3 Commits

Author SHA1 Message Date
Leo
11db56b542 add stuff to a1 and a3 and first part of a3
All checks were successful
zip and release / build-and-release (push) Successful in 5s
2026-06-19 11:18:41 +02:00
Unbreathable
accdaadc5b feat: sheet8 a2 2026-06-17 11:42:39 +02:00
Unbreathable
a017760d12 feat: sheet8 a1 2026-06-17 11:12:24 +02:00
3 changed files with 79 additions and 0 deletions

21
sheet08/a1.txt Normal file
View File

@@ -0,0 +1,21 @@
I used the simplest trick in the book. Since we have btop installed (a more advanced and pretty version of tools like top or htop), I was just able to run "btop" to get into its interface.
From there, you can see which CPU the system is using in the top right. Since it's a EPYC CPU, but we only have 2 threads, it goes without saying that we're in a VM since there is no AMD EPYC CPU with only 1 core with 2 threads.
Alternatively:
12:55:11 leo@group-20 ~ → hostnamectl
Static hostname: group-20.internal
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: 471f9f9a79d9821160cd1849069e648a
Boot ID: 3621b630db6a4e0f8b8ba3269550325a
Virtualization: kvm
Operating System: Ubuntu 24.04.4 LTS
Kernel: Linux 6.8.0-111-generic
Architecture: x86-64
Hardware Vendor: QEMU
Hardware Model: Standard PC _Q35 + ICH9, 2009_
Firmware Version: 2024.02-2ubuntu0.8
Firmware Date: Wed 2025-12-10
Firmware Age: 6month 1w

49
sheet08/a2.txt Normal file

File diff suppressed because one or more lines are too long

9
sheet08/a3.txt Normal file
View File

@@ -0,0 +1,9 @@
• Passing passwords via command line arguments:
Benefits: fast and easy to type out for quick testing.
Drawbacks: Highly insecure. Passwords are saved in the .bash_history and are fully visible to any other user running the `ps` command. They also leak through `docker inspect`
• Passing passwords via an environment variable:
Benefits: Better than CLI arguments because they hide the secret from the ps process list.
Drawbacks: Still exposed. Anyone with access to docker can view them using `docker inspect`.
• Passing passwords via a file:
Benefits: The secrets do not show up in the `ps` process list or in the docker inspect metadata. Access to the file on the host can also be limited using chmod.
Drawbacks: Leaves a plaintext file on the physical hard drive, requiring manual cleanup.