[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exploit

On 2001-06-09, Tomasz Olszewski wrote:

>Could you please tell me how I can prevent from following exploit:

 Do you really think it's an 'exploit'? ;>

shasta@quasimodo admin$ cat l33t.sh
echo "1|nux r007 3xp10|7 by 1c4m7uf"
cd /tmp
cat >ex.c <<eof
int getuid() { return 0; }
int geteuid() { return 0; }
int getgid() { return 0; }
int getegid() { return 0; }
gcc -shared ex.c -oex.so
LD_PRELOAD=/tmp/ex.so sh
rm /tmp/ex.so /tmp/ex.c

shasta@quasimodo admin$ ./l33t.sh
1|nux r007 3xp10|7 by 1c4m7uf

sh-2.03# id
uid=0(root) gid=0(root) groups=4(adm),10(wheel),80(network),98(proc)

(okay, some think we're r00t now, but... ;)

sh-2.03# cat /etc/shadow
cat: /etc/shadow: Permission denied
sh-2.03# cd /root
sh: cd: /root: Permission denied

 So. How can you mess up anything using this 3xp10|7? ;>


(0>  Jakub Jankowski  [url]: s.atn.pl   "Beauty is skin deep;
//\   shasta@IRCnet   [uin]: 70171776    ugly goes right
V_/_  shasta@irc.pl  [cell]: 502110186   to the bone."

Reply to: