As it wipes its presence after execution it is difficult to be detected after execution. It was created by Z-Labs. This means that the attacker can create a user and password hash on their device and then append that user into the /etc/passwd file with root access and that have compromised the device to the root level. 2 Answers Sorted by: 21 It could be that your script is producing output to stdout and stderr, and you are only getting one of those streams output to your log file. wife is bad tempered and always raise voice to ask me to do things in the house hold. 8. But I still don't know how. I found out that using the tool called ansi2html.sh. LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. We can see that the target machine is vulnerable to CVE 2021-3156, CVE 2018-18955, CVE 2019-18634, CVE, 2019-15666, CVE 2017-0358 and others. Make folders without leaving Command Prompt with the mkdir command. any idea how to capture the winpeas output to a file like we do in linpeas -a > linpeas.txt 1 Qwerty793r 1 yr. ago If you google powershell commands or cli commands to output data to file, there will be a few different ways you can do this. Edit your question and add the command and the output from the command. Tiki Wiki 15.1 unrestricted file upload, Decoder (Windows pentesting) It also checks for the groups with elevated accesses. I ended up upgrading to a netcat shell as it gives you output as you go. Have you tried both the 32 and 64 bit versions? 1. Exploit code debugging in Metasploit /*# sourceMappingURL=https://www.redditstatic.com/desktop2x/chunkCSS/IdCard.ea0ac1df4e6491a16d39_.css.map*/._2JU2WQDzn5pAlpxqChbxr7{height:16px;margin-right:8px;width:16px}._3E45je-29yDjfFqFcLCXyH{margin-top:16px}._13YtS_rCnVZG1ns2xaCalg{font-family:Noto Sans,Arial,sans-serif;font-size:14px;font-weight:400;line-height:18px;display:-ms-flexbox;display:flex}._1m5fPZN4q3vKVg9SgU43u2{margin-top:12px}._17A-IdW3j1_fI_pN-8tMV-{display:inline-block;margin-bottom:8px;margin-right:5px}._5MIPBF8A9vXwwXFumpGqY{border-radius:20px;font-size:12px;font-weight:500;letter-spacing:0;line-height:16px;padding:3px 10px;text-transform:none}._5MIPBF8A9vXwwXFumpGqY:focus{outline:unset} HacknPentest It is a rather pretty simple approach. This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. Last edited by pan64; 03-24-2020 at 05:22 AM. Hence, we will transfer the script using the combination of python one-liner on our attacker machine and wget on our target machine. cannondale supersix evo ultegra price; python projects for devops; 1985 university of texas baseball roster; what is the carbon cycle diagram? How to upload Linpeas/Any File from Local machine to Server. Read it with less -R to see the pretty colours. Is there a single-word adjective for "having exceptionally strong moral principles"? By default, sort will arrange the data in ascending order. The Red color is used for identifing suspicious configurations that could lead to PE: Here you have an old linpe version script in one line, just copy and paste it;), The color filtering is not available in the one-liner (the lists are too big). It upgrades your shell to be able to execute different commands. When reviewing their exam report, we found that a portion of the exploit chain they provided was considered by us . The file receives the same display representation as the terminal. It asks the user if they have knowledge of the user password so as to check the sudo privilege. It is fast and doesnt overload the target machine. How do I tell if a file does not exist in Bash? ./my_script.sh | tee log.txt will indeed output everything to the terminal, but will only dump stdout to the logfile. I know I'm late to the party, but this prepends, do you know if there's a way to do this with. . To get the script manual you can type man script: In the RedHat/Rocky/CentOS family, the ansi2html utility does not seem to be available (except for Fedora 32 and up). So I've tried using linpeas before. Thanks -- Regarding your last line, why not, How Intuit democratizes AI development across teams through reusability. When enumerating the Cron Jobs, it found the cleanup.py that we discussed earlier. Better yet, check tasklist that winPEAS isnt still running. It was created by, Time to get suggesting with the LES. The goal of this script is to search for possible Privilege Escalation Paths. An equivalent utility is ansifilter from the EPEL repository. We will use this to download the payload on the target system. Hence, doing this task manually is very difficult even when you know where to look. Output to file $ linpeas -a > /dev/shm/linpeas.txt $ less -r /dev/shm/linpeas.txt Options-h To show this message-q Do not show banner-a All checks (1min of processes and su brute) - Noisy mode, for CTFs mainly-s SuperFast (don't check some time consuming checks) - Stealth mode-w Didn't answer my question in the slightest. How to redirect and append both standard output and standard error to a file with Bash, How to change the output color of echo in Linux. chmod +x linpeas.sh; We can now run the linpeas.sh script by running the following command on the target: ./linpeas.sh -o SysI The SysI option is used to restrict the results of the script to only system information. LinPEAS uses colors to indicate where does each section begin. In the beginning, we run LinPEAS by taking the SSH of the target machine and then using the curl command to download and run the LinPEAS script. Is there a way to send all shell script output to both the terminal and a logfile, *plus* any text entered by the user? This can enable the attacker to refer these into the GTFOBIN and find a simple one line to get root on the target machine. Example 3: https://www.reddit.com/r/Christians/comments/7tq2kb/good_verses_to_relate_to_work_unhappiness/, Quote: "any good verses to encourage people who finds no satisfaction or achievement in their work and becomes unhappy?". This means that the output may not be ideal for programmatic processing unless all input objects are strings. One of the best things about LinPEAS is that it doesnt have any dependency. What can a lawyer do if the client wants him to be acquitted of everything despite serious evidence? To subscribe to this RSS feed, copy and paste this URL into your RSS reader. This script has 3 levels of verbosity so that the user can control the amount of information you see. In linpeas output, i found a port binded to the loopback address(127.0.0.1:8080). Here, LinPEAS have shown us that the target machine has SUID permissions on find, cp and nano. It was created by, File Transfer Cheatsheet: Windows and Linux, Linux Privilege Escalation: DirtyPipe (CVE 2022-0847), Windows Privilege Escalation: PrintNightmare. ls chmod +x linpeas.sh Scroll down to the " Interesting writable files owned by me or writable by everyone (not in Home) " section of the LinPEAS output. We can also see that the /etc/passwd is writable which can also be used to create a high privilege user and then use it to login in onto the target machine. Don't mind the 40 year old loser u/s802645, as he is projecting his misery onto this sub-reddit because he is miserable at home with his wife. In order to fully own our target we need to get to the root level. - YouTube UPLOADING Files from Local Machine to Remote Server1. Appreciate it. The tee utility supports colours, so you can pipe it to see the command progress: script -q /dev/null mvn dependency:tree | tee mvn-tree.colours.txt. If you come with an idea, please tell me. Heres one after I copied over the HTML-formatted colours to CherryTree: Ive tested that winPEAS works on Windows 7 6.1 Build 7601 and Windows Server 2016 Build 14393. Redoing the align environment with a specific formatting. What video game is Charlie playing in Poker Face S01E07? How do I execute a program or call a system command? Tips on simple stack buffer overflow, Writing deb packages I've taken a screen shot of the spot that is my actual avenue of exploit. If you are running WinPEAS inside a Capture the Flag Challenge then doesnt shy away from using the -a parameter. Example: scp. Source: github Privilege Escalation Privilege escalation involved exploiting a bug, design flaw or misconfiguration to gain elevated access and perform unauthorized actions. All this information helps the attacker to make the post exploit against the machine for getting the higher-privileged shell. Am I doing something wrong? ._3Z6MIaeww5ZxzFqWHAEUxa{margin-top:8px}._3Z6MIaeww5ZxzFqWHAEUxa ._3EpRuHW1VpLFcj-lugsvP_{color:inherit}._3Z6MIaeww5ZxzFqWHAEUxa svg._31U86fGhtxsxdGmOUf3KOM{color:inherit;fill:inherit;padding-right:8px}._3Z6MIaeww5ZxzFqWHAEUxa ._2mk9m3mkUAeEGtGQLNCVsJ{font-family:Noto Sans,Arial,sans-serif;font-size:14px;font-weight:400;line-height:18px;color:inherit} Earlier today a student shared with the infosec community that they failed their OSCP exam because they used a popular Linux enumeration tool called linPEAS.. linPEAS is a well-known enumeration script that searches for possible paths to escalate privileges on Linux/Unix* targets.. How to find all files containing specific text (string) on Linux? linux-exploit-suggester.pl (tutorial here), 1) Grab your IP address. eJPT Say I have a Zsh script and that I would like to let it print output to STDOUT, but also copy (dump) its output to a file in disk. I can see the output on the terminal, but the file log.txt doesn'tseem to be capturing everything (in fact it captures barely anything). It was created by RedCode Labs. The following command uses a couple of curl options to achieve the desired result. Read it with pretty colours on Kali with either less -R or cat. The goal of this script is to search for possible Privilege Escalation Paths (tested in Debian, CentOS, FreeBSD, OpenBSD and MacOS). Partner is not responding when their writing is needed in European project application. Change), You are commenting using your Facebook account. - sudodus Mar 26, 2017 at 14:41 @M.Becerra Yes, and then using the bar in the right I scroll to the very top but that's it. Download Web streams with PS, Async HTTP client with Python You should be able to do this fine, but we can't help you because you didn't tell us what happened, what error you got, or anything about why you couldn't run this command. UNIX is a registered trademark of The Open Group. The official repo doesnt have compiled binaries, you can compile it yourself (which I did without any problems) or get the binaries here compiled by carlos (author of winPEAS) or more recently here. Discussion about hackthebox.com machines! Invoke it with all, but not full (because full gives too much unfiltered output). Also, we must provide the proper permissions to the script in order to execute it. In the beginning, we run LinPEAS by taking the SSH of the target machine. It exports and unset some environmental variables during the execution so no command executed during the session will be saved in the history file and if you dont want to use this functionality just add a -n parameter while exploiting it. But now take a look at the Next-generation Linux Exploit Suggester 2. If you google powershell commands or cli commands to output data to file, there will be a few different ways you can do this. Is it suspicious or odd to stand by the gate of a GA airport watching the planes? The Red/Yellow color is used for identifing configurations that lead to PE (99% sure). In the picture I am using a tunnel so my IP is 10.10.16.16. The Out-File cmdlet gives you control over the output that PowerShell composes and sends to the file. Heres where it came from. However, when i tried to run the command less -r output.txt, it prompted me if i wanted to read the file despite that it might be a binary. Here we used the getperm -c command to read the SUID bits on nano, cp and find among other binaries. any idea how to capture the winpeas output to a file like we do in linpeas -a > linpeas.txt. Linux Private-i can be defined as a Linux Enumeration or Privilege Escalation tool that performs the basic enumeration steps and displays the results in an easily readable format. It must have execution permissions as cleanup.py is usually linked with a cron job. If you have a firmware and you want to analyze it with linpeas to search for passwords or bad configured permissions you have 2 main options. If the Windows is too old (eg. He has constantly complained about how miserable he is in numerous sub-reddits, as seen in: example 1: https://www.reddit.com/r/Christianity/comments/ewhzls/bible_verse_for_husband_and_wife/, and example 2: https://www.reddit.com/r/AskReddit/comments/8fy0cr/how_do_you_cope_with_wife_that_scolds_you_all_the/._3K2ydhts9_ES4s9UpcXqBi{display:block;padding:0 16px;width:100%} You can use the -Encoding parameter to tell PowerShell how to encode the output. Or if you have got the session through any other exploit then also you can skip this section. Keep projecting you simp. It will activate all checks. We tap into this and we are able to complete, How to Use linPEAS.sh and linux-exploit-suggester.pl, Spam on Blogger (Anatomy of SPAM comments). This one-liner is deprecated (I'm not going to update it any more), but it could be useful in some cases so it will remain here. Asking for help, clarification, or responding to other answers. /*# sourceMappingURL=https://www.redditstatic.com/desktop2x/chunkCSS/TopicLinksContainer.3b33fc17a17cec1345d4_.css.map*/, any verse or teachings about love and harmony. Check the Local Linux Privilege Escalation checklist from book.hacktricks.xyz. The script has a very verbose option that includes vital checks such as OS info and permissions on common files, search for common applications while checking versions, file permissions and possible user credentials, common apps: Apache/HTTPD, Tomcat, Netcat, Perl, Ruby, Python, WordPress, Samba, Database Apps: SQLite, Postgres, MySQL/MariaDB, MongoDB, Oracle, Redis, CouchDB, Mail Apps: Postfix, Dovecot, Exim, Squirrel Mail, Cyrus, Sendmail, Courier, Checks Networking info netstat, ifconfig, Basic mount info, crontab and bash history. It supports an Experimental Reporting functionality that can help to export the result of the scan in a readable report format. Connect and share knowledge within a single location that is structured and easy to search. Next, we can view the contents of our sample.txt file. Start here for a quick overview of the site, Detailed answers to any questions you might have, Discuss the workings and policies of this site. I'm having trouble imagining a reason why that "wouldn't work", so I can't even really guess. Transfer Multiple Files. LinPEAS - Linux Privilege Escalation Awesome Script, From less than 1 min to 2 mins to make almost all the checks, Almost 1 min to search for possible passwords inside all the accesible files of the system, 20s/user bruteforce with top2000 passwords, 1 min to monitor the processes in order to find very frequent cron jobs, Writable files in interesting directories, SUID/SGID binaries that have some vulnerable version (it also specifies the vulnerable version), SUDO binaries that can be used to escalate privileges in sudo -l (without passwd) (, Writable folders and wilcards inside info about cron jobs, SUID/SGID common binaries (the bin was already found in other machines and searchsploit doesn't identify any vulnerable version), Common names of users executing processes. I found a workaround for this though, which us to transfer the file to my Windows machine and "type" it. LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. Find the latest versions of all the scripts and binaries in the releases page. eCIR It was created by Carlos P. It was made with a simple objective that is to enumerate all the possible ways or methods to Elevate Privileges on a Linux System. If echoing is not desirable, script -q -c "vagrant up" filename > /dev/null will write it only to the file. Last but not least Colored Output. It was created by, Keep away the dumb methods of time to use the Linux Smart Enumeration. Reading winpeas output I ran winpeasx64.exe on Optimum and was able to transfer it to my kali using the impacket smbserver script. If you preorder a special airline meal (e.g. Fill in your details below or click an icon to log in: You are commenting using your WordPress.com account. We see that the target machine has the /etc/passwd file writable. How do I check if a directory exists or not in a Bash shell script? Replacing broken pins/legs on a DIP IC package, Recovering from a blunder I made while emailing a professor. I have family with 2 kids under the age of 2 (baby #2 coming a week after the end of my 90 day labs) - passing the OSCP is possible with kids. The difference between the phonemes /p/ and /b/ in Japanese. This doesn't work - at least with with the script from bsdutils 1:2.25.2-6 on debian. Already watched that. Now we can read about these vulnerabilities and use them to elevate privilege on the target machine. Is the most simple way to export colorful terminal data to html file. I'm trying to use tee to write the output of vagrant to a file, this way I can still see the output (when it applies). XP) then theres winPEAS.bat instead. In that case you can use LinPEAS to hosts dicovery and/or port scanning. I did this in later boxes, where its better to not drop binaries onto targets to avoid Defender. A place to work together building our knowledge of Cyber Security and Automation. Keep away the dumb methods of time to use the Linux Smart Enumeration. The people who dont like to get into scripts or those who use Metasploit to exploit the target system are in some cases ended up with a meterpreter session. LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix* hosts, https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist, https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits, https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version, https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes, https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs, https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-jobs, https://book.hacktricks.xyz/linux-unix/privilege-escalation#internal-open-ports, https://book.hacktricks.xyz/linux-unix/privilege-escalation#groups, https://book.hacktricks.xyz/linux-unix/privilege-escalation#commands-with-sudo-and-suid-commands, https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe, https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88#pass-the-ticket-ptt, https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions, https://book.hacktricks.xyz/linux-unix/privilege-escalation#etc-ld-so-conf-d, https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities, https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation, https://book.hacktricks.xyz/linux-unix/privilege-escalation#read-sensitive-data, https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files, https://www.aldeid.com/w/index.php?title=LinPEAS&oldid=35120. This means we need to conduct privilege escalation. Normally I keep every output log in a different file too. A good trick when running the full scan is to redirect the output of PEAS to a file for quick parsing of common vulnerabilities using grep. This page was last edited on 30 April 2020, at 09:25. ./my_script.sh | tee log.txt will indeed output everything to the terminal, but will only dump stdout to the logfile. half up half down pigtails We discussed the Linux Exploit Suggester. i would also flare up just because of this", Quote: "how do you cope with wife that scolds you all the time and everything the husband do is wrong and she is always right ?". Port 8080 is mostly used for web 1. Also try just running ./winPEAS.exe without anything else and see if that works, if it does then work on adding the extra commands. Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. I was trying out some of the solutions listed here, and I also realized you could do it with the echo command and the -e flag. A check shows that output.txt appears empty, But you can check its still being populated. Thanks for contributing an answer to Stack Overflow! Intro to Ansible This application runs at root level. Pentest Lab. I ran into a similar issue.. it hangs and runs in the background.. after a few minutes will populate if done right. Example, Also You would have to be acquainted with the terminal colour codes, Using a named pipe can also work to redirect all output from the pipe with colors to another file, each command line redirect it to the pipe as follows, In another terminal redirect all messages from the pipe to your file. linpeas output to filehow old is ashley shahahmadi. LinPEAS can be executed directly from GitHub by using the curl command. I want to use it specifically for vagrant (it may change in the future, of course). LinPEAS also checks for various important files for write permissions as well. You will get a session on the target machine. Linux Privilege Escalation Linux Permissions Manual Enumeration Automated Tools Kernel Exploits Passwords and File Permissions SSH Keys Sudo SUID Capabilities Cron Jobs NFS Root Squashing Docker GNU C Library Exim Linux Privilege Escalation Course Capstone Windows Privilege Escalation Post Exploitation Pivoting Active Directory (AD) At other times, I need to review long text files with lists of items on them to see if there are any unusual names. .s5ap8yh1b4ZfwxvHizW3f{color:var(--newCommunityTheme-metaText);padding-top:5px}.s5ap8yh1b4ZfwxvHizW3f._19JhaP1slDQqu2XgT3vVS0{color:#ea0027} "We, who've been connected by blood to Prussia's throne and people since Dppel", Partner is not responding when their writing is needed in European project application, A limit involving the quotient of two sums. https://m.youtube.com/watch?v=66gOwXMnxRI. Additionally, we can also use tee and pipe it with our echo command: On macOS, script is from the BSD codebase and you can use it like so: script -q /dev/null mvn dependency:tree mvn-tree.colours.txt, It will run mvn dependency:tree and store the coloured output into mvn-tree.colours.txt. So, if we write a file by copying it to a temporary container and then back to the target destination on the host. Recipe for Root (priv esc blog) it will just send STDOUT to log.txt, but what if I want to also be able to see the output in the terminal? So it's probably a matter of telling the program in question to use colours anyway. LinEnum is a shell script that works in order to extract information from the target machine about elevating privileges. GTFOBins. The basic working of the LES starts with generating the initial exploit list based on the detected kernel version and then it checks for the specific tags for each exploit. Heres an example from Hack The Boxs Shield, a free Starting Point machine. are installed on the target machine. It is not totally important what the picture is showing, but if you are curious there is a cron job that runs an application called "screen." Jealousy, perhaps? ._1EPynDYoibfs7nDggdH7Gq{margin-bottom:8px;position:relative}._1EPynDYoibfs7nDggdH7Gq._3-0c12FCnHoLz34dQVveax{max-height:63px;overflow:hidden}._1zPvgKHteTOub9dKkvrOl4{font-family:Noto Sans,Arial,sans-serif;font-size:14px;line-height:21px;font-weight:400;word-wrap:break-word}._1dp4_svQVkkuV143AIEKsf{-ms-flex-align:baseline;align-items:baseline;background-color:var(--newCommunityTheme-body);bottom:-2px;display:-ms-flexbox;display:flex;-ms-flex-flow:row nowrap;flex-flow:row nowrap;padding-left:2px;position:absolute;right:-8px}._5VBcBVybCfosCzMJlXzC3{font-family:Noto Sans,Arial,sans-serif;font-size:14px;font-weight:400;line-height:21px;color:var(--newCommunityTheme-bodyText)}._3YNtuKT-Is6XUBvdluRTyI{position:relative;background-color:0;color:var(--newCommunityTheme-metaText);fill:var(--newCommunityTheme-metaText);border:0;padding:0 8px}._3YNtuKT-Is6XUBvdluRTyI:before{content:"";position:absolute;top:0;left:0;width:100%;height:100%;border-radius:9999px;background:var(--newCommunityTheme-metaText);opacity:0}._3YNtuKT-Is6XUBvdluRTyI:hover:before{opacity:.08}._3YNtuKT-Is6XUBvdluRTyI:focus{outline:none}._3YNtuKT-Is6XUBvdluRTyI:focus:before{opacity:.16}._3YNtuKT-Is6XUBvdluRTyI._2Z_0gYdq8Wr3FulRLZXC3e:before,._3YNtuKT-Is6XUBvdluRTyI:active:before{opacity:.24}._3YNtuKT-Is6XUBvdluRTyI:disabled,._3YNtuKT-Is6XUBvdluRTyI[data-disabled],._3YNtuKT-Is6XUBvdluRTyI[disabled]{cursor:not-allowed;filter:grayscale(1);background:none;color:var(--newCommunityTheme-metaTextAlpha50);fill:var(--newCommunityTheme-metaTextAlpha50)}._2ZTVnRPqdyKo1dA7Q7i4EL{transition:all .1s linear 0s}.k51Bu_pyEfHQF6AAhaKfS{transition:none}._2qi_L6gKnhyJ0ZxPmwbDFK{transition:all .1s linear 0s;display:block;background-color:var(--newCommunityTheme-field);border-radius:4px;padding:8px;margin-bottom:12px;margin-top:8px;border:1px solid var(--newCommunityTheme-canvas);cursor:pointer}._2qi_L6gKnhyJ0ZxPmwbDFK:focus{outline:none}._2qi_L6gKnhyJ0ZxPmwbDFK:hover{border:1px solid var(--newCommunityTheme-button)}._2qi_L6gKnhyJ0ZxPmwbDFK._3GG6tRGPPJiejLqt2AZfh4{transition:none;border:1px solid var(--newCommunityTheme-button)}.IzSmZckfdQu5YP9qCsdWO{cursor:pointer;transition:all .1s linear 0s}.IzSmZckfdQu5YP9qCsdWO ._1EPynDYoibfs7nDggdH7Gq{border:1px solid transparent;border-radius:4px;transition:all .1s linear 0s}.IzSmZckfdQu5YP9qCsdWO:hover ._1EPynDYoibfs7nDggdH7Gq{border:1px solid var(--newCommunityTheme-button);padding:4px}._1YvJWALkJ8iKZxUU53TeNO{font-size:12px;font-weight:700;line-height:16px;color:var(--newCommunityTheme-button)}._3adDzm8E3q64yWtEcs5XU7{display:-ms-flexbox;display:flex}._3adDzm8E3q64yWtEcs5XU7 ._3jyKpErOrdUDMh0RFq5V6f{-ms-flex:100%;flex:100%}._3adDzm8E3q64yWtEcs5XU7 .dqhlvajEe-qyxij0jNsi0{color:var(--newCommunityTheme-button)}._3adDzm8E3q64yWtEcs5XU7 ._12nHw-MGuz_r1dQx5YPM2v,._3adDzm8E3q64yWtEcs5XU7 .dqhlvajEe-qyxij0jNsi0{font-size:12px;font-weight:700;line-height:16px;cursor:pointer;-ms-flex-item-align:end;align-self:flex-end;-webkit-user-select:none;-ms-user-select:none;user-select:none}._3adDzm8E3q64yWtEcs5XU7 ._12nHw-MGuz_r1dQx5YPM2v{color:var(--newCommunityTheme-button);margin-right:8px;color:var(--newCommunityTheme-errorText)}._3zTJ9t4vNwm1NrIaZ35NS6{font-family:Noto Sans,Arial,sans-serif;font-size:14px;line-height:21px;font-weight:400;word-wrap:break-word;width:100%;padding:0;border:none;background-color:transparent;resize:none;outline:none;cursor:pointer;color:var(--newRedditTheme-bodyText)}._2JIiUcAdp9rIhjEbIjcuQ-{resize:none;cursor:auto}._2I2LpaEhGCzQ9inJMwliNO,._42Nh7O6pFcqnA6OZd3bOK{display:inline-block;margin-left:4px;vertical-align:middle}._42Nh7O6pFcqnA6OZd3bOK{fill:var(--newCommunityTheme-button);color:var(--newCommunityTheme-button);height:16px;width:16px;margin-bottom:2px} wechat send message to yourself, square d catalog number lookup,