file is empty.

The second experiment further showed that ls depends on files' nam…

CVE-2019-17421 Privilege Escalation Vulnerability In Zoho's OpManager & Firewall Analyzer

Image
Target 🎯 Vendor 🏭
ManageEngine which is a division in Zoho Corp. creates IT management software and tools. The company is a major player in IT management with over 90 tools, and 3 million users served in over 190 countries.
Products 💿 Two of ManageEngine's popular products are it's network firewall analyzer and network monitoring software respectively named ManageEngine Firewall Analyzer and ManageEngine OpManager. Vulnerability CVE-2019-17421 affects both (and possibly more) of these products.
Vulnerability ⚡ After I set these programs as my research targets, I installed their free trial version, and began mapping out the attack surface. The first thing I noticed is that the program runs as root. This is great for our purposes as this means any local vulnerability will lead to LPE (Local Privilege Escalation). To achieve my goal of finding a security bug, I am no longer limited to only the remotely accessible attack surface.

Next, I found the program defaultly installs it…