Re: Exploit
On 2001-06-09, Tomasz Olszewski wrote:
>Could you please tell me how I can prevent from following exploit:
Do you really think it's an 'exploit'? ;>
shasta@quasimodo admin$ cat l33t.sh
#!/bin/sh
echo "1|nux r007 3xp10|7 by 1c4m7uf"
cd /tmp
cat >ex.c <<eof
int getuid() { return 0; }
int geteuid() { return 0; }
int getgid() { return 0; }
int getegid() { return 0; }
eof
gcc -shared ex.c -oex.so
LD_PRELOAD=/tmp/ex.so sh
rm /tmp/ex.so /tmp/ex.c
shasta@quasimodo admin$ ./l33t.sh
1|nux r007 3xp10|7 by 1c4m7uf
sh-2.03# id
uid=0(root) gid=0(root) groups=4(adm),10(wheel),80(network),98(proc)
(okay, some think we're r00t now, but... ;)
sh-2.03# cat /etc/shadow
cat: /etc/shadow: Permission denied
sh-2.03# cd /root
sh: cd: /root: Permission denied
So. How can you mess up anything using this 3xp10|7? ;>
s.
--
(0> Jakub Jankowski [url]: s.atn.pl "Beauty is skin deep;
//\ shasta@IRCnet [uin]: 70171776 ugly goes right
V_/_ shasta@irc.pl [cell]: 502110186 to the bone."
Reply to:
- Follow-Ups:
- Re: Exploit
- From: Tomasz Olszewski <caster@3miasto.net>
- References:
- Exploit
- From: Tomasz Olszewski <caster@3miasto.net>