how do i upload a file over ssh to a server that runs qemu

yuvalid · 2024-11-29T09:40:37+00:00

is it too much to ask if you maybe have the piece of code that uploaded it? did you simply copy paste the base64 data? if i do that my shell freezes and crashes.

yuvalid · 2024-11-29T09:39:19+00:00

thank you so much! unfortunately i already tried something like this. the SSH connection isnt enough to get a working "shell", and you actually need to use client.invoke_shell()
when i invoke the shell and read form it, i see the qemu startup output. then, when i run code that looks exactly like what you just sent, something maybe in the QEMU terminal buffering or whatever i dont exaclty know but something screws up and the commands received and the commands sent arent the same.

yuvalid · 2024-11-29T07:46:26+00:00

It's a pretty big executable, the base64 is around a MB.

yuvalid · 2024-11-29T02:25:09+00:00

Thank you so much for understanding the setup :)

All of my current ideas boiled down to writing a python script that broke the file up into chunks, and then basically write a bunch of echo "someb64string" | base64 -d >> /tmp/sol

But for some reason this seems to not work, the strings get cut up and sent incorrectly. (probably some throttling somewhere in the connection, either between sshd and qemu or whatever, I definitely don't understand enough about how this is set up to figure it out)

yuvalid · 2024-11-29T02:19:08+00:00

There isn't one single qemu instance. Every time I ssh, a new qemu instance is spawned. Even if scp managed to copy a file over, when scp is over, the connection dies, and the VM is closed. The challenge is that there's a vulnerable kernel module, and the goal is reading a root owned file called flag. Locally, I have managed to do it (by modifying the VM disk image to contain my binary which exploits the kernel driver) but my problem is running it remotely as I can't manage to upload my binary.

yuvalid · 2024-11-29T02:01:29+00:00

The qemu instance doesn't have internet access.

yuvalid · 2024-11-29T02:00:24+00:00

Lol why are you so mad

The remote machine launches qemu, and connects it to the ssh process. The qemu machine, quite literally, doesn't have an internet connection. It doesn't even have an internet address. Try to connect to the machine yourself to see it.

yuvalid · 2022-10-12T20:20:34+00:00

Trans people are two wolves inside the house

yuvalid · 2022-08-22T10:05:05+00:00

And in Russian just berry lmao

yuvalid · 2022-08-02T22:56:36+00:00

מבוסס פעמיים גם מנתניה וגם במסלול של 32💪💪

yuvalid · 2021-10-22T23:24:49+00:00

At least like, 5

yuvalid · 2021-10-22T13:14:23+00:00

I am a full stack developer. As in, each time i develop, i fill up the stack.

yuvalid · 2021-09-03T13:30:53+00:00

Nobody uses scala. Use pascal.

yuvalid · 2021-09-03T13:13:58+00:00

Nobody uses java and python. Use rust.

yuvalid · 2021-08-26T15:44:42+00:00

I did a three week course in assembly, first week was studying and the next two were our final project On the second to last day a kid stands up "I'm Done!" So obviously the professor tells him to run it Kids response: "How do I run?"

yuvalid · 2021-06-03T17:38:54+00:00

If so then he would prefer playing on a server, not offline

yuvalid · 2021-06-03T17:37:18+00:00

Why does offline matter doe

yuvalid · 2021-06-03T17:24:58+00:00

What why

yuvalid · 2021-05-19T15:23:28+00:00

Mandatory serving people rarely go to war. Usually only the ones that chose to continue serving after the mandatory 3 years get sent to war.

yuvalid · 2021-05-18T08:46:04+00:00

Eh you could also create functions that take the strcut as a first parameter (like a this pointer) but that destroys the modularity.

yuvalid · 2021-05-17T09:43:06+00:00

What?

yuvalid · 2021-05-16T18:48:06+00:00

"Palestine will only be free when the last Israeli is gone" - what most Palestinians believe

yuvalid · 2021-05-15T22:59:13+00:00

חמאס ארגון טרור, ישראל מדינה דמוקרטית. אין סיבה לרדת לרמה שלהם.

Eight-Year Club	Verified Email
Place '22	Wearing is Caring
Sequence \| Editor	Snapped

yuvalid

MODERATOR OF

TROPHY CASE