You face a cryptic error. It doesn’t make sense. You changed one URL to point at a different repository in the installation script and now the installer failed saying the repository isn’t trusted.
Check the source code. Find the section you changed, no the key was set right before this line and your repository mirror would use the same key.
Go onto the target system itself, sure enough the key isn’t present. Check if you manually add it do things work?
They do. OK, now we need to figure out why the code block isn’t being executed. This is a bash script and it looks like the URL substitution code added the wrong whitespace at the front.
Then you remember yes, whitespace can be wrong. Think you have spaces, when it could be a tab. Miss some little dots and it might be unprintable ASCII characters. They look fine in the text editor but wreak havoc on the parser.
Go back to the regex and determine what is matching and not substituting correctly…
If this sounds familiar you may be sucked into technical troubleshooting. Every new problem encountered pushes things down the stack another layer as you focus on the new problem.
“I need to complete this quick task…the main server isn’t accessible.”
“No biggie, I’ll use the cli tool…oh it has a broken dependency”
“Ok, I’ll update things…oops, networking is broken entirely”
“No, problem I have an alternate, hang on need to get to my password manager.”
If you go more than three layers deep without making progress, it is time to go back to the original problem. Otherwise you fall into the depth-first search trap and might end up spending all of your time on some obscure technical problem that doesn’t matter.
With red teaming, this is quite common as young pentesters have lots of technical chops and think every problem has a technical solution…they may but at what cost? This is a first principle of influence energy, what is the lowest-cost method to achieve a goal. Sometimes deep dives are needed, but you must always evaluate other options first and prioritize simplicity.
Leave a Reply